action.yaml

name: run-digger
description: Run Digger for OpenTofu/Terraform management (optimized build)

inputs:
  digger-spec:
    description: "The spec to pass onto digger cli"
    required: false
    default: ''
  aws-access-key-id:
    description: AWS access key id
    required: true
  aws-secret-access-key:
    description: AWS secret access key
    required: true
  aws-endpoint-url:
    description: AWS endpoint URL
    required: true
  aws-region:
    description: AWS region
    required: false
    default: us-east-1
  digger-version:
    description: Version of digger to use (must match a release tag)
    required: true
  secrets-context:
    description: "Pre-encoded secrets context"
    required: true
  variables-context:
    description: "Pre-encoded variables context"
    required: true
  mode:
    description: 'manual, drift-detection or otherwise'
    required: false
    default: ''
  command:
    description: 'digger plan or digger apply in case of manual mode'
    required: false
    default: ''
  project:
    description: 'project name for digger to run in case of manual mode'
    required: false
    default: ''
  reporting-strategy:
    description: 'comments_per_run or latest_run_comment, anything else will default to original behavior of multiple comments'
    required: false
    default: 'comments_per_run'
  post-plans-as-one-comment:
    description: Post plans as one comment
    required: false
    default: 'false'
  upload-plan-destination:
    description: Destination to upload the plan to. gcp, github and aws are currently supported.
    required: false
  upload-plan-destination-s3-bucket:
    description: Name of the destination bucket for AWS S3. Should be provided if destination == aws
    required: false
runs:
  using: composite
  steps:
    - name: Setup OpenTofu
      uses: opentofu/setup-opentofu@v1.0.3
      with:
        tofu_version: ${{ inputs.opentofu-version }}
        tofu_wrapper: false
    - name: Download Digger Binary
      uses: actions/github-script@v7
      with:
        script: |
          const os = process.env.RUNNER_OS.toLowerCase();
          const arch = process.env.RUNNER_ARCH.replace('X64', 'amd64').replace('ARM64', 'arm64');
          const assetName = `digger-cli-${os}-${arch}${os === 'windows' ? '.exe' : ''}`;
          
          const release = await github.rest.repos.getReleaseByTag({
            owner: 'diggerhq',
            repo: 'digger',
            tag: process.env.DIGGER_VERSION
          });
          
          const asset = release.data.assets.find(a => a.name === assetName);
          if (!asset) throw new Error(`Could not find asset: ${assetName}`);
          
          const download = await github.rest.repos.getReleaseAsset({
            owner: 'diggerhq',
            repo: 'digger',
            asset_id: asset.id,
            headers: {
              accept: 'application/octet-stream'
            }
          });
          
          require('fs').writeFileSync('digger', Buffer.from(download.data));
          require('fs').chmodSync('digger', '755');
      env:
        DIGGER_VERSION: ${{ inputs.digger-version }}

    - name: Run Digger with Environment Setup
      shell: bash
      env:
        PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }}
        AWS_S3_BUCKET: ${{ inputs.upload-plan-destination-s3-bucket }}
        INPUT_DIGGER_PROJECT: ${{ inputs.project }}
        INPUT_DIGGER_MODE: ${{ inputs.mode }}
        INPUT_DIGGER_COMMAND: ${{ inputs.command }}
        AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
        AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}
        AWS_ENDPOINT_URL: ${{ inputs.aws-endpoint-url }}
        AWS_REGION: ${{ inputs.aws-region }}
        DIGGER_RUN_SPEC: ${{ inputs.digger-spec }}
        SECRETS_CONTEXT: ${{ inputs.secrets-context }}
        VARIABLES_CONTEXT: ${{ inputs.variables-context }}
        ENV_CONTEXT: ${{ toJson(env) }}
        REPORTING_STRATEGY: ${{ inputs.reporting-strategy }}
        ACCUMULATE_PLANS: ${{ inputs.post-plans-as-one-comment == 'true' }}
      run: ${GITHUB_ACTION_PATH}/setup-env.sh ./digger