Prerequesites

  • Digger CE configured
  • Automatic access to Actions via Github Connect enabled in Github Enterprise Server - github docs

Get a new Digger token

  • Go to cloud.digger.dev
  • Go to API tokens in the sidebar
  • Press “Generate Token”
  • Copy the value; save securely (you will need it later)

Update your workflow file to use Digger EE

  • point uses to diggerhq/digger-ee@v0.3.0-ee (use relevant version)
  • set your Digger token as DIGGER_TOKEN
name: Digger Plan

on:
  pull_request:
    branches: [ "main" ]
    types: [ opened, synchronize ]
  issue_comment:
    types: [created]
  workflow_dispatch:

jobs:
  plan:
    runs-on: ubuntu-latest
    permissions:    
      contents: write      # required to merge PRs
      id-token: write      # required for workload-identity-federation
      pull-requests: write # required to post PR comments
      statuses: write      # required to validate combined PR status

    steps:
      - name: digger run
        uses: diggerhq/digger-ee@v0.3.0-ee  # Updaate version here
        with:
          setup-aws: true
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
          setup-terraform: true
          digger-hostname: 'https://cloud.digger.dev'
          digger-organisation: 'digger' # < replace with your organisation name
          digger-token: ${{ secrets.DIGGER_TOKEN }}                     # HERE       
          github-ee-base-url: "https://ghe.digger.dev/"                 # < replace with your GHE instance name
          github-ee-upload-url: "https://ghe.digger.dev/api/uploads/"   # < replace with your GHE instance name
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Action inputsRBAC via OPA guide