fix(ci): add check drift

italia-opensource · Jun 2, 2024 · fc61c44 · fc61c44
1 parent 04ab7ce
commit fc61c44
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/.github/workflows/deploy-infrastructure.yml b/.github/workflows/deploy-infrastructure.yml
@@ -45,9 +45,16 @@ jobs:
           AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }}
           AWS_TERRAFORM_STATE_BUCKET: ${{ secrets.AWS_TERRAFORM_STATE_BUCKET }}
 
+      - name: Terraform Plan
+        id: plan
+        continue-on-error: true
+        run: |
+          make check-drift
+          echo "run_apply=${?}" >> "$GITHUB_OUTPUT"
+
       - name: Terraform Apply
+        if: ${{ steps.plan.outputs.run_apply == '2' }}
         run: |
-          make plan
           make apply-auto-approve
 
       - name: Update comment

diff --git a/.github/workflows/slash-command.yml b/.github/workflows/slash-command.yml
@@ -7,7 +7,7 @@ permissions: read-all
 
 jobs:
   slash-command:
-    if: ${{ github.event.issue.pull_request && github.event.issue.actor.login == "FabrizioCafolla" }}
+    if: ${{ github.event.issue.pull_request && github.event.issue.actor.login == 'FabrizioCafolla' }}
     runs-on: ubuntu-22.04
     steps:
       - name: Get PR repo and ref

diff --git a/infrastructure/Makefile b/infrastructure/Makefile
@@ -28,4 +28,8 @@ destroy: select-workspace ## Execute terraform plan
 
 apply-auto-approve: select-workspace ## Execute terraform plan
 	@cd $(_WORKDIR_INFRASTRUCTURE) && \
-	terraform apply -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars -auto-approve
+	terraform apply -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars -auto-approve
+
+check-drift: ## Check for drift. This will change the meaning of exit codes to: 0 - Succeeded (no changes), 1 - Errored, 2 - Succeeded, there is a diff
+	@cd $(_WORKDIR_INFRASTRUCTURE) && \
+	terraform plan -var-file=env/$${WORKSPACE}.tfvars -var-file=env/secrets.tfvars -detailed-exitcode -lock=false