Pipelines v3 #83
Merged
Pipelines v3 #83
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…epos (#69) * chore: start work on dev-378 * chore: change the definition of post-provision new account to be more narrowly tailored to creating the new account, not the PR * chore: move around some values * chore: wire up data flows * chor: update for api changes * chore: more wiring cleanups
* Update pipelines-root.yml * Update pipelines-root.yml * debugging * Update pipelines-root.yml * JOB_NAME * add job_id * fix missing bracket * fix * Run logs url action * Use 2024-07-19_get-job-id actions * Add actions: read permission * permissions * pass var into next step * permissions * fix input * Dynamic step name * typo * test syntax * test syntax * colons are broken * try other quoting * Add get logs url to other jobs --------- Co-authored-by: Zach Goldberg <[email protected]>
* WIP add drift detection * Fix broken if statement * Pass root as working directory to bootstrap * Fix exclude root dir from run-all plan * Fix git change detection * Working dir for later steps * Add parallelism limit 6 * Use 0.26.0-rc4. Remove paralllelism limit * Fix role used for run-all plan * feat: Adding cross runner cache persistence * fix whitespace * Fix missing GH_TOKEN * Use -n for git status check * Pipelines CLI v0.26.1 * Fix missing author for create pr * Pipelines CLI v0.26.2-rc1 * Drift detection 2.0 * Fix command * GH_TOKEN * MACHINE_USER_NAME * Use org repo admin for pr creation * Add org admin token * Allow erroring modules. Always cache providers * Cache auth on disk. Only run first 10. * Pipelines CLI v0.28.0-rc2 * Pipelines CLI v0.28.0-rc3 * Switch to just plan * mkdir planfolder * fix plan folder * fix plan folder for parse plans * Pipelines CLI v0.28.0-rc4 * Pipelines CLI v0.28.0-rc5 * Matrixed drift detection jobs * Inline repo dir * Fix * Fix typo * debug mktemp missing * fix path var * dont override path * pathing * Update pipelines-drift-detection.yml * Update pipelines-root.yml * fix json escape string * fix array slicing * fix json escaping * property quotes * Add first pass pr body content * Fix missing pipelines actions * avoid backtick expansion * avoid backtick expansion * echo pr body * move arg * bash escape newline * try other escape * Use INFRA_ROOT_WRITE_TOKEN * Use INFRA_ROOT_WRITE_TOKEN * Add branch link, switch back to drift-detection branch * Actions @ main * actions @ main * Add error detection * tee to file * EOF * multiline github output * more newlines * fix job url, path * debugging * debugging * debugging * debugging * debugging * debugging * add log url link to top of pr body * remove debug limit of 10 units * Add step summary * Fix json output * try without cred caching * try without color removal * restore color removal, remove echos * Increase line height of drifted items * Remove debug limit * Reset changes to other workflows * Use matching pipelines versions * Use action for determine * Pipelines CLI v0.28.0 * Extract drift detection * Pass args * typo * Pass JOB_NAME and STEP_NAME through * Use merged determine units * Var rename. Remove terraform syntax highlight * Test sort units fix * consolidate jobs action. rename secret * Add branch_name input * Fix actions version * Fix actions version * Use merged action * Update pipelines-drift-detection.yml --------- Co-authored-by: Yousif Akbar <[email protected]> Co-authored-by: Oreoluwa Agunbiade <[email protected]>
ZachGoldberg
changed the title
ZachGoldberg
added
the
breaking-change
* Use actions@2024-08-27_gruntcon_githubapp * Use [email protected] * Use pipelines-credentials for downloading actions * uses format * Update pipelines-root.yml * Fix correctly use outputs * typo * Try concatenate env * Try github var * Pass tokens to execute * Fix typo * debug cloning * chars * interp * less args * remove debugging * add new tokens to preflight * rename token * chore: baseline needs both tokens * chore: use the new tokens everywhere * chore: fix token thing * Fetch infra root write and org admin, pass to preflight * Switch out admin tokens in root * Disable provisioning temporarily * Fix read token ref * Update unlock to use github app tokens * Bump pipelines CLI to v0.29.0-rc2 * Use top level env GH_TOKEN * Use github app in delegated workflow * Bump pipelines CLI to v0.29.0-rc3 * Try rc3 * Try v0.28.2 * Trace log * v0.28.3-rc2 * v0.28.3-rc3 * v0.28.3-rc5 * v0.29.0-rc5 * fix: Set `api_base_url` * fix: Use `gruntwork-io` for `pipelines-credentials` * feat: Adding dynamicity to API URL * Use customer org token * DEV-519 Integerate drift detection with GitHub App (#86) * Integrate app * Add org read token * Add create pr token * Make secrets not required * Dynamic api_base_url * Use moved action --------- Co-authored-by: Zach Goldberg <[email protected]> Co-authored-by: Yousif Akbar <[email protected]>
yhakbar
requested changes
Sep 27, 2024
oredavids
previously approved these changes
Oct 8, 2024
| inputs: | ||
| # This field can be overriden to customize the runner used for pipelines | ||
| # workflows. | ||
| # |
There was a problem hiding this comment.
This documentation should be on the runner input. i.e move the path input
yhakbar
approved these changes
Oct 8, 2024
| with: | ||
| PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} | ||
| job_name: ${{ env.JOB_NAME }} | ||
| step_name_prefix: "${{ steps.gruntwork_context.outputs.action == 'TERRAGRUNT_EXECUTE' && '[TerragruntExecute]:\ Authenticate with AWS and then Invoke Terragrunt' || (steps.gruntwork_context.outputs.action == 'BASELINE_ACCOUNT' && 'Run core accounts baselines' || '[ProvisionAccount]:\ Provision New Account') }}" |
There was a problem hiding this comment.
NIT: This should be refactored out at some point. It's hard how this resolves on first inspection.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎈 Gruntwork Pipelines v3.0.0 Release Notes
Pipelines version 3 introduces several new features which include a number of breaking changes. The migration guide below should take less than 5 minutes for most teams to complete, but please do make sure to follow it closely. We're providing a checklist here to help teams ensure that steps are not skipped.
actions:readpermission to PIPELINES_READ_TOKENMigration Guide
Install and configure the Gruntwork.io GitHub App
Pipelines now uses the Gruntwork.io GitHub App for workflow permissions, which simplifies permission management. Follow the GitHub App Installation Instructions to install the Gruntwork.io GitHub App and add your
infrastructure-live-rootrepository to your account.Using the Gruntwork.io GitHub App is recommended and provides full feature support for pipelines workflows. Alternatively, if you do not wish to install the Gruntwork.io GitHub App you can modify your existing workflows to continue using GitHub secrets, although some features will not be available. Read more about App only features here.
Alternative steps
actions: readpermissionsCustomers explicitly list permissions that Gruntwork Pipelines workflows has by default in the pipelines workflow files in
.github/workflowsinside their infrastructure repositories. Pipelines v3 now requiresactions: readpermissions in order to introspect its own runs and provide more helpful logging capabilities.Customers should make the one-line change to add the
actions: readpermission in the following files in every repository that uses Gruntwork pipelines (including root, access control and delegated repos). Note, most repositories will have only 1 or two of these workflow files, in which case update what is present and don't worry about the others..github/workflows/pipelines.yml.github/workflows/pipelines-drift-detection.yml.github/workflows/pipelines-root.yml.github/workflows/pipelines-unlock.ymlOld Permissions
New Permissions
Delegated repositories that are not using the Gruntwork.io GitHub App will need to add
PR_CREATE_TOKEN: ${{ github.token }}to the secrets in their workflow files:Old Secrets
New Secrets
Update to Terragrunt v0.67.16
The latest pipelines works best with the latest version of Terragrunt. Recent versions of Terragrunt have much improved logging, performance and correctness improvements in
run-allscenarios with pipelines.
This is only for customers who only allow GitHub actions to run if they are on an explicit allowlistAllowlist Actions
New actions to add
gruntwork-io/pipelines-credentialsgruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-consolidate-jobsgruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-determine-unitsgruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-determine-driftgruntwork-io/pipelines-actions/.github/actions/pipelines-new-pr-actiongruntwork-io/pipelines-actions/.github/actions/pipelines-get-job-logs-url
Pipelines Drift Detection can be installed in your repositories by adding a new workflow file:(Enterprise Only) Install and activate Drift Detection
.github/workflows/pipelines-drift-detection.ymlNew Features