Skip to content

ci(runner): migrate inventory to terraform/ and adopt reusable deploy#32

Merged
NWarila merged 3 commits into
mainfrom
gs-03-runner-reusable-plan-only
Jun 20, 2026
Merged

ci(runner): migrate inventory to terraform/ and adopt reusable deploy#32
NWarila merged 3 commits into
mainfrom
gs-03-runner-reusable-plan-only

Conversation

@NWarila

@NWarila NWarila commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Do not merge

This draft PR is intentionally a plan preview vehicle. It should not be merged until the pull-request plan_only workflow run has been audited and any required follow-up inventory corrections are folded into this same branch.

Known blocker

The PR-head workflow starts in plan_only mode, skips OIDC, skips S3 private-definition fetch, overlays the runner terraform/ inventory, and runs terraform init -backend=false. It currently fails before terraform plan in the reusable workflow's Adopt existing repositories into state step: the first terraform import reports Backend initialization required for the configured S3 backend. No plan artifact is produced yet.

A first run also exposed that the reusable's default framework_ref resolves to the runner PR merge SHA in this caller context. This branch now passes framework_ref: "37602cb8ff5d22aaebf4011eb02639de2ddbd6e3" to keep the reusable checkout on the same pinned framework revision.

What changed

  • Moves the public runner inventory from repos/public/ to terraform/public/.
  • Adds terraform/private/.gitkeep so the reusable workflow's private overlay path exists while private definitions remain S3-backed.
  • Repoints the deny-all .gitignore allowlist from repos/ to terraform/.
  • Replaces the inline deploy workflow with the framework reusable deploy workflow pinned at 37602cb8ff5d22aaebf4011eb02639de2ddbd6e3.
  • Passes the same pinned SHA as framework_ref so the reusable can check out the framework repository during PR runs.
  • Adds pull-request planning for terraform/** with plan_only: ${{ github.event_name == 'pull_request' }}.

Why

The reusable deploy workflow adds a pre-merge plan_only dry-run and import-adoption path. This makes the runner migration auditable before any S3-backed apply can touch the managed repository fleet.

Validation

  • Confirmed the framework reusable reads runner inventory from runner/terraform/public and runner/terraform/private.
  • Confirmed the reusable expects gh_token, framework_ref, and private_repos_files.
  • Confirmed git ls-files terraform/ tracks 20 public YAML files plus terraform/private/.gitkeep.
  • Confirmed no ignored inventory files under terraform/.
  • Ran git diff --check --cached before commit.

@NWarila NWarila force-pushed the gs-03-runner-reusable-plan-only branch from db9c261 to 5c37380 Compare June 20, 2026 14:59
@NWarila NWarila marked this pull request as ready for review June 20, 2026 20:21
@NWarila NWarila merged commit e778539 into main Jun 20, 2026
1 check passed
@NWarila NWarila deleted the gs-03-runner-reusable-plan-only branch June 20, 2026 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NWarila