shared-actions/terraform-plan/README.md

# terraform-plan

Plan Terraform configuration files using the official Terraform CLI.

## Inputs

| Input | Required | Default | Description |
|-------|----------|---------|-------------|
| `terraform-dir` | No | `terraform` | Directory containing `.tf` files |
| `terraform-version` | No | `~1.15` | Terraform version to use |
| `var-file` | No | `""` | Path to `.tfvars` file, relative to `terraform-dir` |
| `workspace` | No | `""` | Terraform workspace to select |
| `jfrog-token` | No | `""` | JFrog Artifactory token for the Terraform provider registry (`TF_TOKEN_schmalz_jfrog_io`) |

## Outputs

No outputs are exported.

Terraform `plan` only previews changes and does not produce finalized output values in state.

## Usage

```yaml
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/terraform-plan@terraform-plan-v1
  id: tf-plan
  with:
    workspace: stage
    var-file: stage.tfvars
    jfrog-token: ${{ secrets.JFROG_TOKEN }}
``


## Notes

- Runs `terraform init`, selects the workspace according to PR, and executes `terraform plan`.
- Does **not** apply any changes — it only previews what Terraform would do.
- Helps identify infrastructure changes before execution, such as:
  - Resources that will be created
  - Resources that will be updated
  - Resources that will be *deleted*
  - Resources that will be replaced
- Useful for reviewing changes in environments.
- Helps detect unexpected changes caused by provider version updates, module updates, variable changes, or Terraform configuration changes.
- Improves deployment safety by showing the impact of changes before `terraform apply`.
- Sets `TF_TOKEN_schmalz_jfrog_io` on both `init` and `plan` steps if `jfrog-token` is provided.
- If `var-file` is provided, it is passed as `-var-file` to the plan command.
- Commonly used in CI for pre-apply visibility, especially in pull requests or staging validation workflows.