From 968598f8e57170286acd55b8a8d43d5a0490f2cd Mon Sep 17 00:00:00 2001 From: Ivan Pavlovic Date: Thu, 19 Mar 2026 22:50:37 +0100 Subject: [PATCH 1/2] Disable refresh in terraform plan --- .github/actions/graformer/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/graformer/action.yaml b/.github/actions/graformer/action.yaml index 6985e90..64cc579 100644 --- a/.github/actions/graformer/action.yaml +++ b/.github/actions/graformer/action.yaml @@ -73,7 +73,7 @@ runs: TF_CLOUD_ORGANIZATION: ${{ inputs.tfc-organization }} TF_WORKSPACE: ${{ inputs.tfc-workspace }} run: | - terraform plan -no-color -input=false -out=tfplan + terraform plan -no-color -input=false -out=tfplan -refresh=false if [[ "${{ inputs.keep-plan }}" == "true" ]]; then echo "plan-file=$(pwd)/tfplan" >> $GITHUB_OUTPUT fi From e5eea2be9e039caa6932106f903d0b627c304400 Mon Sep 17 00:00:00 2001 From: Ivan Pavlovic Date: Tue, 24 Mar 2026 10:59:19 +0100 Subject: [PATCH 2/2] Add input for refresh flag in graformer action. Set refresh value in caller workflows --- .github/actions/graformer/action.yaml | 5 ++++- .github/workflows/drift-check.yaml | 1 + .github/workflows/promote-imported-configs.yaml | 1 + .github/workflows/tf-apply.yaml | 1 + .github/workflows/tf-plan.yaml | 1 + 5 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/actions/graformer/action.yaml b/.github/actions/graformer/action.yaml index 64cc579..100fe39 100644 --- a/.github/actions/graformer/action.yaml +++ b/.github/actions/graformer/action.yaml @@ -14,6 +14,9 @@ inputs: description: "Whether to keep the plan file after execution (true/false). Default is false." required: false default: "false" + refresh: + description: "Whether to refresh state before running plan (true/false). Set to true for drift detection." + required: true outputs: plan-exitcode: description: "Plan detailed exit code (0 - success, empty diff; 1 - error; 2 - success, non-empty diff)" @@ -73,7 +76,7 @@ runs: TF_CLOUD_ORGANIZATION: ${{ inputs.tfc-organization }} TF_WORKSPACE: ${{ inputs.tfc-workspace }} run: | - terraform plan -no-color -input=false -out=tfplan -refresh=false + terraform plan -no-color -input=false -out=tfplan -refresh=${{ inputs.refresh }} if [[ "${{ inputs.keep-plan }}" == "true" ]]; then echo "plan-file=$(pwd)/tfplan" >> $GITHUB_OUTPUT fi diff --git a/.github/workflows/drift-check.yaml b/.github/workflows/drift-check.yaml index 43ced96..acee8b8 100644 --- a/.github/workflows/drift-check.yaml +++ b/.github/workflows/drift-check.yaml @@ -43,6 +43,7 @@ jobs: tfc-token: ${{ secrets.tfc_token }} tfc-organization: ${{ inputs.tfc_org }} tfc-workspace: ${{ vars.WORKSPACE }} + refresh: 'true' # 0 for green plan no changes, 2 for green plan with changes - name: Inspect drift diff --git a/.github/workflows/promote-imported-configs.yaml b/.github/workflows/promote-imported-configs.yaml index 675e323..7adc7a8 100644 --- a/.github/workflows/promote-imported-configs.yaml +++ b/.github/workflows/promote-imported-configs.yaml @@ -62,6 +62,7 @@ jobs: tfc-organization: ${{ inputs.tfc_org }} tfc-workspace: ${{ vars.WORKSPACE }} keep-plan: 'true' + refresh: 'false' - name: Run Terraform apply if: steps.graformer.outputs.plan-exitcode == '2' diff --git a/.github/workflows/tf-apply.yaml b/.github/workflows/tf-apply.yaml index fab3cfd..5ffe04b 100644 --- a/.github/workflows/tf-apply.yaml +++ b/.github/workflows/tf-apply.yaml @@ -51,6 +51,7 @@ jobs: tfc-organization: ${{ inputs.tfc_org }} tfc-workspace: ${{ vars.WORKSPACE }} keep-plan: 'true' + refresh: 'false' - name: Run Terraform apply if: steps.graformer.outputs.plan-exitcode == '2' diff --git a/.github/workflows/tf-plan.yaml b/.github/workflows/tf-plan.yaml index 83fb82a..9d52271 100644 --- a/.github/workflows/tf-plan.yaml +++ b/.github/workflows/tf-plan.yaml @@ -82,6 +82,7 @@ jobs: tfc-token: ${{ secrets.tfc_token }} tfc-organization: ${{ inputs.tfc_org }} tfc-workspace: ${{ vars.WORKSPACE }} + refresh: 'false' - name: Post plan summary and handle check-run if: always()