[Task: intentvision-lxm.6] Terraform plan drift detection

[jeremylongshore]

Epic & Task Reference

• Epic: intentvision-lxm (Terraform IaC)
• Task: intentvision-lxm.6 (Terraform plan drift detection)

Summary

Adds GitHub Actions workflow for Terraform plan and drift detection:

• Runs on PRs/pushes touching infrastructure/terraform/**
• Daily scheduled drift detection (6 AM UTC)
• Comments plan output on PRs
• Fails on drift during scheduled checks

Workflow Features

Feature	Description
Format check	terraform fmt -check
Validate	terraform validate
Plan	Detailed exit code for drift detection
PR comments	Full plan output in collapsible section
Artifacts	Plan files retained 7 days

Triggers

• push to main (terraform paths)
• pull_request to main (terraform paths)
• schedule daily 6 AM UTC
• workflow_dispatch manual trigger

How to Verify

1. Merge this PR
2. Check Actions tab for workflow
3. Manually trigger via Actions > Terraform Plan > Run workflow

Rollback

git revert <merge-commit-sha>

---

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello @jeremylongshore, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request establishes robust continuous integration for Terraform infrastructure-as-code by introducing a new GitHub Actions workflow. This workflow automates critical steps like formatting, validation, and plan generation on code changes, and crucially, provides scheduled drift detection to maintain infrastructure integrity and prevent unexpected state changes.

Highlights

• New Terraform CI/CD Workflow: Introduces a GitHub Actions workflow to automate Terraform plan generation and drift detection for infrastructure-as-code changes.
• Automated Drift Detection: Implements daily scheduled checks (6 AM UTC) to detect and fail if any Terraform drift is found, ensuring infrastructure state consistency.
• Pull Request Integration: The workflow runs on pull requests and pushes affecting infrastructure/terraform/**, commenting the full Terraform plan output directly on PRs for review.
• Workflow Features: Includes terraform fmt -check for code style, terraform validate for configuration correctness, and retains plan files as artifacts for 7 days.
• Task Status Updates: Updates the status of intentvision-lxm.5 (Secret Manager resources) to "closed" and intentvision-lxm.6 (Terraform plan drift detection) to "in_progress" in the issue tracking file.

Changelog

• .beads/issues.jsonl
  • Updated the status of task intentvision-lxm.5 from "in_progress" to "closed", with a close_reason of "PR [Task: intentvision-lxm.5] Secret Manager resources #4 merged".
  • Updated the status of task intentvision-lxm.6 from "open" to "in_progress", and updated its updated_at timestamp.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/terraform-plan.yml

Activity

• The pull request introduces a new GitHub Actions workflow for Terraform.
• This workflow is configured to run on pushes to main and pull requests targeting main for changes within the infrastructure/terraform/** path.
• A daily scheduled run at 6 AM UTC is set up for drift detection.
• The workflow can also be triggered manually via workflow_dispatch.
• The workflow performs terraform fmt -check, terraform validate, and terraform plan.
• Plan outputs are commented on pull requests in a collapsible section.
• Plan files are retained as artifacts for 7 days.
• The workflow is designed to fail scheduled checks if drift is detected.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is intended to add a GitHub Actions workflow for Terraform plan and drift detection, as detailed in the description. However, the provided patch only contains updates to the .beads/issues.jsonl file, which appears to be for task tracking. These changes correctly update the status of the associated tasks. Since the new workflow file was not included in the provided patch, I am unable to review the core changes of this pull request. The updates to the issues.jsonl file are appropriate.