feat: add outputs and improve workflow example (#328)

* feat: add outputs for diff summary and result Signed-off-by: Rishav Dhar <[email protected]> * feat: add outputs and improve workflow example Signed-off-by: Rishav Dhar <[email protected]> --------- Signed-off-by: Rishav Dhar <[email protected]>
DevSecTop · Oct 21, 2024 · f1acaae · f1acaae
1 parent 01cbb55
commit f1acaae
Show file tree

Hide file tree

Showing 3 changed files with 156 additions and 86 deletions.
diff --git a/.github/examples/schedule_refresh.yaml b/.github/examples/schedule_refresh.yaml
@@ -1,5 +1,5 @@
 ---
-name: Trigger on schedule (cron) event with 'fmt' and 'validate' checks to identify configuration drift.
+name: Trigger on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.
 
 on:
   schedule:
@@ -13,6 +13,7 @@ jobs:
       actions: read        # Required to identify workflow run.
       checks: write        # Required to add status summary.
       contents: read       # Required to checkout repository.
+      issues: write        # Required to open issue.
       pull-requests: write # Required to add comment and label.
 
     steps:
@@ -28,13 +29,34 @@ jobs:
         with:
           command: plan
           arg-lock: false
-          arg-parallelism: 20
           arg-refresh-only: true
           working-directory: path/to/directory
           plan-encrypt: ${{ secrets.PASSPHRASE }}
           format: true
           validate: true
 
-      - name: Check drift
+      - name: Open issue on drift
         if: steps.provision.outputs.exitcode != 0
-        run: echo "Configuration drift detected."
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          diff: ${{ steps.provision.outputs.diff }}
+          run: ${{ steps.provision.outputs.run-url }}
+          result: ${{ steps.provision.outputs.result }}
+          summary: ${{ steps.provision.outputs.summary }}
+        run: |
+          gh api /repos/{owner}/{repo}/issues \
+            --method POST \
+            --field title="Configuration drift detected" \
+            --field body="[View log.]($run)
+          <details><summary>Diff of changes.</summary>
+
+          \`\`\`diff
+          $diff
+          \`\`\`
+          </details>
+          <details><summary>$summary</summary>
+
+          \`\`\`hcl
+          $result
+          \`\`\`
+          </details>"
diff --git a/README.md b/README.md
@@ -97,7 +97,7 @@ The following workflows showcase common use cases, while a comprehensive list of
       <a href="/.github/examples/pr_self_hosted.yaml">Run on</a> <code>pull_request</code> (plan or apply) event with Terraform and OpenTofu on <strong>self-hosted</strong> runner.
     </td>
     <td>
-      <a href="/.github/examples/schedule_refresh.yaml">Run on</a> <code>schedule</code> (cron) event with "fmt" and "validate" checks to identify <strong>configuration drift</strong>.
+      <a href="/.github/examples/schedule_refresh.yaml">Run on</a> <code>schedule</code> (cron) event with fmt/validate checks to open an issue on <strong>configuration drift</strong>.
     </td>
   </tr>
 </table>
@@ -122,7 +122,7 @@ unzip <tf.plan>
 
 | Type     | Name                | Description                                                                                                    |
 | -------- | ------------------- | -------------------------------------------------------------------------------------------------------------- |
-| CLI      | `command`           | Command to run between: `plan` or `apply`.</br>Default: `plan`                                                 |
+| CLI      | `command`           | Command to run between: `plan` or `apply`.</br>Example: `plan`                                                 |
 | CLI      | `working-directory` | Specify the working directory of TF code, alias of `arg-chdir`.</br>Example: `path/to/directory`               |
 | CLI      | `tool`              | Choose the tool to provision TF code.</br>Default: `terraform`                                                 |
 | Check    | `format`            | Check format of TF code.</br>Default: `false`                                                                  |
@@ -195,12 +195,20 @@ unzip <tf.plan>
 
 ### Outputs
 
-| Name         | Description                                   |
-| ------------ | --------------------------------------------- |
-| `check-id`   | ID of the check run.                          |
-| `comment-id` | ID of the PR comment.                         |
-| `exitcode`   | Exit code of the last TF command.             |
-| `identifier` | Unique name of the workflow run and artifact. |
+| Type     | Name         | Description                                   |
+| -------- | ------------ | --------------------------------------------- |
+| Artifact | `plan-id`    | ID of the plan file artifact.                 |
+| Artifact | `plan-url`   | URL of the plan file artifact.                |
+| CLI      | `command`    | Input of the last TF command.                 |
+| CLI      | `diff`       | Diff of changes, if present (truncated).      |
+| CLI      | `exitcode`   | Exit code of the last TF command.             |
+| CLI      | `result`     | Result of the last TF command (truncated).    |
+| CLI      | `summary`    | Summary of the last TF command.               |
+| Workflow | `check-id`   | ID of the check run.                          |
+| Workflow | `comment-id` | ID of the PR comment.                         |
+| Workflow | `job-id`     | ID of the workflow job.                       |
+| Workflow | `run-url`    | URL of the workflow run.                      |
+| Workflow | `identifier` | Unique name of the workflow run and artifact. |
 </br>
 
 ## Security