name: Dry Run on: pull_request: paths: - "state/*.json" jobs: dry-run: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Dry-run reconcile for changed environments env: BASE_SHA: ${{ github.event.pull_request.base.sha }} HEAD_SHA: ${{ github.sha }} TEST_RECONCILER_TOKEN: ${{ secrets.TEST_RECONCILER_TOKEN }} TEST_RECONCILER_URL: ${{ secrets.TEST_RECONCILER_URL }} DEV_RECONCILER_TOKEN: ${{ secrets.DEV_RECONCILER_TOKEN }} DEV_RECONCILER_URL: ${{ secrets.DEV_RECONCILER_URL }} PROD_RECONCILER_TOKEN: ${{ secrets.PROD_RECONCILER_TOKEN }} PROD_RECONCILER_URL: ${{ secrets.PROD_RECONCILER_URL }} GIT_TOKEN: ${{ secrets.GIT_TOKEN }} GIT_URL: ${{ secrets.GIT_URL }} REPO: ${{ github.repository }} PR_NUMBER: ${{ github.event.pull_request.number }} run: | python3 <<'SCRIPT' import json, os, subprocess, urllib.request # Detect changed state files diff = subprocess.run( ["git", "diff", "--name-only", os.environ["BASE_SHA"], os.environ["HEAD_SHA"], "--", "state/*.json"], capture_output=True, text=True, check=True, ) envs = [os.path.basename(f).replace(".json", "") for f in diff.stdout.strip().split("\n") if f.strip()] if not envs: print("No state files changed") exit(0) print(f"Changed environments: {envs}") for env in envs: key = env.upper().replace("-", "_") token = os.environ.get(f"{key}_RECONCILER_TOKEN", "") url = os.environ.get(f"{key}_RECONCILER_URL", "") if not token or not url: print(f"[{env}] No secrets configured — skipping") continue # Call reconciler dry-run with open(f"state/{env}.json", "rb") as f: state_data = f.read() req = urllib.request.Request( f"{url}/reconcile?dry_run=true", data=state_data, method="POST", headers={ "Authorization": f"Bearer {token}", "Content-Type": "application/json", }, ) try: resp = urllib.request.urlopen(req) data = json.loads(resp.read()) except Exception as e: print(f"[{env}] Reconciler call failed: {e}") continue # Format as markdown table ops = data.get("operations", []) summary = data.get("summary", {}) lines = [f"## Reconciliation Plan: `{env}`\n"] if not ops: lines.append("No changes detected.\n") else: def fmt_val(v): if isinstance(v, bool): return str(v).lower() if isinstance(v, list): return ", ".join(str(x) for x in v) if v else "(empty)" if v is None: return "(none)" return str(v) def get_action(op): """Derive a human-readable action from the operation.""" t = op["type"] changes = op.get("changes", []) # For updates, check if it's just an enable/disable toggle if not t.startswith("create") and not t.startswith("delete"): if len(changes) == 1 and changes[0]["field"] == "enabled": return "disable" if changes[0]["to"] is False else "enable" return "update" return t.split("_", 1)[0] def fmt_details(op, action): """Format details based on action type.""" if action == "delete": return "" if action in ("enable", "disable"): return "" changes = op.get("changes", []) if changes: parts = [] for c in changes: parts.append(f"`{c['field']}`: {fmt_val(c['from'])} → {fmt_val(c['to'])}") return "; ".join(parts) d = op.get("details", {}) if not d: return "" parts = [] if "sources" in d and "destinations" in d: parts.append(f"{fmt_val(d['sources'])} → {fmt_val(d['destinations'])}") if "auto_groups" in d: parts.append(f"groups: {fmt_val(d['auto_groups'])}") if "type" in d and "address" in d: parts.append(f"{d['type']}:{d['address']}") if "peers" in d: parts.append(f"peers: {fmt_val(d['peers'])}") return "; ".join(parts) if parts else "" lines.append("| Action | Resource | Name | Details |") lines.append("|--------|----------|------|---------|") for op in ops: resource = op["type"].split("_", 1)[1] if "_" in op["type"] else op["type"] action = get_action(op) detail = fmt_details(op, action) lines.append(f"| {action} | {resource} | {op['name']} | {detail} |") lines.append("") c, u, d = summary.get("created", 0), summary.get("updated", 0), summary.get("deleted", 0) lines.append(f"**Total: {c} create, {u} update, {d} delete**") comment = "\n".join(lines) print(comment) # Post PR comment git_token = os.environ.get("GIT_TOKEN", "") git_url = os.environ.get("GIT_URL", "") if git_token and git_url: api_url = f"{git_url}/api/v1/repos/{os.environ['REPO']}/issues/{os.environ['PR_NUMBER']}/comments" body = json.dumps({"body": comment}).encode() req = urllib.request.Request(api_url, data=body, method="POST", headers={ "Authorization": f"token {git_token}", "Content-Type": "application/json", }) urllib.request.urlopen(req) print(f"Posted comment to PR #{os.environ['PR_NUMBER']}") SCRIPT