Merge pull request #1778 from GSA/drift

fix drift
2025-12-17 18:52:30 -05:00 · 2025-06-17 09:50:15 -07:00
parent d23a14bf45 4aea4d1567
commit 9606ef8123
1 changed files with 64 additions and 53 deletions
--- a/.github/workflows/drift.yml
+++ b/.github/workflows/drift.yml
@@ -24,67 +24,78 @@ jobs:
          terraform_wrapper: false
      - name: Check for drift
        uses: dflook/terraform-check@v1
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
          TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
          TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-        with:
+        run: |
-          path: terraform/staging
+          cd terraform/staging
          terraform init
          terraform plan -detailed-exitcode
          exit_code=$?
          if [ $exit_code -eq 0 ]; then
            echo "No changes detected.  Intrastructure is up-to-date."
          elif [ $exit_code -eq 2 ]; then
            echo "Changes detected.  Infrastructure drift found."
            exit 1
          else
            echo "Error running terraform plan."
            exit $exit_code
          fi
-  check_demo_drift:
+  # check_demo_drift:
-    runs-on: ubuntu-latest
+  #   runs-on: ubuntu-latest
-    name: Check for drift of demo terraform configuration
+  #   name: Check for drift of demo terraform configuration
-    environment: demo
+  #   environment: demo
-    steps:
+  #   steps:
-      - name: Checkout
+  #     - name: Checkout
-        uses: actions/checkout@v4
+  #       uses: actions/checkout@v4
-        with:
+  #       with:
-          ref: 'production'
+  #         ref: 'production'
-      # Looks like we need to install Terraform ourselves now!
+  #     # Looks like we need to install Terraform ourselves now!
-      # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
+  #     # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
-      - name: Setup Terraform
+  #     - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+  #       uses: hashicorp/setup-terraform@v3
-        with:
+  #       with:
-          terraform_version: "^1.7.5"
+  #         terraform_version: "^1.7.5"
-          terraform_wrapper: false
+  #         terraform_wrapper: false
-      - name: Check for drift
+  #     - name: Check for drift
-        uses: dflook/terraform-check@v1
+  #       uses: dflook/terraform-check@v1
-        env:
+  #       env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
+  #         AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
+  #         AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
-          TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
+  #         TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
-          TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
+  #         TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-        with:
+  #       with:
-          path: terraform/demo
+  #         path: terraform/demo
-  check_prod_drift:
+  # check_prod_drift:
-    runs-on: ubuntu-latest
+  #   runs-on: ubuntu-latest
-    name: Check for drift of production terraform configuration
+  #   name: Check for drift of production terraform configuration
-    environment: production
+  #   environment: production
-    steps:
+  #   steps:
-      - name: Checkout
+  #     - name: Checkout
-        uses: actions/checkout@v4
+  #       uses: actions/checkout@v4
-        with:
+  #       with:
-          ref: 'production'
+  #         ref: 'production'
-      # Looks like we need to install Terraform ourselves now!
+  #     # Looks like we need to install Terraform ourselves now!
-      # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
+  #     # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
-      - name: Setup Terraform
+  #     - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
+  #       uses: hashicorp/setup-terraform@v3
-        with:
+  #       with:
-          terraform_version: "^1.7.5"
+  #         terraform_version: "^1.7.5"
-          terraform_wrapper: false
+  #         terraform_wrapper: false
-      - name: Check for drift
+  #     - name: Check for drift
-        uses: dflook/terraform-check@v1
+  #       uses: dflook/terraform-check@v1
-        env:
+  #       env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
+  #         AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
+  #         AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
-          TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
+  #         TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
-          TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
+  #         TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
-        with:
+  #       with:
-          path: terraform/production
+  #         path: terraform/production