Github Action
π‘ NOTE: For the latest details check out Github
Integrating the Overmind Github actions means that every PR gets automatically scanned and any infrastructure related risks identified. As soon as you create a PR, Overmind gets straight to work and puts anything important front and center.
Configuringβ
-
Setup your GitHub Actions in your .github folder. For example here is our terraform-example repository's automatic.yml workflow.
-
You can use the GitHub Actionβs secret store to provide the API key for the Overmind CLI.
-
The workflow has the actions to install the CLI and submit the plan to the Overmind app. Once you've signed in and sent the plan, this is where the fun begins.
- uses: overmindtech/actions/install-cli@main
with:
version: latest
github-token: ${{ secrets.GITHUB_TOKEN }}
- uses: overmindtech/actions/submit-plan@main
if: github.event.action != 'closed'
id: submit-plan
with:
ovm-api-key: ${{ secrets.OVM_API_KEY }}
plan-json: ./tfplan.json -
Submitting the plan that you are running with the custom action overmindtech/actions/submit-plan. The action sends your code changes and the Terraform plan to the Overmind app via the CLI.
./overmindtech/ovm-cli submit-plan \
--title "$title" \
--description "$description" \
--ticket-link "$ticket_link" \
$code_changes_arg \
$tf_plan_output_arg \
--log '${{ inputs.log }}' \
${{ inputs.plan-json }} \
> ./overmindtech/change-url -
Overmind ingests the plan and discovers the resources in AWS that will be affected.
-
Overmind will then create a blast radius by taking the affected resources and scanning for everything that depends on those resources.
-
Finally, the overmindtech/submit-plan action takes the change and the blast radius and feeds it into Overmind to summarize risks and add that report directly to a comment in the pull request.