GitHub Action: atmos-terraform-drift-remediation
This Github Action is used to remediate drift
Introduction
This action is used for drift remediation.
There is another companion action github-action-atmos-terraform-drift-detection.
Usage
Workflow example
In this example drift will be remediated when user sets label apply to an issue.
name: github-action-atmos-terraform-drift-remediation
run-name: github-action-atmos-terraform-drift-remediation
on:
issues:
types:
- labeled
- closed
permissions:
id-token: write
contents: read
jobs:
remediate-drift:
runs-on: ubuntu-latest
name: github-action-atmos-terraform-drift-remediation
if: |
github.event.action == 'labeled' &&
contains(join(github.event.issue.labels.*.name, ','), 'apply')
steps:
- name: github-action-atmos-terraform-drift-remediation
uses: cloudposse/github-action-atmos-terraform-drift-remediation@v1
with:
issue-number: ${{ github.event.issue.number }}
action: remediate
atmos-config-path: "${{ github.workspace }}/rootfs/usr/local/etc/atmos/"
terraform-plan-role: "arn:aws:iam::111111111111:role/acme-core-gbl-identity-gitops"
terraform-state-bucket: "acme-core-ue2-auto-gitops"
terraform-state-role: "arn:aws:iam::999999999999:role/acme-core-ue2-auto-gitops-gha"
terraform-state-table: "acme-core-ue2-auto-gitops"
aws-region: "us-east-2"
discard-drift:
runs-on: ubuntu-latest
name: github-action-atmos-terraform-drift-remediation
if: |
github.event.action == 'closed' &&
!contains(join(github.event.issue.labels.*.name, ','), 'remediated')
steps:
- name: github-action-atmos-terraform-drift-remediation
uses: cloudposse/github-action-atmos-terraform-drift-remediation@v1
with:
issue-number: ${{ github.event.issue.number }}
action: discard
Inputs
| Name | Description | Default | Required |
|---|---|---|---|
| action | Drift remediation action. One of ['remediate', 'discard'] | remediate | false |
| atmos-config-path | The path to the folder where atmos.yaml file is located | . | false |
| atmos-version | Atmos version to use for vendoring. Default 'latest' | latest | false |
| aws-region | AWS region for assuming identity. | us-east-1 | false |
| debug | Enable action debug mode. Default: 'false' | false | false |
| issue-number | Issue Number | N/A | true |
| terraform-apply-role | The AWS role to be used to apply Terraform. Required for action 'remediate'. | N/A | false |
| terraform-state-bucket | The S3 Bucket where the planfiles are stored. Required for action 'remediate'. | N/A | false |
| terraform-state-role | The AWS role to be used to retrieve the planfile from AWS. Required for action 'remediate'. | N/A | false |
| terraform-state-table | The DynamoDB table where planfile metadata is stored. Required for action 'remediate'. | N/A | false |
| terraform-version | The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example <1.13.0) to install the latest version satisfying the constraint. A value of latest will install the latest version of Terraform CLI. Defaults to latest. | latest | false |
| token | Used to pull node distributions for Atmos from Cloud Posse's GitHub repository. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. | ${{ github.server_url == 'https://github.com' && github.token || '' }} | false |