FR: allow files to be changed without plan/apply

drevell commented 4 months ago

As a codebase maintainer, I want to be able to make changes to a terraform directory that is already out of sync with production without triggering a terraform apply.

Suppose we want to add a comment to every TF file in a repo (which has happened), or other codebase maintenance that is a no-op for the terraform resources created. Currently, we cannot touch a directory without triggering plan and apply.

Some ways this could work:

Kinda ugly, but the PR description could be parsed for special lines like GUARDIAN_IGNORE=[my/dir,my/other/dir]
Some kind of metadata/annotation on the PR? I don't think this exists though.

sethvargo commented 4 months ago

This already exists by proxy of GitHub Actions: https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs

verbanicm commented 4 months ago

This already exists by proxy of GitHub Actions: https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs

This wont work because we use pull_request_target for Guardian see here.

sethvargo commented 4 months ago

We should probably adopt the same format and semantics then, with our own check.

abcxyz / guardian

FR: allow files to be changed without plan/apply #324