From 7e69f6acdbb7a4eb11b062bb20be3bce222008be Mon Sep 17 00:00:00 2001
From: Sunny-Mor <sunnymor830@gmail.com>
Date: Thu, 19 Mar 2026 20:38:42 +0530
Subject: [PATCH] fix: control terraform plan output based on show_plan flag

---
 .github/workflows/tf-checks.yml | 27 +++++++++++++++++++++------
 docs/tf-checks.md               |  4 ++++
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
index 473e173e..6e1a98ce 100644
--- a/.github/workflows/tf-checks.yml
+++ b/.github/workflows/tf-checks.yml
@@ -43,6 +43,11 @@ on:
         type: boolean
         default: false
         description: 'Enable terraform plan step.'
+      show_plan:
+        required: false
+        type: boolean
+        default: true
+        description: 'Show full terraform plan output. If false, only shows summary (e.g. Plan: 4 to add, 1 to change).'
       gcp_credentials:
         required: false
         type: string
@@ -270,20 +275,30 @@ jobs:
           path: ${{ inputs.working_directory }}
 
       - name: 📋 Terraform Plan
-        if: ${{ inputs.enable_plan }}
         id: tf-plan
+        if: ${{ inputs.enable_plan }}
         run: |
           export exitcode=0
           cd ${{ inputs.working_directory }}
+              
           if [ -n "${{ inputs.var_file }}" ]; then
-          terraform plan -detailed-exitcode -no-color -out tfplan --var-file=${{ inputs.var_file }} || export exitcode=$?
+            terraform plan -detailed-exitcode -no-color -out=tfplan --var-file=${{ inputs.var_file }} > plan.txt 2>&1 || exitcode=$?
           else
-          terraform plan -detailed-exitcode -no-color -out tfplan || export exitcode=$?
+            terraform plan -detailed-exitcode -no-color -out=tfplan > plan.txt 2>&1 || exitcode=$?
           fi
-            echo "exitcode=$exitcode" >> $GITHUB_OUTPUT
+              
           if [ $exitcode -eq 1 ]; then
-            echo Terraform Plan Failed!
+            echo "Terraform Plan Failed!"
+            cat plan.txt
             exit 1
+          fi
+              
+          echo "exitcode=$exitcode" >> $GITHUB_OUTPUT
+              
+          if [ "${{ inputs.show_plan }}" == "true" ]; then
+            # Show full plan
+            cat plan.txt
           else
-            exit 0
+            # Show only summary
+            grep -E '^Plan:|^No changes' plan.txt || echo "No changes."
           fi
diff --git a/docs/tf-checks.md b/docs/tf-checks.md
index 268b37c1..ffb4554e 100644
--- a/docs/tf-checks.md
+++ b/docs/tf-checks.md
@@ -47,6 +47,7 @@ jobs:
       working_directory: './examples/complete/'
       provider: 'aws'
       enable_plan: true
+      show_plan: false
       var_file: 'vars/dev.tfvars'
       aws_region: 'us-east-1'
     secrets:
@@ -93,6 +94,7 @@ jobs:
       working_directory: './examples/complete/'
       provider: 'azurerm'
       enable_plan: true
+      show_plan: false
     secrets:
       AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
       GITHUB: ${{ secrets.GITHUB }}
@@ -113,6 +115,7 @@ jobs:
       working_directory: './examples/complete/'
       provider: 'aws'
       enable_plan: true
+      show_plan: false
       aws_region: 'us-east-1'
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -173,6 +176,7 @@ jobs:
 | `terraform_version` | No | Latest | Specific Terraform version to use |
 | `enable_version_check` | No | `false` | Enable min/max version compatibility testing |
 | `enable_plan` | No | `false` | Enable terraform plan step |
+| `show_plan` | No | `true` | Only shows terraform plan summary |
 | `role_duration_seconds` | No | `3600` | AWS role duration in seconds (900-43200) |
 | `project_id` | No | - | GCP project ID |
 | `token_format` | No | `access_token` | GCP token format (`access_token` or `id_token`) |