-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically apply changes #4
Comments
* does not store terraform state anywhere; just imports it on every run * would be nice if there was a bulk import feature! the internal API seems to support it. hashicorp/terraform#22219 * doesn't run apply yet - pushing this for a dry run first. part of #4 Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
All done! GitHub actions ended up working pretty well for this. It keeps the credential somewhere that it can't even be read, and I was even able to (ab)use There is one caveat: if something (e.g. a repo) is removed and the cache is lost, the Import step won't import it, so it won't be destroyed. I have mitigated this by configuring the workflow to run daily, which should keep the cache from expiring, or at least narrow the window of the cache not existing. Running periodically is a good thing to do anyway - it's how we can detect drift and make sure things are staying in sync with the source of truth (this repo). Another workaround could be to have Import work based on the actual state (e.g. all repos in the org) instead of the desired state (all repos in the repo), but that's a little hardcore; it would mean anything not created through this repo would be destroyed or archived. For posterity: |
terraform apply
go test
to verify the integrity of the state in GitHubWill need to securely configure a GitHub token with effectively org admin permissions.
Though there is an obvious temptation to use Concourse for this, it's probably worth considering GitHub Actions just to keep the scope of this narrow.
The text was updated successfully, but these errors were encountered: