qol(terraform): Testing hidding non-changes

[Patryk-Kuchta]

Overview

Routine deploys were generating full Terraform plan comments on every PR, causing alert overload. The CI now detects image-tag-only bumps and replaces the wall of plan output with a one-line summary, keeping the full plan collapsed for reference.

JIRA Ticket

No JIRA

Changes

• Image-tag-only plans post a short summary comment instead of the raw plan dump
• Full plan remains available in a collapsed <details> block
• Detection uses three guards: ECS-only resources, no unexpected field changes, no new field additions (e.g. new sidecar containers)

Acceptance Criteria (AC)

• Image-tag-only plan → short summary comment with collapsed full plan
• Any real infra change → full plan comment as before

---

Testing (if applicable)

• Manual: Push to a PR and verify the comment format matches the plan type, then push a modifing change and verify the plan is shown in full.

Notes / Additional Information (optional)

If a new AWS provider version introduces additional metadata fields in image-only plans, add them to the allowedFields allowlist in terraform-plan.yml.

[github-actions]

Terraform Plan

✅ Image tag bump only — deploying commit e14ef01 to all services. No infrastructure changes, no review needed.

Full plan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_ecs_service.backend will be updated in-place
  ~ resource "aws_ecs_service" "backend" {
        id                                 = "arn:aws:ecs:eu-west-2:929514686841:service/development-app/development-backend"
        name                               = "development-backend"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-west-2:929514686841:task-definition/backend-development:72" -> (known after apply)
        # (19 unchanged attributes hidden)

        # (5 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_service.frontend will be updated in-place
  ~ resource "aws_ecs_service" "frontend" {
        id                                 = "arn:aws:ecs:eu-west-2:929514686841:service/development-app/development-frontend"
        name                               = "development-frontend"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-west-2:929514686841:task-definition/frontend-development:71" -> (known after apply)
        # (19 unchanged attributes hidden)

        # (5 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_service.worker will be updated in-place
  ~ resource "aws_ecs_service" "worker" {
        id                                 = "arn:aws:ecs:eu-west-2:929514686841:service/development-app/development-worker"
        name                               = "development-worker"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-west-2:929514686841:task-definition/worker-development:72" -> (known after apply)
        # (19 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.backend must be replaced
-/+ resource "aws_ecs_task_definition" "backend" {
      ~ arn                      = "arn:aws:ecs:eu-west-2:929514686841:task-definition/backend-development:72" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-west-2:929514686841:task-definition/backend-development" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  ~ image            = "929514686841.dkr.ecr.eu-west-2.amazonaws.com/development-backend:59f7f73eda3cc872edcb3825e0508b956acf83f1" -> "929514686841.dkr.ecr.eu-west-2.amazonaws.com/development-backend:e14ef0162d772804911eccd52b25c7275be12722"
                  - mountPoints      = []
                    name             = "backend"
                  - systemControls   = []
                  - volumesFrom      = []
                    # (7 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ enable_fault_injection   = false -> (known after apply)
      ~ id                       = "backend-development" -> (known after apply)
      ~ revision                 = 72 -> (known after apply)
      - tags                     = {} -> null
      ~ tags_all                 = {} -> (known after apply)
        # (12 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.ecs.aws_ecs_task_definition.frontend must be replaced
-/+ resource "aws_ecs_task_definition" "frontend" {
      ~ arn                      = "arn:aws:ecs:eu-west-2:929514686841:task-definition/frontend-development:71" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-west-2:929514686841:task-definition/frontend-development" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  ~ image            = "929514686841.dkr.ecr.eu-west-2.amazonaws.com/development-frontend:59f7f73eda3cc872edcb3825e0508b956acf83f1" -> "929514686841.dkr.ecr.eu-west-2.amazonaws.com/development-frontend:e14ef0162d772804911eccd52b25c7275be12722"
                  - mountPoints      = []
                    name             = "frontend"
                  - systemControls   = []
                  - volumesFrom      = []
                    # (7 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ enable_fault_injection   = false -> (known after apply)
      ~ id                       = "frontend-development" -> (known after apply)
      ~ revision                 = 71 -> (known after apply)
      - tags                     = {} -> null
      ~ tags_all                 = {} -> (known after apply)
        # (12 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.ecs.aws_ecs_task_definition.worker must be replaced
-/+ resource "aws_ecs_task_definition" "worker" {
      ~ arn                      = "arn:aws:ecs:eu-west-2:929514686841:task-definition/worker-development:72" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:eu-west-2:929514686841:task-definition/worker-development" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  ~ image            = "929514686841.dkr.ecr.eu-west-2.amazonaws.com/development-worker:59f7f73eda3cc872edcb3825e0508b956acf83f1" -> "929514686841.dkr.ecr.eu-west-2.amazonaws.com/development-worker:e14ef0162d772804911eccd52b25c7275be12722"
                  - mountPoints      = []
                    name             = "worker"
                  - portMappings     = []
                  - systemControls   = []
                  - volumesFrom      = []
                    # (6 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ enable_fault_injection   = false -> (known after apply)
      ~ id                       = "worker-development" -> (known after apply)
      ~ revision                 = 72 -> (known after apply)
      - tags                     = {} -> null
      ~ tags_all                 = {} -> (known after apply)
        # (12 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 3 to add, 3 to change, 3 to destroy.