add aws as storage backend for plan storage (#1346)

Author: larhauga

action.yml

@@ -78,7 +78,13 @@ inputs:
     required: false
     default: 'true'
   upload-plan-destination:
-    description: Destination to upload the plan to. gcp and github are currently supported
+    description: Destination to upload the plan to. gcp, github and aws are currently supported.
+    required: false
+  upload-plan-destination-s3-bucket:
+    description: Name of the destination bucket for AWS S3. Should be provided if destination == aws
+    required: false
+  upload-plan-destination-gcp-bucket:
+    description: Name of the destination bucket for a GCP bucket. Should be provided if destination == gcp
     required: false
   setup-checkov:
     description: Setup Checkov
@@ -268,6 +274,8 @@ runs:
       shell: bash
       env:
         PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }}
+        GOOGLE_STORAGE_BUCKET: ${{ inputs.upload-plan-destination-gcp-bucket }}
+        AWS_S3_BUCKET: ${{ inputs.upload-plan-destination-s3-bucket }}
         ACTIVATE_VENV: ${{ inputs.setup-checkov == 'true' }}
         DISABLE_LOCKING: ${{ inputs.disable-locking == 'true' }}
         DIGGER_TOKEN: ${{ inputs.digger-token }}
@@ -294,6 +302,8 @@ runs:
       env:
         actionref: ${{ github.action_ref }}
         PLAN_UPLOAD_DESTINATION: ${{ inputs.upload-plan-destination }}
+        GOOGLE_STORAGE_BUCKET: ${{ inputs.upload-plan-destination-gcp-bucket }}
+        AWS_S3_BUCKET: ${{ inputs.upload-plan-destination-s3-bucket }}
         ACTIVATE_VENV: ${{ inputs.setup-checkov == 'true' }}
         DISABLE_LOCKING: ${{ inputs.disable-locking == 'true' }}
         DIGGER_TOKEN: ${{ inputs.digger-token }}

cli/cmd/digger/main.go

@@ -4,17 +4,18 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/diggerhq/digger/cli/pkg/comment_updater"
-	core_drift "github.com/diggerhq/digger/cli/pkg/core/drift"
-	core_reporting "github.com/diggerhq/digger/cli/pkg/core/reporting"
-	"github.com/diggerhq/digger/cli/pkg/drift"
 	"log"
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/diggerhq/digger/cli/pkg/comment_updater"
+	core_drift "github.com/diggerhq/digger/cli/pkg/core/drift"
+	core_reporting "github.com/diggerhq/digger/cli/pkg/core/reporting"
+	"github.com/diggerhq/digger/cli/pkg/drift"
+
 	"github.com/diggerhq/digger/cli/pkg/azure"
 	"github.com/diggerhq/digger/cli/pkg/bitbucket"
 	core_backend "github.com/diggerhq/digger/cli/pkg/core/backend"
@@ -263,23 +264,23 @@ func gitHubCI(lock core_locking.Lock, policyChecker core_policy.Checker, backend
 			workflow := diggerConfig.Workflows[projectConfig.Workflow]
 
 			stateEnvVars, commandEnvVars := digger_config.CollectTerraformEnvConfig(workflow.EnvVars)
-			
+
 			StateEnvProvider, CommandEnvProvider := orchestrator.GetStateAndCommandProviders(projectConfig)
-			
+
 			job := orchestrator.Job{
-				ProjectName:      projectConfig.Name,
-				ProjectDir:       projectConfig.Dir,
-				ProjectWorkspace: projectConfig.Workspace,
-				Terragrunt:       projectConfig.Terragrunt,
-				OpenTofu:         projectConfig.OpenTofu,
-				Commands:         []string{"digger drift-detect"},
-				ApplyStage:       orchestrator.ToConfigStage(workflow.Apply),
-				PlanStage:        orchestrator.ToConfigStage(workflow.Plan),
-				CommandEnvVars:   commandEnvVars,
-				StateEnvVars:     stateEnvVars,
-				RequestedBy:      githubActor,
-				Namespace:        ghRepository,
-				EventName:        "drift-detect",
+				ProjectName:        projectConfig.Name,
+				ProjectDir:         projectConfig.Dir,
+				ProjectWorkspace:   projectConfig.Workspace,
+				Terragrunt:         projectConfig.Terragrunt,
+				OpenTofu:           projectConfig.OpenTofu,
+				Commands:           []string{"digger drift-detect"},
+				ApplyStage:         orchestrator.ToConfigStage(workflow.Apply),
+				PlanStage:          orchestrator.ToConfigStage(workflow.Plan),
+				CommandEnvVars:     commandEnvVars,
+				StateEnvVars:       stateEnvVars,
+				RequestedBy:        githubActor,
+				Namespace:          ghRepository,
+				EventName:          "drift-detect",
 				StateEnvProvider:   StateEnvProvider,
 				CommandEnvProvider: CommandEnvProvider,
 			}
@@ -683,19 +684,19 @@ func bitbucketCI(lock core_locking.Lock, policyChecker core_policy.Checker, back
 			StateEnvProvider, CommandEnvProvider := orchestrator.GetStateAndCommandProviders(projectConfig)
 
 			job := orchestrator.Job{
-				ProjectName:      projectConfig.Name,
-				ProjectDir:       projectConfig.Dir,
-				ProjectWorkspace: projectConfig.Workspace,
-				Terragrunt:       projectConfig.Terragrunt,
-				OpenTofu:         projectConfig.OpenTofu,
-				Commands:         []string{"digger drift-detect"},
-				ApplyStage:       orchestrator.ToConfigStage(workflow.Apply),
-				PlanStage:        orchestrator.ToConfigStage(workflow.Plan),
-				CommandEnvVars:   commandEnvVars,
-				StateEnvVars:     stateEnvVars,
-				RequestedBy:      actor,
-				Namespace:        repository,
-				EventName:        "drift-detect",
+				ProjectName:        projectConfig.Name,
+				ProjectDir:         projectConfig.Dir,
+				ProjectWorkspace:   projectConfig.Workspace,
+				Terragrunt:         projectConfig.Terragrunt,
+				OpenTofu:           projectConfig.OpenTofu,
+				Commands:           []string{"digger drift-detect"},
+				ApplyStage:         orchestrator.ToConfigStage(workflow.Apply),
+				PlanStage:          orchestrator.ToConfigStage(workflow.Plan),
+				CommandEnvVars:     commandEnvVars,
+				StateEnvVars:       stateEnvVars,
+				RequestedBy:        actor,
+				Namespace:          repository,
+				EventName:          "drift-detect",
 				CommandEnvProvider: CommandEnvProvider,
 				StateEnvProvider:   StateEnvProvider,
 			}
@@ -887,7 +888,8 @@ func newPlanStorage(ghToken string, ghRepoOwner string, ghRepositoryName string,
 	var planStorage core_storage.PlanStorage
 
 	uploadDestination := strings.ToLower(os.Getenv("PLAN_UPLOAD_DESTINATION"))
-	if uploadDestination == "github" {
+	switch {
+	case uploadDestination == "github":
 		zipManager := utils.Zipper{}
 		planStorage = &storage.GithubPlanStorage{
 			Client:            github.NewTokenClient(context.Background(), ghToken),
@@ -896,19 +898,33 @@ func newPlanStorage(ghToken string, ghRepoOwner string, ghRepositoryName string,
 			PullRequestNumber: *prNumber,
 			ZipManager:        zipManager,
 		}
-	} else if uploadDestination == "gcp" {
+	case uploadDestination == "gcp":
 		ctx, client := gcp.GetGoogleStorageClient()
 		bucketName := strings.ToLower(os.Getenv("GOOGLE_STORAGE_BUCKET"))
 		if bucketName == "" {
-			reportErrorAndExit(requestedBy, fmt.Sprintf("GOOGLE_STORAGE_BUCKET is not defined"), 9)
+			reportErrorAndExit(requestedBy, "GOOGLE_STORAGE_BUCKET is not defined", 9)
 		}
 		bucket := client.Bucket(bucketName)
 		planStorage = &storage.PlanStorageGcp{
 			Client:  client,
 			Bucket:  bucket,
 			Context: ctx,
 		}
-	} else if uploadDestination == "gitlab" {
+	case uploadDestination == "aws":
+		ctx, client, err := storage.GetAWSStorageClient()
+		if err != nil {
+			reportErrorAndExit(requestedBy, fmt.Sprintf("Failed to create AWS storage client: %s", err), 9)
+		}
+		bucketName := strings.ToLower(os.Getenv("AWS_S3_BUCKET"))
+		if bucketName == "" {
+			reportErrorAndExit(requestedBy, "AWS_S3_BUCKET is not defined", 9)
+		}
+		planStorage = &storage.PlanStorageAWS{
+			Context: ctx,
+			Client:  client,
+			Bucket:  bucketName,
+		}
+	case uploadDestination == "gitlab":
 		//TODO implement me
 	}
 

cli/go.mod

@@ -19,16 +19,18 @@ require (
 )
 
 require (
+	github.com/aws/aws-sdk-go-v2 v1.26.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.11
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.53.1
+	github.com/aws/smithy-go v1.20.2
 	github.com/caarlos0/env/v8 v8.0.0
 	github.com/diggerhq/digger/libs v0.4.13
 	github.com/dominikbraun/graph v0.23.0
-	github.com/goccy/go-json v0.10.2
 	github.com/google/go-github/v58 v58.0.0
-	github.com/google/go-github/v59 v59.0.0
-	github.com/google/go-github/v60 v60.0.0
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.18.2
+	gotest.tools/v3 v3.0.3
 )
 
 require (
@@ -51,6 +53,20 @@ require (
 	github.com/apparentlymart/go-versions v1.0.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bmatcuk/doublestar v1.3.1 // indirect
@@ -60,9 +76,9 @@ require (
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/frankban/quicktest v1.14.6 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -74,7 +90,7 @@ require (
 	github.com/gruntwork-io/terragrunt v0.54.11 // indirect
 	github.com/gruntwork-io/terratest v0.41.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-getter v1.7.3 // indirect
+	github.com/hashicorp/go-getter v1.7.4 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -109,7 +125,6 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-zglob v0.0.3 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -194,7 +209,6 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.19.0 // indirect
@@ -217,7 +231,6 @@ require (
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	google.golang.org/api v0.167.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect