-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PR review flow integration: Terraform plan + Ansible dry-run #27
Comments
I think this would need to go into the "caller" repo (or the deployment repo) not the github action itself because it's the caller repo that decides "when" this action is run (i.e. PR event vs commit to base branch, for example). We should absolutely test it out in a deployment repo and provide the config/docs that someone would have to include, though |
we could maybe provide the steps in the composite and then just conditionally run them based on "detecting" if it's a PR or not 🤔 |
I did some testing on this and I'm not sure if this is possible in the composite. github-actions-deploy-stackstorm
Operations-Stackstorm
Results from opening/reopening PR
From what I can tell, as this is failing in the setup stage; For whatever reason, the GITHUB_TOKEN that should be generated automatically hasn't been, at least at the point of setup, which is causing the failure. I can spend more time on this but I'm approaching my timebox 1.5 hours so wanted to bring my results up to the class |
Code can be found in |
we'd have to define an input for the composite action like:
and then in the step, do:
(not sure if that indentation is correct). Also, we should probably provide another input to allow people to turn off PR "plan" comments if they want to. |
The other option would be creating a Secret for the github token. The benefit would be;
The drawbacks being;
|
I think inputs should be implemented in the action repo and let the user determine where the token comes from when they call the action. Could be secrets. Could be a previous step in their pipeline. Could be the GitHub provided one. |
This is a good time and repository to show the PR flow with BitOps.
bitovi/bitops#325
When using this GH Action, on every PR the terraform should run plan, and ansible should run dry-run,
show the result as a GH Status check.
Once the PR is approved and merged, - run the actual terraform apply.
Bonus points if we could post the
tf plan
diff back to the PR as a comment.See https://github.com/marketplace/actions/terraform-pr-commenter#screenshots as an example:
StackStorm is a complex beast and allowing users to run the proper PR review flow instead of "I'm feeling lucky"
apply
would prevent users from shooting themselves in the foot and encourage best practices.The text was updated successfully, but these errors were encountered: