name: Dry Run on: pull_request: paths: - "state/*.json" jobs: detect: runs-on: ubuntu-latest outputs: envs: ${{ steps.changed.outputs.envs }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Detect changed environments id: changed run: | FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} -- 'state/*.json') ENVS=$(python3 -c " import os, json files = '''$FILES'''.strip().split('\n') envs = [os.path.basename(f).replace('.json','') for f in files if f.strip()] print(json.dumps(envs)) ") echo "envs=$ENVS" >> "$GITHUB_OUTPUT" echo "Changed environments: $ENVS" dry-run: needs: detect runs-on: ubuntu-latest if: needs.detect.outputs.envs != '[]' steps: - uses: actions/checkout@v4 - name: Run dry-run for each changed environment env: ENVS: ${{ needs.detect.outputs.envs }} TEST_RECONCILER_TOKEN: ${{ secrets.TEST_RECONCILER_TOKEN }} TEST_RECONCILER_URL: ${{ secrets.TEST_RECONCILER_URL }} DEV_RECONCILER_TOKEN: ${{ secrets.DEV_RECONCILER_TOKEN }} DEV_RECONCILER_URL: ${{ secrets.DEV_RECONCILER_URL }} PROD_RECONCILER_TOKEN: ${{ secrets.PROD_RECONCILER_TOKEN }} PROD_RECONCILER_URL: ${{ secrets.PROD_RECONCILER_URL }} GIT_TOKEN: ${{ secrets.GIT_TOKEN }} GIT_URL: ${{ secrets.GIT_URL }} REPO: ${{ github.repository }} PR_NUMBER: ${{ github.event.pull_request.number }} run: | python3 <<'SCRIPT' import json, os, urllib.request envs = json.loads(os.environ["ENVS"]) for env in envs: key = env.upper().replace("-", "_") token = os.environ.get(f"{key}_RECONCILER_TOKEN", "") url = os.environ.get(f"{key}_RECONCILER_URL", "") if not token or not url: print(f"No secrets for '{env}' — skipping") continue # Call reconciler dry-run with open(f"state/{env}.json", "rb") as f: state_data = f.read() req = urllib.request.Request( f"{url}/reconcile?dry_run=true", data=state_data, method="POST", headers={ "Authorization": f"Bearer {token}", "Content-Type": "application/json", }, ) try: resp = urllib.request.urlopen(req) data = json.loads(resp.read()) except Exception as e: print(f"Reconciler call failed for '{env}': {e}") continue # Format as markdown ops = data.get("operations", []) summary = data.get("summary", {}) lines = [f"## Reconciliation Plan: `{env}`\n"] if not ops: lines.append("No changes detected.\n") else: lines.append("| Operation | Name |") lines.append("|-----------|------|") for op in ops: lines.append(f"| `{op['type']}` | {op['name']} |") lines.append("") lines.append( f"**Summary:** {summary.get('created',0)} create, " f"{summary.get('updated',0)} update, " f"{summary.get('deleted',0)} delete" ) comment = "\n".join(lines) print(comment) # Post PR comment git_token = os.environ.get("GIT_TOKEN", "") git_url = os.environ.get("GIT_URL", "") if git_token and git_url: api_url = f"{git_url}/api/v1/repos/{os.environ['REPO']}/issues/{os.environ['PR_NUMBER']}/comments" body = json.dumps({"body": comment}).encode() req = urllib.request.Request(api_url, data=body, method="POST", headers={ "Authorization": f"token {git_token}", "Content-Type": "application/json", }) urllib.request.urlopen(req) print(f"Posted comment to PR #{os.environ['PR_NUMBER']}") SCRIPT