[NDR-71] Enhance Terraform Plan output logging by redirecting stderr to capture errors in plan and show commands

MatthewMoore-NHS · MatthewMoore-NHS · commit c7ccb084d7b7 · 2025-05-13T11:44:57.000+01:00
diff --git a/.github/workflows/terraform-dev-to-main-ci.yml b/.github/workflows/terraform-dev-to-main-ci.yml
@@ -70,8 +70,8 @@ jobs:
     - name: Terraform Plan
       id: plan
       run: |
-        terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
-        terraform show -no-color tf.plan > tfplan.txt
+        terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan > plan_output.txt 2>&1
+        terraform show -no-color tf.plan > tfplan.txt > 2>&1
         
         # Mask sensitive URLs in the Terraform Plan output
         grep -Eo 'https://[a-zA-Z0-9.-]+\.execute-api\.[a-zA-Z0-9.-]+\.amazonaws\.com/[a-zA-Z0-9/._-]*' tfplan.txt | while read -r api_url; do
@@ -101,6 +101,9 @@ jobs:
         # Mask Terraform variables
         echo "::add-mask::${{ vars.TF_VARS_FILE }}"
 
+        # Output the sanitized plan to logs
+        cat plan_output.txt
+
         echo "summary=$(grep -E 'Plan: [0-9]+ to add, [0-9]+ to change, [0-9]+ to destroy\.|No changes\. Your infrastructure matches the configuration\.' tfplan.txt | sed 's/.*No changes\. Your infrastructure matches the configuration/Plan: no changes/g' | sed 's/.*Plan: //g' | sed 's/\..*//g')" >> $GITHUB_OUTPUT
       working-directory: ./infrastructure
       shell: bash
