Skip to content

Ability to "sign" a specific terraform plan file for prod deployment #100

New issue
New issue
Open
Open
Ability to "sign" a specific terraform plan file for prod deployment#100
@aaronsteers

Description

@aaronsteers
aaronsteers
opened on May 16, 2020

Possible implementation plan:

  1. With each commit pushed, generate a dev infra plan, print to CI/CD logs. Raise an error in CI/CD if dev infra plan is non-empty.
  2. With each commit pushed, generate a prod infra plan, print to CI/CD logs and also print as a hashed MD5.
  3. If the printed prod infra plan is approved, repo admin will add into the commit: "Approved: {md5}" (case insensitive).
  4. If branch is master AND commit description includes text "Approved: {MD5}" AND the MD5 matches the infra plan, then auto-deploy to prod.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions