darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-08 14:12:27 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
notifications-api/.github/workflows/drift.yml
Carlo Costino fe3c54707c Disable demo infrastructure drift check 
This changeset disables the infrastructure drift check for our demo environment because we are no longer using the demo environment, and the infrastructure is in a known broken state.  More work will follow on in the future to clean things up fully.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2025-10-29 10:27:59 -04:00

124 lines
4.2 KiB
YAML
Raw Permalink Blame History

name: Verify Infrastructure
on:
schedule:
# cron format: 'minute hour dayofmonth month dayofweek'
# this will run at noon UTC every day (7am EST / 8am EDT)
- cron: '0 12 * * *'
jobs:
check_staging_drift:
runs-on: ubuntu-latest
name: Check for drift of staging terraform configuration
environment: staging
steps:
- name: Checkout
uses: actions/checkout@v4
# Looks like we need to install Terraform ourselves now!
# https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "^1.7.5"
terraform_wrapper: false
- name: Check for drift
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
run: |
cd terraform/staging
terraform init
terraform plan -detailed-exitcode
exit_code=$?
if [ $exit_code -eq 0 ]; then
echo "No changes detected. Intrastructure is up-to-date."
elif [ $exit_code -eq 2 ]; then
echo "Changes detected. Infrastructure drift found."
exit 1
else
echo "Error running terraform plan."
exit $exit_code
fi
# check_demo_drift:
# runs-on: ubuntu-latest
# name: Check for drift of demo terraform configuration
# environment: demo
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# with:
# ref: 'production'
# # Looks like we need to install Terraform ourselves now!
# # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
# - name: Setup Terraform
# uses: hashicorp/setup-terraform@v3
# with:
# terraform_version: "^1.7.5"
# terraform_wrapper: false
# - name: Check for drift
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
# TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
# TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
# run: |
# cd terraform/demo
# terraform init
# terraform plan -detailed-exitcode
# exit_code=$?
# if [ $exit_code -eq 0 ]; then
# echo "No changes detected. Intrastructure is up-to-date."
# elif [ $exit_code -eq 2 ]; then
# echo "Changes detected. Infrastructure drift found."
# exit 1
# else
# echo "Error running terraform plan."
# exit $exit_code
# fi
check_prod_drift:
runs-on: ubuntu-latest
name: Check for drift of production terraform configuration
environment: production
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: 'production'
# Looks like we need to install Terraform ourselves now!
# https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "^1.7.5"
terraform_wrapper: false
- name: Check for drift
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
TF_VAR_cf_user: ${{ secrets.CLOUDGOV_USERNAME }}
TF_VAR_cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
run: |
cd terraform/production
terraform init
terraform plan -detailed-exitcode
exit_code=$?
if [ $exit_code -eq 0 ]; then
echo "No changes detected. Intrastructure is up-to-date."
elif [ $exit_code -eq 2 ]; then
echo "Changes detected. Infrastructure drift found."
exit 1
else
echo "Error running terraform plan."
exit $exit_code
fi
Reference in New Issue View Git Blame Copy Permalink