Do not run plan on draft PRs

[ZIJ]

Planning on every commit in draft PRs before they are marked as ready for review is not economical, and noisy.

We have a lot of PRs created as Drafts, especially dependabot/renovate PRs that often get a lot of pushed before anyone even looks at them. Before they are in the "ready to review" state we have no need to run any TF plans on them. In atlantis we can set allowDraftPRs: false, but Github Actions has no trigger that allows this restriction. So for every push on such a Draft-PR a runner would have to pick up a digger job, just to check for if: github.event.pull_request.draft == 'false' and exit. Regarding the amount of Draft PRs we have and how often dependabot/renovate push, this is not economical.

Potential solution

have an allowDraftPRs option just like Atlantis. If set to true , orchestrator will only trigger on the ready_for_review event

[norman-zon]

Nice to see progress on this! Thanks a lot.

One idea, that for sure exceeds this use case, how to implement this (and much more) would be to run OPA policies against the Github payload, as spacelift.io does.

There it is possible to write the no-draft-PR constraint in rego like this:

package spacelift

# Track runs for pushes to the tracked branch
track {
 input.push.branch == input.stack.branch
}

# Propose runs for pull requests to the tracked branch
propose {
 not is_null(input.pull_request)
 input.pull_request.branch == input.stack.branch
}

# Ignore pull requests that are drafts
ignore {
 not is_null(input.pull_request)
 input.pull_request.draft == true
}