Skip to main content

Drift alerts via Slack

Create a separate workflow file for drift

To run digger in drift detection mode, pass mode: drift-detection in the workflow file and configure the relevant crontab to run it with the frequency you want: 
name: Digger Drift Detection

on:
  workflow_dispatch:
  schedule: ## 12am daily.
    - cron: '0 0 * * *'

jobs:
  detect-drift:
    runs-on: ubuntu-latest
    steps:
    - name: digger drift detection
      uses: diggerhq/digger@vLatest
      with:
        mode: drift-detection
        no-backend: true
        setup-aws: true
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
        drift-detection-slack-notification-url: ${{ secrets.DRIFT_DETECTION_SLACK_NOTIFICATION }}
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
To limit drift checks to only certain projects/environments, use a dedicated Digger config file and point the workflow to it via digger-filename. See: Limit Drift Detection to Specific Projects.

Configure Slack notification URL

Note the DRIFT_DETECTION_SLACK_NOTIFICATION env var that the workflow above is using. This should be set to a Slack Incoming Webhook URL. Follow the official Slack guide to get the Incoming Webhook URL; then add it as an Action secret named DRIFT_DETECTION_SLACK_NOTIFICATION

Drift alerts via Github Issues

Coming soon to CE, here is an example of how to configure it: https://github.com/diggerhq/demo-ee-features/edit/main/.github/workflows/drift.yml. Digger supports drift detection and automatic creation of issues in your ticketing system, e.g. GitHub Issues:

Troubleshooting

403 errors

If you are seeing permission errors such as 403 in the action log while reporting drift status the backend that is almost always due to missing no-backend: true as an argument in the workflow file
I