Skip to content
This repository has been archived by the owner on Jul 26, 2023. It is now read-only.

[Meta] Handle settings drift #1

Open
mattwynne opened this issue Oct 20, 2021 · 6 comments
Open

[Meta] Handle settings drift #1

mattwynne opened this issue Oct 20, 2021 · 6 comments

Comments

@mattwynne
Copy link
Member

Any of the settings being handled by these scripts could be changed manually. How do we handle when the actual settings have drifted away from what's declared here in this repo?

Scenarios:

  1. An existing repo already has Maintain access for the core team. We bring it under management of these scripts, but that's not defined in the config scripts. Will that access be removed when the config is applied?
  2. ...
@mattwynne mattwynne changed the title Handle settings drift Meta: Handle settings drift Oct 21, 2021
@mattwynne
Copy link
Member Author

It looks like this may not be entirely possible: pulumi/pulumi-github#160

I think we might be able to do something with import that diffs against existing imported files, as long as we don't touch them manually.

mattwynne added a commit that referenced this issue Oct 22, 2021
@mattwynne
Add a check to see if there has been drift #1
0585b06
@mattwynne mattwynne mentioned this issue Oct 22, 2021
Closed
@mattwynne mattwynne changed the title Meta: Handle settings drift [Meta] Handle settings drift Oct 22, 2021
@mattwynne
Copy link
Member Author

It looks like this may not be entirely possible: pulumi/pulumi-github#160

I'm attempting to do something using the import command and some checked-in "golden master" files, which we can compare against.

@mattwynne
Copy link
Member Author

I've got something just about working.

I had to use a PAT (I used CukeBot's) to be able to fetch the list of teams from GitHub's API to generate the resources list for the import. There's now a job failing as there's been a teeny bit of drift I guess since I last ran the import.

To do:

  • refine the job so it show the diff when it fails
  • tweak things so it passes
  • do some testing and check what's happening with the stack - are we importing from the actual state of github, or just from the stack's cache?

@mattwynne
Copy link
Member Author

It does look like the import command is going to the stack for the state of the settings rather than going to the GitHub API, which is not what we want.

I guess we need to either just use a temporary file-based stack, or create a new stack for each import.

@mattwynne
Copy link
Member Author

I've changed it over to use a file-based stack.

I also learned that the generated ts files don't seem to always be in a consistent order, so checking them isn't going to work.

I'm attempting to use pulumi preview with the --json switch to generate a machine-readable preview of the imported resources, to see if that's better for diffing.

@mattwynne
Copy link
Member Author

It's going to be difficult to use this until pulumi/pulumi-github#168 is fixed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mattwynne