Allow fail-on-diff regardless of git-push

[charmingnewt]

What problem are you facing?

I am currently using terraform-docs within a larger workflow on pull requests. Because I am using the git-push feature, I would like to have terraform-docs be the first job executed, and only execute subsequent jobs if there is NO push from the terraform-docs job. In order to do this, I need to use both the git-push and fail-on-diff options.

.github/workflows/pull_request.yml

---
name: Pull Request
on:
  pull_request:
    branches:
      - main

jobs:
  terraform-docs:
    uses: ./.github/workflows/terraform-docs.yml
    secrets:
      terraformdocs: ${{ secrets.terraformdocs }}
  linter:
    uses: ./.github/workflows/linter.yml
    needs:
      - terraform-docs
  terratest:
    uses: ./.github/workflows/terratest.yml
    needs:
      - terraform-docs

.github/workflows/terraform-docs.yml

---
name: Terraform Docs
on:
  workflow_call:
    secrets:
      terraformdocs:
        description: 'A token passed from the caller workflow'
        required: true

jobs:
  docs:
    name: Terraform Docs
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          # This PAT is required so the resulting docs push will trigger an additional workflow run.
          token: ${{ secrets.terraformdocs }}
      - name: Terraform Docs
        uses: terraform-docs/gh-actions@v1.0.0
        with:
          git-push-user-email: "terraform-docs-bot@example.com"
          git-push-user-name: "terraform-docs-bot-${{ env.GITHUB_ACTOR }}"
          git-push: "true"
          fail-on-diff: "true"

How could terraform-docs help solve your problem?

I am more than happy to PR if there is appetite from the community for the change. It seems the current logic is:

if [ "${INPUT_GIT_PUSH}" = "true" ]; then
    git_commit
    git push
else
    if [ "${INPUT_FAIL_ON_DIFF}" = "true" ] && [ "${num_changed}" -ne 0 ]; then
        echo "::error ::Uncommitted change(s) has been found!"
        exit 1
    fi
fi

and the desired logic would be something like:

if [ "${INPUT_GIT_PUSH}" = "true" ]; then
    git_commit
    git push
fi
if [ "${INPUT_FAIL_ON_DIFF}" = "true" ] && [ "${num_changed}" -ne 0 ]; then
    echo "::error ::Terraform documentation change(s) has/have been found!"
    exit 1
fi

Thanks for your time.

[charmingnewt]

In the meantime, I've worked around the issue with the following configuration:

name: Terraform Docs
on:
  workflow_call:
    secrets:
      terraformdocs:
        description: 'A token passed from the caller workflow'
        required: true

jobs:
  docs:
    name: Terraform Docs
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          # This PAT is required so the resulting docs push will trigger an additional workflow run.
          token: ${{ secrets.terraformdocs }}
      - name: Record latest author
        run: |
          echo "ORIGINAL_COMMIT_AUTHOR=$(git log -1 --pretty=format:'%ae')" >> "$GITHUB_ENV"
      - name: Terraform Docs
        uses: terraform-docs/gh-actions@v1.0.0
        with:
          git-push: "true"
          git-commit-message: "Terraform Docs Automated Update"
          git-push-user-email: "terraform-docs-bot@example.com"
          git-push-user-name: "terraform-docs-bot-${{ env.GITHUB_ACTOR }}"
      - name: Check for changes
        run: |
          if [[ "$(git log -1 --pretty=format:'%ae')" != "${ORIGINAL_COMMIT_AUTHOR}" ]]
          then
            echo "Changes detected. Failing workflow now to prevent duplicate subsequent steps."
            exit 1
          fi