From 2f23ff9d8f4968ea5b1b1d26ed8919f306818d46 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 26 Jun 2025 07:28:25 -0700
Subject: [PATCH] fix drift analysis

---
 .github/workflows/drift.yml | 52 ++++++++++++++++++++++++++++++-------
 1 file changed, 43 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/drift.yml b/.github/workflows/drift.yml
index 62fa1b3c7..0366a4e16 100644
--- a/.github/workflows/drift.yml
+++ b/.github/workflows/drift.yml
@@ -24,14 +24,26 @@ jobs:
           terraform_wrapper: false
 
       - name: Check for drift
-        uses: dflook/terraform-check@v1
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
           TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
           TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-        with:
-          path: terraform/staging
+        run: |
+          cd terraform/staging
+          terraform init
+          terraform plan -detailed-exitcode
+          exit_code=$?
+          if [ $exit_code -eq 0 ]; then
+            echo "No changes detected.  Intrastructure is up-to-date."
+          elif [ $exit_code -eq 2 ]; then
+            echo "Changes detected.  Infrastructure drift found."
+            exit 1
+          else
+            echo "Error running terraform plan."
+            exit $exit_code
+          fi
+
 
   check_demo_drift:
     runs-on: ubuntu-latest
@@ -52,14 +64,25 @@ jobs:
           terraform_wrapper: false
 
       - name: Check for drift
-        uses: dflook/terraform-check@v1
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
           TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
           TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-        with:
-          path: terraform/demo
+        run: |
+          cd terraform/demo
+          terraform init
+          terraform plan -detailed-exitcode
+          exit_code=$?
+          if [ $exit_code -eq 0 ]; then
+            echo "No changes detected.  Intrastructure is up-to-date."
+          elif [ $exit_code -eq 2 ]; then
+            echo "Changes detected.  Infrastructure drift found."
+            exit 1
+          else
+            echo "Error running terraform plan."
+            exit $exit_code
+          fi
 
   check_prod_drift:
     runs-on: ubuntu-latest
@@ -80,11 +103,22 @@ jobs:
           terraform_wrapper: false
 
       - name: Check for drift
-        uses: dflook/terraform-check@v1
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
           TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
           TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-        with:
-          path: terraform/production
+        run: |
+          cd terraform/production
+          terraform init
+          terraform plan -detailed-exitcode
+          exit_code=$?
+          if [ $exit_code -eq 0 ]; then
+            echo "No changes detected.  Intrastructure is up-to-date."
+          elif [ $exit_code -eq 2 ]; then
+            echo "Changes detected.  Infrastructure drift found."
+            exit 1
+          else
+            echo "Error running terraform plan."
+            exit $exit_code
+          fi