Terragrunt Drift Detection #370
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: Terragrunt Drift Detection | |
| permissions: { contents: read } | |
| on: | |
| workflow_dispatch: {} | |
| schedule: [{ cron: "0 0/2 * * *" }] # Every 2 hours | |
| env: | |
| ISSUE_TITLE: "⚠️ Terragrunt Drift Detected ⚠️" | |
| jobs: | |
| terragrunt-plan: | |
| uses: ./.github/workflows/terragrunt-plan.yaml | |
| secrets: | |
| op-service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| issue-management: | |
| runs-on: ubuntu-latest | |
| needs: terragrunt-plan | |
| if: always() | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Setup mise | |
| uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 | |
| - name: Generate Token | |
| uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 | |
| id: app-token | |
| with: | |
| app-id: "${{ secrets.BOT_APP_ID }}" | |
| private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" | |
| - name: Open Issue if Drift Detected | |
| if: needs.terragrunt-plan.outputs.drift_detected == 'true' | |
| env: | |
| GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" | |
| PLAN_OUTPUT: "${{ needs.terragrunt-plan.outputs.plan_output }}" | |
| run: | | |
| ISSUE_NUMBER=$(gh issue list --state "all" --search "$ISSUE_TITLE" --json "number" --jq ".[0].number") | |
| if [ -n "$ISSUE_NUMBER" ]; then | |
| gh issue reopen "$ISSUE_NUMBER" | |
| else | |
| gh issue create --title "$ISSUE_TITLE" --body "" | |
| sleep 3 # Wait for issue to be created | |
| ISSUE_NUMBER=$(gh issue list --state "all" --search "$ISSUE_TITLE" --json "number" --jq ".[0].number") | |
| fi | |
| RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| WORKFLOW_URL="${{ github.server_url }}/${{ github.repository }}/actions/workflows/terragrunt-apply.yaml" | |
| { | |
| echo "## ⚠️ **Drift detected in workflow run [#${{ github.run_number }}]($RUN_URL)**" | |
| echo "" | |
| echo "### 🚀 Quick Actions" | |
| echo "" | |
| echo "[]($WORKFLOW_URL)" | |
| echo "" | |
| echo "**[Click here to run Terragrunt Apply workflow]($WORKFLOW_URL)** (then click 'Run workflow' button)" | |
| echo "" | |
| echo "Or run manually: \`terragrunt apply --all\`" | |
| echo "" | |
| echo "### Plan Output" | |
| echo "<details>" | |
| echo "<summary>Click to expand drift details</summary>" | |
| echo "" | |
| echo '```' | |
| echo "$PLAN_OUTPUT" | |
| echo '```' | |
| echo "" | |
| echo "</details>" | |
| } > issue_body.txt | |
| gh issue edit "$ISSUE_NUMBER" --body-file issue_body.txt | |
| gh issue pin "$ISSUE_NUMBER" | |
| - name: Close GitHub Issue if No Drift | |
| if: needs.terragrunt-plan.outputs.drift_detected == 'false' | |
| env: | |
| GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" | |
| COMMENT: | | |
| ✅ No drift detected. Closing issue automatically. | |
| Verified in [workflow run #${{ github.run_number }}]("${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"). | |
| run: | | |
| ISSUE_NUMBER=$(gh issue list --state "open" --search "$ISSUE_TITLE" --json "number" --jq ".[0].number") | |
| echo "ISSUE_NUMBER is '$ISSUE_NUMBER'" | |
| if [ -n "$ISSUE_NUMBER" ]; then | |
| gh issue close "$ISSUE_NUMBER" --comment "$COMMENT" | |
| gh issue unpin "$ISSUE_NUMBER" | |
| fi |