Closed mamu0 closed 4 months ago
can you change this PR title adding a reference to the jira issue here?
https://pagopa.atlassian.net/jira/software/c/projects/DEVEX/boards/501/timeline
(create one if it doesn't exists yet)
why draft?
why draft?
Because I wasn't sure of the final request, @Krusty93 certainly knows it in more detail, I have now configured the "unconventional" draft detection, because instead of checking only the changes on the AZURE console side that are inconsistent with the status, I also check the changes on the terraform code side that are not applied.
Now it work, but I don't know if it needs to be changed to remove control over unapplied terraform code.
why draft?
Because I wasn't sure of the final request, @Krusty93 certainly knows it in more detail, I have now configured the "unconventional" draft detection, because instead of checking only the changes on the AZURE console side that are inconsistent with the status, I also check the changes on the terraform code side that are not applied.
Now it work, but I don't know if it needs to be changed to remove control over unapplied terraform code.
Very nice work!
My personal opinion is to stick to this behavior, in order to help developers to eventually address code issues and/or remind/make clear them to apply code actually merged in the main
branch.
On the other hand, the -refresh-only
flag could help us to avoid "fake drifts" detection (i.e. cosmos db indexes)
List of changes
Added a new GitHub action into file infra_drift_detection.yml, the action can be started manually or scheduled to run every day at 8 am. The GitHub Action is responsible for drift detecting, via a terraform plan, doing a check between the terraform state and the resources deployed on Azure. If there are changes to the state, the pipe will fail, and if the Slack Webhook URL is present, it will send a notification with the information. However, if there are no drifts the pipe will finish successfully without sending notifications.
Motivation and context
With this template we simplify the addition of the drift check, using the new infrastructure.
Type of changes
Does this introduce a change to production resources with possible user impact?
Other information
I updated the repo by adding the dev folder in infra and the identity and repository folders following the guide