Improve image versioning to track Terragrunt's version too

[JulianCBC]

Terraform recently changed it's license and this has caused some concern amongst it's users. As this container packages the latest versions of both Terraform and Terragrunt, we've already switched to versions of Terraform with the new license.

I also think it'd be nice for this to be tagged with the Terragrunt version instead of the Terraform version as it's named after that package.

I'm proposing that there are five groups of versions for this package:

1. <terragrunt_version> - Terragrunt with the newest officially compatible Terraform version. Today this would be 0.52.5 and contain Terragrunt v0.52.5 and Terraform v1.5.7.
2. <terraform_version> - Terraform with the newest version of Terragrunt at that time, same as we're currently releasing. Today this would be 1.6.1 and contain Terragrunt v0.52.5 and Terraform v1.6.1
3. <terragrunt_version>-tf<terraform-version> - specific versions of both, but only the "latest" versions would be built. Today this would be 0.52.5-tf1.6.1 and be identical to <terraform_version>
4. <terragrunt_version>-tf1.5.7 - latest version of Terragrunt with Terraform v1.5.7 - this is for people who want to stay on a version of Terraform prior to the license change. Until a release version of OpenTofu is released, this would be identical to <terragrunt_version>.
5. <terragrunt_version>-ot<opentofu-version> - latest version of Terragrunt with the latest version of OpenTofu. Today this would be 0.52.5-ot1.6.0-alpha3 and contain Terragrunt v0.52.5 and OpenTofu v1.6.0-alpha3. That said, as OpenTofu doesn't have a release version or official Docker container image yet, this will probably be skipped.

Terragrunt version compatibility table: https://terragrunt.gruntwork.io/docs/getting-started/supported-versions/ - note that they're not claiming compatibility with Terraform v1.6+. OpenTofu: https://github.com/opentofu/opentofu Terraform license change concerns: https://opentofu.org/manifesto

If this is something you're happy with, I'm happy to do the work to get this up and running.

[JulianCBC]

🤦 version groups 1 and 2 would conflict. Maybe group 2 should be:

tf<terraform_version> - Terraform with the newest version of Terragrunt at that time, same as we're currently releasing. Today this would be tf1.6.1 and contain Terragrunt v0.52.5 and Terraform v1.6.1

[ozbillwang]

Terragrunt's versions are meaningless from my view when doing the pipeline deployment. In most cases, I don't need to upgrade terragrunt, and most features work fine. That's why I never put terragrunt versions in this image's tag.

Terraform or OpenTofu versions are matter.

We need re-think about the taggings.

For example, we can tag as

1. tf<version> : for terraform versions 2.ot<version> : for opentofu versions

Let me know your thoughts

[JulianCBC]

Terragrunt does have some breaking changes occasionally, or at least changes where some level of migration is required. I can see people potentially wanting to pin this package to a specific Terragrunt version until they've done that migration - yeah they can do that by pinning it to a specific Terraform version, but the mapping between Terraform and Terragrunt versions is opaque with the current tagging scheme.

We definitely need OpenTofu top level versions too, and I'm unfussed what the prefix is, tofu, otf, ot, or even opentofu all work for me.

[ozbillwang]

This is a free project, and maintaining it with additional tags will consume more time, which I can't afford.

For fewer and more efficient tags is the best approach.

OpenTofu has not been formally released, and I'm not interested in its alpha versions either. Let's see how the project goes.

[JulianCBC]

How about this then. Each version gets three tags:

1. tf1.6.1 - based on the Terraform version
2. 0.52.5 - based on the Terragrunt version
3. 0.52.5-tf1.6.1 - containing both

and all three are the same image with the same digest and content and everything.

As I said above, if you're happy with this, I'll put together a pull request with the changes. I'm just looking for a "seems legit" here, and we can cross the whole OpenTofu bridge when that happens.

[ozbillwang]

I pop another idea.

We put both Terraform and OpenTofu (if GA released) binaries in this image alpine/terragrunt.

Terragrunt version will be always the latest version when run the build command.

So the new tags for each same image would be:

1. tf1.6.1
2. ot1.6.0
3. latest

[JulianCBC]

Not a bad idea, but the way it's built now is just adding a couple of packages + Terragrunt on top of the official hashcorp/terraform images, so it'd be more work.

I think OpenTofu is a long way off from an official release, so maybe we re-visit OpenTofu once that's happened?

To clarify, I'm proposing:

Latest Terraform + Latest Terragrunt -> tf1.6.1, 0.52.5, 0.52.5-tf1.6.1, latest

Then, much later once OpenTofu is released, we do a second build as:

Latest OpenTofu + Latest Terragrunt -> ot1.6.0, 0.52.5-ot1.6.0

My understanding of the situation around Terragrunt is that it'll ignore Terraform if OpenTofu is present and people feel strongly enough about the license stuff that they won't want a Terraform binary in their systems.

[ozbillwang]

haha, let's see.

If thees people strongly refuse, they may consider creating the image themselves. Our work is intended for the majority of people. :-)

[JulianCBC]

Makes sense!

I'm throwing together a pull request now.

[JulianCBC]

Done, thanks @ozbillwang for discussing this with me!

[mattiassluis]

I am curious on the status of this. I saw the work of #27 and then the conflict with #28 and it looks like a lot of the work that was done has also again been reverted. My interest got spiked because with the release of Terragrunt v0.67.5: they had a breaking change in the output which in turn broke some CI/CD stuff with no way of fixing it except for running your own image. Thankfully not soon after they implemented some fixes that allowed the old behaviour to be used (with some flags) but it only underlines the initial issue.

[ozbillwang]

@mattiassluis

There was an incident related to issue #36. I responded quickly and rolled back the changes. Moving forward, I’ve decided to not install Terraform and OpenTofu in same image any more.

Regarding the new problem you reported, could you please provide more details and open a new issue ticket? This way, we can focus on it directly and determine the necessary steps.