Sunday, September 10, 2023

 

A sample GitHub action to detect state drift that can run periodically.

name: 'Terraform Configuration Drift Detection'

on:

  workflow_dispatch:

  schedule:

    - cron: '00 2 * * *' # runs nightly at 2:00 am

permissions:

  id-token: write

  contents: read

  issues: write

env:

  ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"

  ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}"

  ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"

jobs:

  terraform-plan:

    name: 'Terraform Plan'

    runs-on: ubuntu-latest

    env:

      ARM_SKIP_PROVIDER_REGISTRATION: true

    outputs:

      tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }}

    steps:

    - name: Checkout

      uses: actions/checkout@v3

    - name: Setup Terraform

      uses: hashicorp/setup-terraform@v2

      with:

        terraform_wrapper: false

    - name: Terraform Init

      run: terraform init
    - name: Terraform Plan

      id: tf-plan

      run: |

        export exitcode=0

        terraform plan -detailed-exitcode -no-color -out tfplan || export exitcode=$?

        echo "exitcode=$exitcode" >> $GITHUB_OUTPUT

        if [ $exitcode -eq 1 ]; then

          echo Terraform Plan Failed!

          exit 1

        else

          exit 0

        fi

No comments:

Post a Comment