-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pipelines v3 Release Candidate #83
base: main
Are you sure you want to change the base?
Conversation
…epos (#69) * chore: start work on dev-378 * chore: change the definition of post-provision new account to be more narrowly tailored to creating the new account, not the PR * chore: move around some values * chore: wire up data flows * chor: update for api changes * chore: more wiring cleanups
* Update pipelines-root.yml * Update pipelines-root.yml * debugging * Update pipelines-root.yml * JOB_NAME * add job_id * fix missing bracket * fix * Run logs url action * Use 2024-07-19_get-job-id actions * Add actions: read permission * permissions * pass var into next step * permissions * fix input * Dynamic step name * typo * test syntax * test syntax * colons are broken * try other quoting * Add get logs url to other jobs --------- Co-authored-by: Zach Goldberg <[email protected]>
* WIP add drift detection * Fix broken if statement * Pass root as working directory to bootstrap * Fix exclude root dir from run-all plan * Fix git change detection * Working dir for later steps * Add parallelism limit 6 * Use 0.26.0-rc4. Remove paralllelism limit * Fix role used for run-all plan * feat: Adding cross runner cache persistence * fix whitespace * Fix missing GH_TOKEN * Use -n for git status check * Pipelines CLI v0.26.1 * Fix missing author for create pr * Pipelines CLI v0.26.2-rc1 * Drift detection 2.0 * Fix command * GH_TOKEN * MACHINE_USER_NAME * Use org repo admin for pr creation * Add org admin token * Allow erroring modules. Always cache providers * Cache auth on disk. Only run first 10. * Pipelines CLI v0.28.0-rc2 * Pipelines CLI v0.28.0-rc3 * Switch to just plan * mkdir planfolder * fix plan folder * fix plan folder for parse plans * Pipelines CLI v0.28.0-rc4 * Pipelines CLI v0.28.0-rc5 * Matrixed drift detection jobs * Inline repo dir * Fix * Fix typo * debug mktemp missing * fix path var * dont override path * pathing * Update pipelines-drift-detection.yml * Update pipelines-root.yml * fix json escape string * fix array slicing * fix json escaping * property quotes * Add first pass pr body content * Fix missing pipelines actions * avoid backtick expansion * avoid backtick expansion * echo pr body * move arg * bash escape newline * try other escape * Use INFRA_ROOT_WRITE_TOKEN * Use INFRA_ROOT_WRITE_TOKEN * Add branch link, switch back to drift-detection branch * Actions @ main * actions @ main * Add error detection * tee to file * EOF * multiline github output * more newlines * fix job url, path * debugging * debugging * debugging * debugging * debugging * debugging * add log url link to top of pr body * remove debug limit of 10 units * Add step summary * Fix json output * try without cred caching * try without color removal * restore color removal, remove echos * Increase line height of drifted items * Remove debug limit * Reset changes to other workflows * Use matching pipelines versions * Use action for determine * Pipelines CLI v0.28.0 * Extract drift detection * Pass args * typo * Pass JOB_NAME and STEP_NAME through * Use merged determine units * Var rename. Remove terraform syntax highlight * Test sort units fix * consolidate jobs action. rename secret * Add branch_name input * Fix actions version * Fix actions version * Use merged action * Update pipelines-drift-detection.yml --------- Co-authored-by: Yousif Akbar <[email protected]> Co-authored-by: Oreoluwa Agunbiade <[email protected]>
* Use actions@2024-08-27_gruntcon_githubapp * Use [email protected] * Use pipelines-credentials for downloading actions * uses format * Update pipelines-root.yml * Fix correctly use outputs * typo * Try concatenate env * Try github var * Pass tokens to execute * Fix typo * debug cloning * chars * interp * less args * remove debugging * add new tokens to preflight * rename token * chore: baseline needs both tokens * chore: use the new tokens everywhere * chore: fix token thing * Fetch infra root write and org admin, pass to preflight * Switch out admin tokens in root * Disable provisioning temporarily * Fix read token ref * Update unlock to use github app tokens * Bump pipelines CLI to v0.29.0-rc2 * Use top level env GH_TOKEN * Use github app in delegated workflow * Bump pipelines CLI to v0.29.0-rc3 * Try rc3 * Try v0.28.2 * Trace log * v0.28.3-rc2 * v0.28.3-rc3 * v0.28.3-rc5 * v0.29.0-rc5 * fix: Set `api_base_url` * fix: Use `gruntwork-io` for `pipelines-credentials` * feat: Adding dynamicity to API URL * Use customer org token * DEV-519 Integerate drift detection with GitHub App (#86) * Integrate app * Add org read token * Add create pr token * Make secrets not required * Dynamic api_base_url * Use moved action --------- Co-authored-by: Zach Goldberg <[email protected]> Co-authored-by: Yousif Akbar <[email protected]>
steps: | ||
- name: Fetch Gruntwork Read Token | ||
id: pipelines-gruntwork-read-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
|
||
- name: Fetch Org Read Token | ||
id: pipelines-customer-org-read-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
steps: | ||
- name: Fetch Gruntwork Read Token | ||
id: pipelines-gruntwork-read-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
|
||
- name: Fetch Org Read Token | ||
id: pipelines-customer-org-read-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
steps: | ||
- name: Fetch Gruntwork Read Token | ||
id: pipelines-gruntwork-read-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
.github/workflows/pipelines-root.yml
Outdated
|
||
- name: Fetch Infra Root Write Token | ||
id: pipelines-infra-root-write-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
.github/workflows/pipelines-root.yml
Outdated
@@ -238,32 +342,59 @@ jobs: | |||
matrix: | |||
jobs: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts }} | |||
steps: | |||
- name: Fetch Gruntwork Read Token | |||
id: pipelines-gruntwork-read-token | |||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
.github/workflows/pipelines-root.yml
Outdated
|
||
- name: Fetch Org Read Token | ||
id: pipelines-customer-org-read-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
JOB_NAME: ${{ env.JOB_NAME }} | ||
STEP_NAME: "Execute Drift Detection" | ||
|
||
consolidate_jobs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
consolidate_jobs: | |
consolidate_jobs: | |
name: Consolidate Jobs |
|
||
- name: Fetch Org Read Token | ||
id: pipelines-customer-org-read-token | ||
uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uses: gruntwork-io/pipelines-credentials@main | |
uses: gruntwork-io/pipelines-credentials@v1 |
🎈 Gruntwork Pipelines v3.0.0 Release Notes
Pipelines version 3 introduces several new features which include a number of breaking changes. The migration guide below should take less than 5 minutes for most teams to complete, but please do make sure to follow it closely. We're providing a checklist here to help teams ensure that steps are not skipped.
actions:read
permission to PIPELINES_READ_TOKENMigration Guide
Update Pipeline Permissions to add
actions: read
permissionsCustomers explicitly list permissions that Gruntwork Pipelines workflows has by default in the pipelines workflow files in
.github/workflows
inside their infrastructure repositories. Pipelines v3 now requiresactions: read
permissions in order to introspect its own runs and provide more helpful logging capabilities.Customers should make the one-line change to add the
actions: read
permission in the following files in every repository that uses Gruntwork pipelines (including root, access control and delegated repos). Note, most repositories will have only 1 or two of these workflow files, in which case update what is present and don't worry about the others..github/workflows/pipelines.yml
.github/workflows/pipelines-drift-detection.yml
.github/workflows/pipelines-root.yml
.github/workflows/pipelines-unlock.yml
Old Permissions
New Permissions
Update to Terragrunt v0.67.0
The latest pipelines works best with the latest version of Terragrunt. Recent versions of Terragrunt have much improved logging, performance and correctness improvements in
run-all
scenarios with pipelines.
This is only for customers who only allow GitHub actions to run if they are on an explicit allowlistAllowlist Actions
New actions to add
gruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-consolidate-jobs
gruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-determine-units
gruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-determine-drift
gruntwork-io/pipelines-actions/.github/actions/pipelines-new-pr-action
gruntwork-io/pipelines-actions/.github/actions/pipelines-get-job-logs-url
(Optional) Replace Machine Users with a GitHub App
Install the app
Leave the tokens
New Features
Pipelines Drift Detection (Enterprise Only)
Pipelines as a GitHub App
(Maybe? We might need to hold off for e.g. v3.1 for this)
Improved Account Factory Bootstrap Customization Hooks
Pipelines Log Link Improvements