DEVOPS
PR Terraform Plan Gate with Drift-Aware GitHub Comment
On every infrastructure pull request, runs terraform plan, warns inline if the PR collides with un-reconciled live drift, and posts the full plan as a GitHub comment before merge.
How it runs
The automated pipeline, trigger to output.
- TriggerGitHub pull_request opened/syncedGitHub
- ActionRun terraform plan for PR branchShell
- LogicCompare touched resources vs drift set
- LogicFlag overlap with un-reconciled drift
- OutputPost/update GitHub PR plan commentGitHub
What it does
When an infra pull request opens or updates, this workflow runs `terraform plan` against current live state, detects whether the PR's changes overlap resources that have already drifted out-of-band, and posts a GitHub comment with the plan plus a prominent warning if merging would silently overwrite that live drift.
When to use it
Use it when reviewers approve Terraform PRs without realizing live infrastructure has changed since the branch was cut. The gate prevents an apply from clobbering an emergency console fix that nobody imported back into state.
How it works
- 1A GitHub trigger fires on pull_request opened or synchronized for infra paths.
- 2A shell action runs `terraform plan` for the PR branch against live state.
- 3A logic step compares the plan's touched resources against the current drift set.
- 4A logic step sets a warning flag when the PR overlaps un-reconciled drift.
- 5An output step posts (or updates) a single GitHub PR comment with the plan summary and, if flagged, a blocking drift warning and the conflicting resource list.
Set it up
What you configure once, before turning it on.
- 1Connect GitHubRepos, issues, pull requests, actions.
- 2Connect ShellRun sandboxed commands inside the workspace.
- 3Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 4Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 5Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More DevOps workflows
Block costly Hugging Face Space hardware upgrades in PR review
When a pull request changes a Space's hardware config, it estimates the new monthly cost and posts a GitHub PR comment that flags upgrades crossing a budget ceiling.
Auto-spin a Zoom war-room when PagerDuty hits SEV-1
When a PagerDuty incident escalates to a critical severity, this workflow creates a dedicated Zoom meeting and posts the bridge link to the incident's Slack channel so responders…
Page on-call when a Hugging Face Space build is stuck or errored
Polls Hugging Face Space runtime status on a schedule and opens a PagerDuty incident when a Space sits in a build or error state past a deadline, with a Slack heads-up.
Slack-approved pause for idle Hugging Face Spaces
On a daily scan it finds idle paid Spaces and posts an interactive Slack approval; on approve it pauses the Space and logs the decision to a GitHub issue audit trail.
Hugging Face Spaces idle-runtime sweep with auto-pause
On a schedule, scans all Hugging Face Spaces for ones running idle past a threshold, pauses them to stop billing, and posts a Slack summary with the estimated monthly savings.
Open a Zoom war-room from a Datadog multi-alert storm
When a Datadog monitor crosses a critical threshold, this workflow dedupes against active incidents, and only for a genuinely new outage it creates a Zoom bridge.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.