Verify Infrastructure #935
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Verify Infrastructure | |
| on: | |
| schedule: | |
| # cron format: 'minute hour dayofmonth month dayofweek' | |
| # this will run at noon UTC every day (7am EST / 8am EDT) | |
| - cron: '0 12 * * *' | |
| jobs: | |
| check_staging_drift: | |
| runs-on: ubuntu-latest | |
| name: Check for drift of staging terraform configuration | |
| environment: staging | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Looks like we need to install Terraform ourselves now! | |
| # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "^1.7.5" | |
| terraform_wrapper: false | |
| - name: Check for drift | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} | |
| TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }} | |
| TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} | |
| run: | | |
| cd terraform/staging | |
| terraform init | |
| terraform plan -detailed-exitcode | |
| exit_code=$? | |
| if [ $exit_code -eq 0 ]; then | |
| echo "No changes detected. Intrastructure is up-to-date." | |
| elif [ $exit_code -eq 2 ]; then | |
| echo "Changes detected. Infrastructure drift found." | |
| exit 1 | |
| else | |
| echo "Error running terraform plan." | |
| exit $exit_code | |
| fi | |
| # check_demo_drift: | |
| # runs-on: ubuntu-latest | |
| # name: Check for drift of demo terraform configuration | |
| # environment: demo | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # ref: 'production' | |
| # # Looks like we need to install Terraform ourselves now! | |
| # # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348 | |
| # - name: Setup Terraform | |
| # uses: hashicorp/setup-terraform@v3 | |
| # with: | |
| # terraform_version: "^1.7.5" | |
| # terraform_wrapper: false | |
| # - name: Check for drift | |
| # env: | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} | |
| # TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }} | |
| # TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} | |
| # run: | | |
| # cd terraform/demo | |
| # terraform init | |
| # terraform plan -detailed-exitcode | |
| # exit_code=$? | |
| # if [ $exit_code -eq 0 ]; then | |
| # echo "No changes detected. Intrastructure is up-to-date." | |
| # elif [ $exit_code -eq 2 ]; then | |
| # echo "Changes detected. Infrastructure drift found." | |
| # exit 1 | |
| # else | |
| # echo "Error running terraform plan." | |
| # exit $exit_code | |
| # fi | |
| check_prod_drift: | |
| runs-on: ubuntu-latest | |
| name: Check for drift of production terraform configuration | |
| environment: production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: 'production' | |
| # Looks like we need to install Terraform ourselves now! | |
| # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "^1.7.5" | |
| terraform_wrapper: false | |
| - name: Check for drift | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} | |
| TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }} | |
| TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} | |
| run: | | |
| cd terraform/production | |
| terraform init | |
| terraform plan -detailed-exitcode | |
| exit_code=$? | |
| if [ $exit_code -eq 0 ]; then | |
| echo "No changes detected. Intrastructure is up-to-date." | |
| elif [ $exit_code -eq 2 ]; then | |
| echo "Changes detected. Infrastructure drift found." | |
| exit 1 | |
| else | |
| echo "Error running terraform plan." | |
| exit $exit_code | |
| fi |