feat: add plan-refresh-only to script entrypoint
Taking advantage of the Refresh-only mode in the Terraform plan command, we can create a job that only searches for changes outside the state file (also known as resource drift).
Enabling this feature would allow Scheduled Pipeline to periodically check for changes and take action upon, maybe simple notifying the team or auto-applying the drifted resource.
The used arguments and their explanations are:
-
-detailed-exitcode: There's a specific exit code used when drift is detected. -
-lock=false: It's a read-only operation and does not require a state-lock. -
-refresh-only: The heart of this function, requests only changes outside the state file.
The only caveat to this implementation is that this feature was only added to Terraform 0.15.x and above, meaning that the usage in 0.13 and 0.14 would fail the pipeline.
Closes #48