From b3bf655c5531fc6b050a63c17f5c14206e76aa32 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 07:09:46 -0500 Subject: [PATCH 01/20] Remove unused DynamoDB locking comment in main.tf Removed commented-out DynamoDB state locking configuration. --- prod/main.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/prod/main.tf b/prod/main.tf index 9f9d2c9..789bc99 100644 --- a/prod/main.tf +++ b/prod/main.tf @@ -7,9 +7,6 @@ terraform { } backend "s3" { bucket = "digger-s3backend-quickstart-aws-jalonso" # Change if a different S3 bucket name was used for the backend - /* Un-comment to use DynamoDB state locking - dynamodb_table = "digger-locktable-quickstart-aws" # Change if a different DynamoDB table name was used for backend - */ key = "terraform/state" region = "us-east-1" } From cfaabfdc6f58a91951d73d07ae687635f526f629 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 07:20:49 -0500 Subject: [PATCH 02/20] Add optional spec input to digger workflow Add spec input for digger workflow with optional requirement. --- .github/workflows/digger_workflow.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 11bf3ce..7647758 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -12,6 +12,9 @@ on: required: true run_name: required: false + spec: + description: 'spec input for digger' + required: false run-name: ${{ inputs.run_name}} From c041bbc334983ec7c810bad863d4ce14f63fad97 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 07:21:31 -0500 Subject: [PATCH 03/20] Change job requirement from true to false --- .github/workflows/digger_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 7647758..48802fc 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -7,7 +7,7 @@ on: description: 'run identifier' required: false job: - required: true + required: false comment_id: required: true run_name: From 0afd10530a1a13f11dbdff24d0162d12a9256f14 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 07:24:37 -0500 Subject: [PATCH 04/20] Change comment_id requirement to optional --- .github/workflows/digger_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 48802fc..0f93d9e 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -9,7 +9,7 @@ on: job: required: false comment_id: - required: true + required: false run_name: required: false spec: From 481af28d71f364c78d5049c3ebdd46ad0f79f32b Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 08:48:24 -0500 Subject: [PATCH 05/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 0f93d9e..4c67aa1 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -42,4 +42,4 @@ jobs: disable-locking: false env: GITHUB_CONTEXT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} From 19494313d22769ff4c78da95bb7861c190d65ed0 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 11:55:29 -0500 Subject: [PATCH 06/20] Remove GITHUB_TOKEN from digger_workflow Removed GITHUB_TOKEN from environment variables. --- .github/workflows/digger_workflow.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 4c67aa1..31a0a84 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -42,4 +42,3 @@ jobs: disable-locking: false env: GITHUB_CONTEXT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} From ee5ee0bae1fa3573803d659cb1b05d630e234c99 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 11:57:46 -0500 Subject: [PATCH 07/20] Add GITHUB_TOKEN to digger_workflow.yml --- .github/workflows/digger_workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 31a0a84..0f93d9e 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -42,3 +42,4 @@ jobs: disable-locking: false env: GITHUB_CONTEXT: ${{ toJson(github) }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From f2454a502af5c1b84981af9d0ee72e49b4877047 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 12:01:45 -0500 Subject: [PATCH 08/20] Update GITHUB_TOKEN secret to GH_TOKEN --- .github/workflows/digger_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 0f93d9e..4c67aa1 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -42,4 +42,4 @@ jobs: disable-locking: false env: GITHUB_CONTEXT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} From 6a3bd39fa732b8d04b2ece830072a933d1188dc1 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Mon, 3 Nov 2025 22:09:51 -0500 Subject: [PATCH 09/20] Update digger.yml --- digger.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/digger.yml b/digger.yml index 2099587..82a9520 100644 --- a/digger.yml +++ b/digger.yml @@ -1,3 +1,8 @@ +plan_storage: + type: s3 + bucket: amzn-digger-demo-s3 + region: us-east-1 + projects: - name: production - dir: prod \ No newline at end of file + dir: prod From 00cf06d6c6a75dc72f7ad756c0b696d01b63c460 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 05:18:25 -0500 Subject: [PATCH 10/20] Update main.tf --- prod/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prod/main.tf b/prod/main.tf index 789bc99..fd96376 100644 --- a/prod/main.tf +++ b/prod/main.tf @@ -6,7 +6,7 @@ terraform { } } backend "s3" { - bucket = "digger-s3backend-quickstart-aws-jalonso" # Change if a different S3 bucket name was used for the backend + bucket = "amzn-digger-demo-s3" # Change if a different S3 bucket name was used for the backend key = "terraform/state" region = "us-east-1" } From 3895ba267ccfa1d4610ea00af6e1ef783f726b8c Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 05:19:01 -0500 Subject: [PATCH 11/20] Update main.tf --- backend/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/main.tf b/backend/main.tf index c1d7f35..a312b61 100644 --- a/backend/main.tf +++ b/backend/main.tf @@ -13,7 +13,7 @@ provider "aws" { variable "bucket_id" { type = string - default = "digger-s3backend-quickstart-aws-jalonso" + default = "amzn-digger-demo-s3" } variable "dynamo_lock_table_id" { From 6a2455f0323f6e2b192a0b77aac336983ff5aa17 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 05:20:58 -0500 Subject: [PATCH 12/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 4c67aa1..fd94086 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -32,7 +32,15 @@ jobs: steps: - name: digger run ${{github.event.inputs.id}} run: echo digger run ${{ inputs.id }} - shell: bash + shell: bash + + - name: configure AWS credentials + uses: aws-actions/configure-aws-credencials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_ACCESS_KEY }} + - uses: actions/checkout@v4 - uses: diggerhq/digger@vLatest with: From cefb8ce19333f1e3fe685547e14b891d014d26f7 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 05:35:38 -0500 Subject: [PATCH 13/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index fd94086..a4ff27e 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -33,14 +33,6 @@ jobs: - name: digger run ${{github.event.inputs.id}} run: echo digger run ${{ inputs.id }} shell: bash - - - name: configure AWS credentials - uses: aws-actions/configure-aws-credencials@v2 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_ACCESS_KEY }} - - uses: actions/checkout@v4 - uses: diggerhq/digger@vLatest with: From 04df5bd3e1fb62dcc2b76717e7a526fd86dc0d9a Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 05:50:18 -0500 Subject: [PATCH 14/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index d1f3ed2..9446693 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -14,7 +14,7 @@ on: required: false spec: description: 'spec input for digger' - required: false + required: true run-name: ${{ inputs.run_name}} From 36884099382179d44bcd1f422a3f29e44920eea4 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 06:01:13 -0500 Subject: [PATCH 15/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 9446693..4660b97 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -1,6 +1,11 @@ name: Digger Workflow on: + pull_request: + branches: [ "main" ] + types: [ opened, synchronize ] + issue_comment: + types: [created] workflow_dispatch: inputs: id: From f87faa311e80fc15b9a29ff9dc6ba870be7a9c8a Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 06:11:43 -0500 Subject: [PATCH 16/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 50 ++++++--------------------- 1 file changed, 11 insertions(+), 39 deletions(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 4660b97..430de4b 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -1,4 +1,4 @@ -name: Digger Workflow +name: Digger Pull Request Workflow on: pull_request: @@ -7,45 +7,17 @@ on: issue_comment: types: [created] workflow_dispatch: - inputs: - id: - description: 'run identifier' - required: false - job: - required: false - comment_id: - required: false - run_name: - required: false - spec: - description: 'spec input for digger' - required: true - -run-name: ${{ inputs.run_name}} - jobs: - digger-job: + plan: + name: Run digger runs-on: ubuntu-latest - permissions: - contents: write # required to merge PRs - actions: write # required for plan persistence - id-token: write # required for workload-identity-federation - pull-requests: write # required to post PR comments - statuses: write # required to validate combined PR status - steps: - - name: digger run ${{github.event.inputs.id}} - run: echo digger run ${{ inputs.id }} - shell: bash - - uses: actions/checkout@v4 - - - uses: diggerhq/digger@vLatest - with: - setup-aws: true - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - disable-locking: false - env: - GITHUB_CONTEXT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + - name: digger run + uses: diggerhq/digger@vLatest + with: + disable-locking: true + setup-terraform: true + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} From 6972229d6940cef702b792789aae24c96b0a6854 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 06:15:25 -0500 Subject: [PATCH 17/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 430de4b..5bcfdfb 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -20,4 +20,4 @@ jobs: setup-terraform: true env: GITHUB_CONTEXT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 2a9176f0aaf0f3d8503b6fe258dd02c91f19015b Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 06:19:19 -0500 Subject: [PATCH 18/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 5bcfdfb..abceb47 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -7,6 +7,12 @@ on: issue_comment: types: [created] workflow_dispatch: + inputs: + run_name: + required: false + spec: + description: 'spec input for digger' + required: true jobs: plan: From f68aaa340bc3cd0a462a25a8a2f18eaf667cc7c8 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 06:30:03 -0500 Subject: [PATCH 19/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index abceb47..79b271b 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -22,6 +22,7 @@ jobs: - name: digger run uses: diggerhq/digger@vLatest with: + no-backend: true disable-locking: true setup-terraform: true env: From b2f576f0023fc4e68fe1e6a626ce37587715bb38 Mon Sep 17 00:00:00 2001 From: Alfredo Alonso Date: Tue, 4 Nov 2025 06:36:59 -0500 Subject: [PATCH 20/20] Update digger_workflow.yml --- .github/workflows/digger_workflow.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/digger_workflow.yml b/.github/workflows/digger_workflow.yml index 79b271b..263fa75 100644 --- a/.github/workflows/digger_workflow.yml +++ b/.github/workflows/digger_workflow.yml @@ -19,6 +19,16 @@ jobs: name: Run digger runs-on: ubuntu-latest steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + - name: digger run uses: diggerhq/digger@vLatest with: