Digger EE supports drift detection and automatic creation of issues in your ticketing system, e.g. GitHub Issues:

Digger CE only supports drift alert via Slack. It was previously documented under CE; you can still use the basic Slack alerts for free.

Limitations of drift detection in CE:

  • Slack as the only destination
  • No parallelism - all drift jobs run sequentially

To configure basic drift alerts via Slack:

Create a separate workflow file for drift

To run digger in drift detection mode, pass mode: drift-detection in the workflow file and configure the relevant crontab to run it with the frequency you want:

name: Digger Drift Detection

on:
  workflow_dispatch:
  schedule: ## 12am daily.
    - cron: '0 0 * * *'

jobs:
  detect-drift:
    runs-on: ubuntu-latest
    steps:
    - name: digger drift detection
      uses: diggerhq/digger@vLatest
      with:
        mode: drift-detection
        setup-aws: true
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
        drift-detection-slack-notification-url: ${{ secrets.DRIFT_DETECTION_SLACK_NOTIFICATION }}
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Configure Slack notification URL

Note the DRIFT_DETECTION_SLACK_NOTIFICATION env var that the workflow above is using. This should be set to a Slack Incoming Webhook URL.

Follow the official Slack guide to get the Incoming Webhook URL; then add it as an Action secret named DRIFT_DETECTION_SLACK_NOTIFICATION

Gitlab

For using drift detection with gitlab, a similar workflow can be used:

variables:
  DIGGER_LICENSE_KEY: $DIGGER_LICENSE_KEY
  INPUT_DIGGER_MODE: "drift-detection"
  # DIGGER_GITLAB_BASE_URL: $GITLAB_SELFHOSTED_URL
  NO_BACKEND: true
  INPUT_DRIFT_DETECTION_SLACK_NOTIFICATION_URL: $SLACK_WEBHOOK_URL
  DISABLE_LOCKING: true

stages:
- drift_detect

drift_detect:
  stage: drift_detect
  script:
    - env
    - apt-get update && apt-get install -y gnupg software-properties-common
    - wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
    - gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
    - echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
    - apt update
    - apt-get install terraform
    - mkdir -p digger && cd digger && curl -SSL -o digger https://github.com/diggerhq/digger/releases/download/vLatest/digger-ee-cli-Linux-X64
    - chmod +x digger
    - PATH=$PATH:$(pwd)
    - cd ../
    - digger

The above workflow will detect drift for the repository projects and post if any instances of drift occur to slack