From 1a5921d9b06c7a36cf86b16f7f618f736adf0efe Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 11 Jun 2026 23:21:51 +1000 Subject: [PATCH] feat: only run apply when plan detects changes --- .woodpecker/apply.yaml | 3 +-- Makefile | 13 +++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.woodpecker/apply.yaml b/.woodpecker/apply.yaml index 36986f1..112d696 100644 --- a/.woodpecker/apply.yaml +++ b/.woodpecker/apply.yaml @@ -9,8 +9,7 @@ steps: VAULT_AUTH_METHOD: kubernetes commands: - dnf install vault -y - - make plan - - make apply + - make apply-if-changes backend_options: kubernetes: serviceAccountName: terraform-git diff --git a/Makefile b/Makefile index 640077e..332592c 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,19 @@ plan: init @$(call vault_env) && \ terragrunt run --all --parallelism 4 --non-interactive plan +apply-if-changes: init + @$(call vault_env) && \ + terragrunt run --all --parallelism 4 --non-interactive plan -- -detailed-exitcode -out=tfplan; \ + EXIT_CODE=$$?; \ + if [ $$EXIT_CODE -eq 2 ]; then \ + $(call vault_env) && \ + terragrunt run --all --parallelism 2 --non-interactive apply -- tfplan; \ + elif [ $$EXIT_CODE -eq 0 ]; then \ + echo "No changes detected, skipping apply."; \ + else \ + exit $$EXIT_CODE; \ + fi + apply: init @$(call vault_env) && \ terragrunt run --all --parallelism 2 --non-interactive apply