Digger EE supports drift detection and automatic creation of issues in your ticketing system, e.g. GitHub Issues:
Digger CE only supports drift alert via Slack. It was previously documented under CE; you can still use the basic Slack alerts for free.
Limitations of drift detection in CE:
- Slack as the only destination
- No parallelism - all drift jobs run sequentially
To configure basic drift alerts via Slack:
Create a separate workflow file for drift
To run digger in drift detection mode, pass mode: drift-detection
in the workflow file and configure the relevant crontab to run it with the frequency you want:
name: Digger Drift Detection
on:
workflow_dispatch:
schedule: ## 12am daily.
- cron: '0 0 * * *'
jobs:
detect-drift:
runs-on: ubuntu-latest
steps:
- name: digger drift detection
uses: diggerhq/digger@vLatest
with:
mode: drift-detection
setup-aws: true
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
drift-detection-slack-notification-url: ${{ secrets.DRIFT_DETECTION_SLACK_NOTIFICATION }}
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Note the DRIFT_DETECTION_SLACK_NOTIFICATION
env var that the workflow above is using. This should be set to a Slack Incoming Webhook URL.
Follow the official Slack guide to get the Incoming Webhook URL; then add it as an Action secret named DRIFT_DETECTION_SLACK_NOTIFICATION
Gitlab
For using drift detection with gitlab, a similar workflow can be used:
variables:
DIGGER_LICENSE_KEY: $DIGGER_LICENSE_KEY
INPUT_DIGGER_MODE: "drift-detection"
# DIGGER_GITLAB_BASE_URL: $GITLAB_SELFHOSTED_URL
NO_BACKEND: true
INPUT_DRIFT_DETECTION_SLACK_NOTIFICATION_URL: $SLACK_WEBHOOK_URL
DISABLE_LOCKING: true
stages:
- drift_detect
drift_detect:
stage: drift_detect
script:
- env
- apt-get update && apt-get install -y gnupg software-properties-common
- wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
- gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
- echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
- apt update
- apt-get install terraform
- mkdir -p digger && cd digger && curl -SSL -o digger https://github.com/diggerhq/digger/releases/download/vLatest/digger-ee-cli-Linux-X64
- chmod +x digger
- PATH=$PATH:$(pwd)
- cd ../
- digger
The above workflow will detect drift for the repository projects and post if any instances of drift occur to slack