When upstream and downstream projects are configured with CaC and backed by forked repositories it becomes possible to track drift.
The Octopus - Find CaC Updates
steps detect drift by:
- Scanning the workspaces in the Terraform state created when deploying downstream projects
- Finding any CaC enabled projects
- Cloning the downstream Git repo
- Checking to see if there are changes to merge from the upstream repo into the downstream repo, and if any merges introduce conflicts
Each Octopus - Find CaC Updates
step is configured with a specific Terraform backend. For example, the Octopus - Find CaC Updates (S3 Backend)
step is configured to read Terraform state persisted in an S3 bucket.
The Octopus - Find CaC Updates
steps are typically defined in a runbook attached to the upstream project:
- Create a runbook called
__ Find CaC Updates
attached to the upstream project. - Add one of the
Octopus - Find CaC Updates
steps.- Run the step on a worker with a recent version of Terraform installed or set the container image to a Docker image with Terraform installed like
octopuslabs/terraform-workertools
. - Set the
Git Username
field to the Git repository username. GitHub users with access tokens set this field tox-access-token
. - Set the
Git Password
field to the Git repository password or access token. - Set the
Git Protocol
field to eitherHTTP
orHTTPS
. All publicly hosted Git platforms useHTTPS
. - Set the
Git Hostname
field to the Git repository host name e.g.github.com
,gitlab.com
,bitbucket.com
. - Set the
Git Organization
field to the Git repository owner or organization. - Set the
Git Template Repo
field to the Git repository hosting the upstream project. - Each
Octopus - Find CaC Updates
step then defines additional fields related to the specific Terraform backend. For example, theOctopus - Find CaC Updates (S3 Backend)
step has fields for AWS credentials, region, bucket, and key.
- Run the step on a worker with a recent version of Terraform installed or set the container image to a Docker image with Terraform installed like
Executing the runbook will display a list of downstream projects and indicate if they are:
- Up to date with the upstream repository
- Can merge upstream changes automatically
- Must resolve a merge conflict to merge upstream changes
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Thursday, November 9, 2023