120 lines
4.9 KiB
YAML
120 lines
4.9 KiB
YAML
name: Dry Run
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- "state/*.json"
|
|
|
|
jobs:
|
|
dry-run:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Dry-run reconcile for changed environments
|
|
env:
|
|
BASE_SHA: ${{ github.event.pull_request.base.sha }}
|
|
HEAD_SHA: ${{ github.sha }}
|
|
TEST_RECONCILER_TOKEN: ${{ secrets.TEST_RECONCILER_TOKEN }}
|
|
TEST_RECONCILER_URL: ${{ secrets.TEST_RECONCILER_URL }}
|
|
DEV_RECONCILER_TOKEN: ${{ secrets.DEV_RECONCILER_TOKEN }}
|
|
DEV_RECONCILER_URL: ${{ secrets.DEV_RECONCILER_URL }}
|
|
PROD_RECONCILER_TOKEN: ${{ secrets.PROD_RECONCILER_TOKEN }}
|
|
PROD_RECONCILER_URL: ${{ secrets.PROD_RECONCILER_URL }}
|
|
GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
|
|
GIT_URL: ${{ secrets.GIT_URL }}
|
|
REPO: ${{ github.repository }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
run: |
|
|
python3 <<'SCRIPT'
|
|
import json, os, subprocess, urllib.request
|
|
|
|
# Detect changed state files
|
|
diff = subprocess.run(
|
|
["git", "diff", "--name-only", os.environ["BASE_SHA"], os.environ["HEAD_SHA"], "--", "state/*.json"],
|
|
capture_output=True, text=True, check=True,
|
|
)
|
|
envs = [os.path.basename(f).replace(".json", "") for f in diff.stdout.strip().split("\n") if f.strip()]
|
|
|
|
if not envs:
|
|
print("No state files changed")
|
|
exit(0)
|
|
|
|
print(f"Changed environments: {envs}")
|
|
|
|
for env in envs:
|
|
key = env.upper().replace("-", "_")
|
|
token = os.environ.get(f"{key}_RECONCILER_TOKEN", "")
|
|
url = os.environ.get(f"{key}_RECONCILER_URL", "")
|
|
|
|
if not token or not url:
|
|
print(f"[{env}] No secrets configured — skipping")
|
|
continue
|
|
|
|
# Call reconciler dry-run
|
|
with open(f"state/{env}.json", "rb") as f:
|
|
state_data = f.read()
|
|
|
|
req = urllib.request.Request(
|
|
f"{url}/reconcile?dry_run=true",
|
|
data=state_data,
|
|
method="POST",
|
|
headers={
|
|
"Authorization": f"Bearer {token}",
|
|
"Content-Type": "application/json",
|
|
},
|
|
)
|
|
try:
|
|
resp = urllib.request.urlopen(req)
|
|
data = json.loads(resp.read())
|
|
except Exception as e:
|
|
print(f"[{env}] Reconciler call failed: {e}")
|
|
continue
|
|
|
|
# Format as markdown grouped by action
|
|
ops = data.get("operations", [])
|
|
summary = data.get("summary", {})
|
|
lines = [f"## Reconciliation Plan: `{env}`\n"]
|
|
if not ops:
|
|
lines.append("No changes detected.\n")
|
|
else:
|
|
groups = {"Create": [], "Update": [], "Delete": []}
|
|
for op in ops:
|
|
t = op["type"]
|
|
if t.startswith("create"): groups["Create"].append(op)
|
|
elif t.startswith("delete"): groups["Delete"].append(op)
|
|
else: groups["Update"].append(op)
|
|
|
|
for action, items in groups.items():
|
|
if not items:
|
|
continue
|
|
emoji = {"Create": "+", "Update": "~", "Delete": "-"}[action]
|
|
lines.append(f"### {action} ({len(items)})\n")
|
|
lines.append("| Resource | Name |")
|
|
lines.append("|----------|------|")
|
|
for op in items:
|
|
resource = op["type"].split("_", 1)[1] if "_" in op["type"] else op["type"]
|
|
lines.append(f"| {resource} | {op['name']} |")
|
|
lines.append("")
|
|
|
|
c, u, d = summary.get("created", 0), summary.get("updated", 0), summary.get("deleted", 0)
|
|
lines.append(f"**Total: {c} create, {u} update, {d} delete**")
|
|
comment = "\n".join(lines)
|
|
print(comment)
|
|
|
|
# Post PR comment
|
|
git_token = os.environ.get("GIT_TOKEN", "")
|
|
git_url = os.environ.get("GIT_URL", "")
|
|
if git_token and git_url:
|
|
api_url = f"{git_url}/api/v1/repos/{os.environ['REPO']}/issues/{os.environ['PR_NUMBER']}/comments"
|
|
body = json.dumps({"body": comment}).encode()
|
|
req = urllib.request.Request(api_url, data=body, method="POST", headers={
|
|
"Authorization": f"token {git_token}",
|
|
"Content-Type": "application/json",
|
|
})
|
|
urllib.request.urlopen(req)
|
|
print(f"Posted comment to PR #{os.environ['PR_NUMBER']}")
|
|
SCRIPT
|