Skip to content
Scheduled Terraform Drift Detection

Scheduled Terraform Drift Detection #1280

Sign in to view logs

Scheduled Terraform Drift Detection

Scheduled Terraform Drift Detection #1280

Workflow file for this run

.github/workflows/drift-detection.yml at 4ef8654
name: Scheduled Terraform Drift Detection
on:
schedule:
# Run this workflow at the top of every hour
- cron: '0 * * * *'
workflow_dispatch:
jobs:
drift-detection:
name: Detect and reconcile drift in Terraform stacks
permissions:
id-token: write
contents: read
pull-requests: read
checks: read
runs-on: ubuntu-latest
steps:
### Check out the code
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
### Install tooling
- name: Install Terramate
uses: terramate-io/terramate-action@v2
- name: Install asdf
uses: asdf-vm/actions/setup@v3
- name: Install Terraform with asdf
run: |
asdf plugin add terraform
asdf plugin add opentofu
asdf install terraform
asdf install opentofu
### Configure cloud credentials
- name: 'Configure Azure credentials'
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Verify Azure credentials
run: |
az account show
### Run Dift Check
- name: Run Terraform init in all stacks
run: |
terramate script run \
--parallel 1 \
init
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Run drift detection
id: drift-detect
run: |
terramate script run \
--parallel 5 \
--continue-on-error \
-- \
drift detect
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Run drift reconciliation
id: drift-reconcile
run: |
terramate script run \
--tags reconcile \
--status=drifted \
--parallel 5 \
--continue-on-error \
-- \
drift reconcile
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}