[cli] cdk diff difficult to use programmatically

[pkwarren]

We're integrating CDK into a build pipeline and finding it difficult to differentiate between these possibilities:

1. CDK diff detected no changes
2. CDK diff detected changes
3. CDK diff failed (wrong credentials, etc.)

When running cdk diff --fail, we can check the return code to differentiate case 1 vs. 2/3, however we can't differentiate between diff detecting changes and failing for some other type of error (they both return exitCode 1).

Additionally, it appears that we can't rely on whether output was printed to stdout or stderr - from a quick read through the code it appears diffs are printed to stderr along with errors as well.

Is there a supported mechanism to call the cdk diff command and differentiate the options above?

Use Case

We're integrating CDK into a build pipeline and would like to first determine if there are any differences before requiring an approval step for deployment.

Proposed Solution

A few options might be possible:

• Return different exit codes with cdk diff --fail to differentiate "there are differences" from "there was an error calculating differences".
• Use stdout for output of differences and stderr just for error reporting.

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[rix0rrr]

I agree distinguishing the error codes could be useful.

[shadelocker]

I am happy to pick this issue with some guidance.

[zhaoyi0113]

is there any update on this issue? it seems very useful feature.

[krzysztof-slowinski]

For the part of using stdout for the output, please not that it is possible today by using --ci option:
cdk diff --ci --fail > diff.stdout 2> diff.stderr
Where the diffs will be now written to diff.stdout.

You can see the description of this option using cdk diff help:

--ci                 Force CI detection. If CI=true then logs will be sent
                       to stdout instead of stderr[boolean] [default: false]