Skip to content

Alert Terraform Changes #1034

Alert Terraform Changes

Alert Terraform Changes #1034

name: Alert Terraform Changes
on:
schedule:
# The workflow runs every day at 8:20am
- cron: "7 13 * * *" #UTC-5
env:
AZURE_CREDENTIALS: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
jobs:
alert_tf_changes:
name: Check Terraform plan for ${{ matrix.env }}
strategy:
fail-fast: false
matrix:
env: [staging, prod]
environment: ${{ matrix.env }}
runs-on: ubuntu-latest
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ matrix.env }}
tls-key: ${{ secrets.TLS_KEY }}
ca-cert: ${{ secrets.CA_CRT}}
user-crt: ${{ secrets.USER_CRT }}
user-key: ${{ secrets.USER_KEY }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
tf-auth: true
- name: Collect Terraform stats
uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2
## DevSecOps - Aquia (Replace) - uses: ./.github/actions/terraform-stats
id: stats1
with:
terraform-directory: operations/app/terraform/vars/${{ matrix.env }}
terraform-version: 1.7.4
add-args: "-refresh=false"
- name: Format outputs for slack
id: format_out
if: steps.stats1.outputs.change-count > 0
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "CHANGES<<$EOF" >> $GITHUB_OUTPUT
echo "resource-changes=$(echo '${{ steps.stats1.outputs.resource-changes }}' \
| sed 's/\"/\\\"/g' | sed 's/\\\\\"/\\\\\\"/g')" >> $GITHUB_OUTPUT
echo "resource-drifts=$(echo '${{ steps.stats1.outputs.resource-drifts }}' \
| sed 's/\"/\\\"/g' | sed 's/\\\\\"/\\\\\\"/g')" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT
- name: Slack Notification
if: ${{ steps.format_out.outputs.CHANGES != '' }}
uses: ./.github/actions/notifications
with:
method: slack
title: Current Terraform Plan Changes in ${{ matrix.env }} env
message: |
"change-count": "${{ steps.stats1.outputs.change-count }}"
"drift-count": "${{ steps.stats1.outputs.drift-count }}"
"resource-drifts": "${{ env.resource-drifts }}"
icon-emoji: ':bell:'
channel: pagerduty-alert-dump
webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
color: warning