[NDR-71] Enhance masking logic in Terraform plan output to handle missing API URLs, Lambda URLs, and AWS account IDs gracefully

Author: MatthewMoore-NHS

.github/workflows/terraform-dev-to-main-ci.yml

@@ -73,17 +73,12 @@ jobs:
         terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
         terraform show -no-color tf.plan > tfplan.txt
         
-
-        echo "0"
-
         # Mask sensitive URLs in the Terraform Plan output
         grep -Eo 'https://[a-zA-Z0-9.-]+\.execute-api\.[a-zA-Z0-9.-]+\.amazonaws\.com/[a-zA-Z0-9/._-]*' tfplan.txt | while read -r api_url; do
           if [ -n "$api_url" ]; then
             echo "::add-mask::$api_url"
           fi
-        done
-
-        echo "1"
+        done || echo "No api URLs found to mask."
 
         # Mask Lambda invocation URLs
         grep -Eo 'https://[a-zA-Z0-9.-]+\.lambda\.amazonaws\.com/[a-zA-Z0-9/._-]+' tfplan.txt | while read -r lambda_url; do
@@ -92,29 +87,20 @@ jobs:
           fi
         done || echo "No Lambda URLs found to mask."
 
-        echo "2"
-
         # Mask AWS account IDs (12-digit numbers)
         grep -Eo '[0-9]{12}' tfplan.txt | while read -r account_id; do
           if [ -n "$account_id" ]; then
             echo "::add-mask::$account_id"
           fi
-        done
-
-        echo "3"
+        done || echo "No Account IDs found to mask."
 
         # Mask GitHub secrets
         echo "::add-mask::${{ secrets.AWS_ASSUME_ROLE }}"
         echo "::add-mask::${{ secrets.GITHUB_TOKEN }}"
 
-        echo "4"
-
-
         # Mask Terraform variables
         echo "::add-mask::${{ vars.TF_VARS_FILE }}"
 
-        echo "5"
-
         echo "summary=$(grep -E 'Plan: [0-9]+ to add, [0-9]+ to change, [0-9]+ to destroy\.|No changes\. Your infrastructure matches the configuration\.' tfplan.txt | sed 's/.*No changes\. Your infrastructure matches the configuration/Plan: no changes/g' | sed 's/.*Plan: //g' | sed 's/\..*//g')" >> $GITHUB_OUTPUT
       working-directory: ./infrastructure
       shell: bash