changes to outputs that do not affect real resources/infra are not displayed in PR comment

[abazzi-neogenomics]

Hello all and @motatoes :)
I've found this issue with the recent versions of digger, I found it both with 0.3.20 (which is the one i've been using), but I also tried 0.5.0 and it's still there - from memory, the 0.1.x didn't have the issue. I'm using github.

I may be a bit of an edge case but here it goes: I have created some tf modules that dump a json payload in a specific output based on some extra inputs i'm passing in a map, for each key. When I call that module from other projects, I have CI/CD workflows that get triggered based on the change of that particular output. The actual resources aren't changed, it's just an output. This output is then passed to the other CI/CD workflow that does other things.

For example:

module "somesomething" {
  source = "github.com/MyOrg/mymodule?ref=v0.1.0"

 some_var = var.myvar
 other_var = "hello"

  my_stuff = {
    key1 = {
      bla                  = "blabla"
      blabla             = "blablabla"

      mypayloads = {
        branch = "somebranch"
      }
    },
    key2 = {
      bla                  = "blabla2"
      blabla             = "blablabla2"

      mypayloads = {
        branch = "somebranch2"
      }
    },
  }
}

And the output is generated based on mypaylods if it makes sense.

When I have such a change, I would expect digger to show it in the plan comment of the PR but instead it says:

Digger run report at 2024-06-04 09:45:25 (UTC)
→ No changes in terraform output for MyOrg/myprojectrepo#myaccount

However, when checking the output in actions, I see this:

Changes to Outputs:
  ~ myoutput = {
      ~ key1 = jsonencode(
          ~ {
              ~ target    = {
                  ~ ref_name = "somebranch" -> "master"
                    # (3 unchanged attributes hidden)
                }
                # (1 unchanged attribute hidden)
            }
        )
    }

You can apply this plan to save these new output values to the Terraform
state, without changing any real infrastructure.

Now, if I digger apply it would work, but not having it in the digger output in PR may end up creating confusion, for example one could forget and merge the change to master without running apply, then I end up with inconsistent outputs saved to the state.

I trigger digger with something like this:

      - name: digger run
        uses: diggerhq/digger@v0.5.0
        with:
          setup-aws: true
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: eu-west-1
          no-backend: true
          setup-terraform: true
          terraform-version: v1.6.6
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
          GITHUB_OWNER: MyOrg

am i missing something in terms of configurations?

[motatoes]

hey @abazzi-neogenomics this could be indeed a bug in our terraform cleanup function, let me have a look to see if I can reproduce it with a test