Some issues while trying the github PR feature

[dixneuf19]

My use case: as a repository maintainer with some Terraform/OpenTofu code I want to keep it always up to date, without spending all my time reviewing all the PR.

Renovate helps me with it, and I can be mostly confident that I won't have any breaking change with minor update to providers versions. However, for major upgrade (https://github.com/padok-team/terraform-github-padok-team/pull/28/files) or to boost confidence, I'd like burrito to check if after the upgrade the layer still plan properly, without any change.

That's why I tried to use the PR/MR Workflow. Here is my bumby journey with this feature.

First, understanding how to use it. The doc explain how it works, but not that you just need to setup a webhook and a github token.

For the later I make a silly mistake: create a personal token, instead of an org token. A warning could be added in the doc. This existing issue kind of already address it https://github.com/padok-team/burrito/issues/101

I first tried to use an existing PR to trigger a Burrito webhook, by closing then reopening it. Unfortunately, action reopened not supported. I think that a PR reopened should be treated as the PR opened.

The 0.2.0 Helm release of burrito does not have the correct RBAC for the burrito-server to handle webhooks correctly. It is already fix in the main branch so upgrading the Helm chart with an experimental version did the trick.

Then I had an internal issue with the name of the repository in my TerraformRepository resource, which was ending with a .git. Thanks @Alan-pad to spot the issue (https://github.com/padok-team/burrito/issues/101), removing the .git from my repo URL did the trick.

Finally, my TerraformPullRequest resource was created, and a plan launched. Unfortunately, the Renovate upgrade did break the layer, so the job was in error. However, there were no feedback at all from Burrito ! So it was up to me to understand that the layer was broken.

I then used a simpler MR which works correctly. I finally had, after a few minutes, a Terraform plan from burrito ! :tada: However, the wait was very long, I did not knew if Burrito was actually doing something. Having a immediate feedback (I received the PR, i'm try to run a plan) would be a great improvement. Or having a "check" in the GithubUI (it probably needs to be setup as GithubApp)

To summarize all the small things that could be fixed:

• [ ] Clarifying the doc about how to actually use the MR/PR workflow
• [x] Adding doc and supporting github-app https://github.com/padok-team/burrito/issues/101
• [x] #186
• [x] Releasing a 0.2.1 or 0.3.0 with the RBAC fixed
• [x] https://github.com/padok-team/burrito/issues/101
• [ ] Handling error for pull request, sending at least a notice or details to end user in the PR
• [ ] Having an immediate feedback

Anyway, the feature is already very useful, hopefully it wil be even greater !

[kvendingoldo]

At this moment burrito can be used together with tenv that support Terraform as well as OpenTofu (and Terragrunt :) ) in one tool you can use https://github.com/tofuutils/tenv which my team wrote some months ago.

[Alan-pad]

thx @kvendingoldo we will try to integrate it if it makes sense, would really simplify our current runner implementation ;)