terraform icon indicating copy to clipboard operation
terraform copied to clipboard
verified publisher icon hashicorp

terraform plan -detailed-exitcode return exit code despite non empty diff

Open Time0o opened this issue 10 months ago • 1 comments

Terraform Version

Terraform v1.10.5

Terraform Configuration Files

variable "remote_ssh_user" {
  description = "SSH user for remote host"
  type        = string
}

variable "remote_ssh_host" {
  description = "Hostname for remote host"
  type        = string
}

variable "remote_ssh_private_key" {
  description = "Path to private key for connecting to remote host"
  type        = string
}

resource "tls_private_key" "vm_ssh_key" {
  algorithm = "ED25519"
}

resource "local_file" "vm_ssh_private_key_file" {
  filename        = "${path.module}/.ssh/id_ed25519"
  content         = tls_private_key.vm_ssh_key.private_key_pem
  file_permission = "0600"
}

terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
    }
  }
}

provider "libvirt" {
  # Remote connection to libvirtd via SSH
  uri = "qemu+ssh://${var.remote_ssh_user}@${var.remote_ssh_host}/system?keyfile=${var.remote_ssh_private_key}"
}

resource "libvirt_volume" "k8s_vm_disk" {
  name = "k8s-vm.qcow2"
  pool = "default"
  size = 10240 # 10 GiB
}

resource "libvirt_cloudinit_disk" "k8s_init" {
  name = "cloud-init.iso"
  user_data = templatefile("${path.module}/cloud-init/k8s.yaml", {
    ssh_public_key = tls_private_key.vm_ssh_key.public_key_openssh
  })
}

resource "libvirt_domain" "k8s_vm" {
  name   = "k8s-vm"
  memory = 2048 # 2 GiB
  vcpu   = 2

  disk {
    volume_id = libvirt_volume.k8s_vm_disk.id
  }

  network_interface {
    network_name = "default"
  }

  cloudinit = libvirt_cloudinit_disk.k8s_init.id
}

Debug Output

...debug output, or link to a gist...

Expected Behavior

tensorflow plan -detailed-exitcode prints:

Plan: 5 to add, 0 to change, 0 to destroy.

And should thus return exit code 2.

Actual Behavior

Exit code 0 is returned.

Steps to Reproduce

  1. terraform init
  2. terraform plan -out plan.tfplan -detailed-exitcode

Additional Context

I am running inside an Ubuntu 22.04 Docker container inside a GH Action workflow and am installing terraform via hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd.

References

No response

Generative AI / LLM assisted development?

No response

Time0o avatar Feb 12 '25 08:02 Time0o

Thanks for this report!

crw avatar Feb 13 '25 18:02 crw

I am unable to reproduce this problem on macOS with any of Terraform versions 1.10.5, 1.11.1, or 1.11.2, but I experience it on the GitHub Actions runners as you describe using version 1.11.2.

This sounds reminiscent of actions/toolkit#1615. The current wrapper program gets the exit code from its call to exec.exec, which @vitorhugods says works fine in https://github.com/actions/toolkit/issues/1615#issuecomment-2079400069.

If I run the hashicorp/setup-terraform action with the terraform_wrapper parameter set to false, it works as expected, yielding the proper nonzero exit codes. That suggests that the wrapper program is either swallowing these nonzero exit codes or failing to retrieve the exit code properly.

[Time passes ....]

Oh, this problem is captured in hashicorp/setup-terraform#328.

seh avatar Mar 25 '25 23:03 seh

Thanks for that update! I'll go ahead and close this issue as the actual problem has been identified in another code repository.

Future viewers please see: https://github.com/hashicorp/setup-terraform/issues/328

crw avatar Jul 09 '25 17:07 crw

This isn't a problem from the action/setup-terraform it's a problem with terraform, even running the command locally the exit code isn't 2 when changes are detected. And this isn't an issue on terraform version 1.9.8

felipebraga avatar Jul 24 '25 14:07 felipebraga

I could not reproduce the issue with a very simple config:

variable "revision" {
  default = 2
}

resource "terraform_data" "replacement" {
  input = var.revision
}

Run init, plan, apply, change the value of default to something else, run terraform plan -detailed-exitcode and you should get exit code 2.

I thought I closed this issue but it looks like I had not. Going to close now, but if you can submit a repro case I'll re-open.

crw avatar Jul 25 '25 19:07 crw

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Aug 25 '25 02:08 github-actions[bot]