Digger EE supports drift detection and automatic creation of issues in your ticketing system, e.g. GitHub Issues:

Digger CE only supports drift alert via Slack. It was previously documented under CE; you can still use the basic Slack alerts for free.

Limitations of drift detection in CE:

  • Slack as the only destination
  • No parallelism - all drift jobs run sequentially

To configure basic drift alerts via Slack:

Create a separate workflow file for drift

To run digger in drift detection mode, pass mode: drift-detection in the workflow file and configure the relevant crontab to run it with the frequency you want:

name: Digger Drift Detection

on:
  workflow_dispatch:
  schedule: ## 12am daily.
    - cron: '0 0 * * *'

jobs:
  detect-drift:
    runs-on: ubuntu-latest
    steps:
    - name: digger drift detection
      uses: diggerhq/digger@vLatest
      with:
        mode: drift-detection
        setup-aws: true
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
        drift-detection-slack-notification-url: ${{ secrets.DRIFT_DETECTION_SLACK_NOTIFICATION }}
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Configure Slack notification URL

Note the DRIFT_DETECTION_SLACK_NOTIFICATION env var that the workflow above is using. This should be set to a Slack Incoming Webhook URL.

Follow the official Slack guide to get the Incoming Webhook URL; then add it as an Action secret named DRIFT_DETECTION_SLACK_NOTIFICATION

Gitlab

For using drift detection with gitlab, a similar workflow can be used:

variables:
  DIGGER_LICENSE_KEY: $DIGGER_LICENSE_KEY
  INPUT_DIGGER_MODE: "drift-detection"
  # DIGGER_GITLAB_BASE_URL: $GITLAB_SELFHOSTED_URL
  NO_BACKEND: true
  INPUT_DRIFT_DETECTION_SLACK_NOTIFICATION_URL: $SLACK_WEBHOOK_URL
  DISABLE_LOCKING: true

stages:
- drift_detect

drift_detect:
  stage: drift_detect
  script:
    - env
    - apt-get update && apt-get install -y gnupg software-properties-common
    - wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
    - gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
    - echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
    - apt update
    - apt-get install terraform
    - mkdir -p digger && cd digger && curl -SSL -o digger https://github.com/diggerhq/digger/releases/download/vLatest/digger-ee-cli-Linux-X64
    - chmod +x digger
    - PATH=$PATH:$(pwd)
    - cd ../
    - digger

The above workflow will detect drift for the repository projects and post if any instances of drift occur to slack

Digger EE supports drift detection and automatic creation of issues in your ticketing system, e.g. GitHub Issues:

Digger CE only supports drift alert via Slack. It was previously documented under CE; you can still use the basic Slack alerts for free.

Limitations of drift detection in CE:

  • Slack as the only destination
  • No parallelism - all drift jobs run sequentially

To configure basic drift alerts via Slack:

Create a separate workflow file for drift

To run digger in drift detection mode, pass mode: drift-detection in the workflow file and configure the relevant crontab to run it with the frequency you want:

name: Digger Drift Detection

on:
  workflow_dispatch:
  schedule: ## 12am daily.
    - cron: '0 0 * * *'

jobs:
  detect-drift:
    runs-on: ubuntu-latest
    steps:
    - name: digger drift detection
      uses: diggerhq/digger@vLatest
      with:
        mode: drift-detection
        setup-aws: true
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
        drift-detection-slack-notification-url: ${{ secrets.DRIFT_DETECTION_SLACK_NOTIFICATION }}
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Configure Slack notification URL

Note the DRIFT_DETECTION_SLACK_NOTIFICATION env var that the workflow above is using. This should be set to a Slack Incoming Webhook URL.

Follow the official Slack guide to get the Incoming Webhook URL; then add it as an Action secret named DRIFT_DETECTION_SLACK_NOTIFICATION

Gitlab

For using drift detection with gitlab, a similar workflow can be used:

variables:
  DIGGER_LICENSE_KEY: $DIGGER_LICENSE_KEY
  INPUT_DIGGER_MODE: "drift-detection"
  # DIGGER_GITLAB_BASE_URL: $GITLAB_SELFHOSTED_URL
  NO_BACKEND: true
  INPUT_DRIFT_DETECTION_SLACK_NOTIFICATION_URL: $SLACK_WEBHOOK_URL
  DISABLE_LOCKING: true

stages:
- drift_detect

drift_detect:
  stage: drift_detect
  script:
    - env
    - apt-get update && apt-get install -y gnupg software-properties-common
    - wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
    - gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
    - echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
    - apt update
    - apt-get install terraform
    - mkdir -p digger && cd digger && curl -SSL -o digger https://github.com/diggerhq/digger/releases/download/vLatest/digger-ee-cli-Linux-X64
    - chmod +x digger
    - PATH=$PATH:$(pwd)
    - cd ../
    - digger

The above workflow will detect drift for the repository projects and post if any instances of drift occur to slack