A sample GitHub action to detect state drift that can run
periodically.
name: 'Terraform Configuration Drift Detection'
on:
workflow_dispatch:
schedule:
- cron: '00 2 * *
*' # runs nightly at 2:00 am
permissions:
id-token: write
contents: read
issues: write
env:
ARM_CLIENT_ID:
"${{ secrets.AZURE_CLIENT_ID }}"
ARM_SUBSCRIPTION_ID:
"${{ secrets.AZURE_SUBSCRIPTION_ID }}"
ARM_TENANT_ID:
"${{ secrets.AZURE_TENANT_ID }}"
jobs:
terraform-plan:
name: 'Terraform
Plan'
runs-on:
ubuntu-latest
env:
ARM_SKIP_PROVIDER_REGISTRATION: true
outputs:
tfplanExitCode:
${{ steps.tf-plan.outputs.exitcode }}
steps:
- name: Checkout
uses:
actions/checkout@v3
- name: Setup
Terraform
uses:
hashicorp/setup-terraform@v2
with:
terraform_wrapper: false
- name: Terraform
Init
run: terraform
init
- name: Terraform Plan
id: tf-plan
run: |
export
exitcode=0
terraform plan
-detailed-exitcode -no-color -out tfplan || export exitcode=$?
echo
"exitcode=$exitcode" >> $GITHUB_OUTPUT
if [ $exitcode
-eq 1 ]; then
echo
Terraform Plan Failed!
exit 1
else
exit 0
fi
No comments:
Post a Comment