Skip to main content
Drift detection has been promoted from EE to CE and is now available to all Community Edition users. The examples below show how to configure scheduled drift checks and notifications.

Drift alerts via Slack

Create a separate workflow file for drift

To run digger in drift detection mode, pass mode: drift-detection in the workflow file and configure the relevant crontab to run it with the frequency you want: 
name: Digger Drift Detection

on:
  workflow_dispatch:
  schedule: ## 12am daily.
    - cron: '0 0 * * *'

jobs:
  detect-drift:
    runs-on: ubuntu-latest
    steps:
    - name: digger drift detection
      uses: diggerhq/digger@vLatest
      with:
        mode: drift-detection
        no-backend: true
        setup-aws: true
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
        drift-detection-slack-notification-url: ${{ secrets.DRIFT_DETECTION_SLACK_NOTIFICATION }}
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
To limit drift checks to only certain projects/environments, use a dedicated Digger config file and point the workflow to it via digger-filename. See: Limit Drift Detection to Specific Projects.

Configure Slack notification URL

Note the DRIFT_DETECTION_SLACK_NOTIFICATION env var that the workflow above is using. This should be set to a Slack Incoming Webhook URL. Follow the official Slack guide to get the Incoming Webhook URL; then add it as an Action secret named DRIFT_DETECTION_SLACK_NOTIFICATION

Drift alerts via GitHub Issues

Digger supports drift detection and automatic creation of issues in your ticketing system, e.g. GitHub Issues. Configure a scheduled workflow that enables GitHub Issues notifications: 
name: Drift Detection

on:  
  workflow_dispatch:
  #schedule: ## Schedule the job to run at 12.am daily.
  #  - cron: '0 0 * * *'

jobs:
  detect-drift:
    runs-on: ubuntu-latest
    steps:
    - name: digger drift detection
      uses: diggerhq/digger@vLatest
      with:
        mode: drift-detection
        setup-aws: true
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        no-backend: true
      env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        DIGGER_GITHUB_TOKEN: ${{ secrets.DIGGER_GITHUB_TOKEN }}
        INPUT_DRIFT_GITHUB_ISSUES: 'true'
        # DIGGER_MANAGEMENT_REPO: "https://github.com/your-org/your-mgmt-repo"
The example above creates GitHub Issues when drift is detected. Ensure ${{ secrets.GITHUB_TOKEN }} (or a PAT) has permission to create issues in the repository.

Troubleshooting

403 errors

If you are seeing permission errors such as 403 in the action log while reporting drift status the backend that is almost always due to missing no-backend: true as an argument in the workflow file
I