cdk-diff-action icon indicating copy to clipboard operation
cdk-diff-action copied to clipboard
verified publisher icon corymhall

Add support for multiple diffs

Open rantoniuk opened this issue 11 months ago • 3 comments

When having environment-agnostic stacks and hence using only CDK's DefaultStage, currently there is no way to have multiple diffs in the same workflow:

jobs:

 dev:
    name: CDK diff DEV
    runs-on: ubuntu-latest

    environment:
      name: dev

    steps:
      ...

      - name: CDK diff
        uses: corymhall/cdk-diff-action@v2-beta
        with:
          githubToken: ${{ steps.ghactions-auth.outputs.token }}
          cdkOutDir: ${{ github.workspace }}/cdk.out
          failOnDestructiveChanges: false

 prod:
    name: CDK diff PROD
    runs-on: ubuntu-latest

    environment:
      name: prod

    steps:
      ...

      - name: CDK diff
        uses: corymhall/cdk-diff-action@v2-beta
        with:
          githubToken: ${{ steps.ghactions-auth.outputs.token }}
          cdkOutDir: ${{ github.workspace }}/cdk.out
          failOnDestructiveChanges: false

What I expect here is those two jobs create two distinct comments, based on the environment used. Right now, the action is overwriting the comment content depending on the order of finish.

rantoniuk avatar May 05 '25 13:05 rantoniuk

@rantoniuk thanks for raising this. I ended up removing the environment from the comment identifier hash now that we don't need it elsewhere. I think it might work to just get the account/region from the default credentials being used by the action and add that to the comment hash. I think users would either have different account/region in the default credentials or they would have different stages.

corymhall avatar May 06 '25 09:05 corymhall

I don't want to remember the account number that is assigned to DEV or PROD. Imagine a scenario when someone has 4 envs: DEV, TEST, UAT, PROD and want to see easily in the opened PR the diff for all of them.

The workflow should anyway use GH envs to reference the secrets or variables, so that fits as a natural way.

If you don't want to add specificly GH envs inside of the code (which I understand), the easiest option would be to be able to have an optional comment title option:

with: 
  failOnDestructiveChanges: false
  title: ${{ secrets.account_id}} (${{ vars.env_name}})

I think users would either have different account/region in the default credentials or they would have different stages.

Different stages would never be the case for agnostic stacks as I explained earlier.

rantoniuk avatar May 06 '25 10:05 rantoniuk

The optional comment title is a good idea.

corymhall avatar May 07 '25 09:05 corymhall