CI/CD for Terraform is tricky. To make life easier, specialised CI systems aka TACOS exist - Terraform Cloud, Spacelift, Atlantis, etc.
But why have 2 CI systems? Why not reuse the async jobs infrastructure with compute, orchestration, logs, etc of your existing CI?
Digger runs terraform natively in your CI. This is:
Digger has 2 main components:
Digger also stores PR-level locks and plan cache in your cloud account (DynamoDB + S3 on AWS, equivalents in other cloud providers)
No need to host and maintain a server (although you can)
Secure by design: jobs run in your CI, so sensitive data stays there
Scalable compute: jobs can run in parallel
RBAC and policies via OPA
Drift detection
Apply-after-merge workflows
Web UI (cloud based)
Read more about differences with Atlantis in our blog post
Open source; orchestrator can be self-hosted
Unlimited runs and unlimited resources-under-management on all tiers
Jobs run in your CI, not on a third-party server
Supports PR automation (apply before merge)
No duplication of the CI/CD stack
Secrets not shared with a third party
We love contributions. Check out our contributing guide to get started.
Not sure where to get started? You can:
Digger collects anonymized telemetry. See usage.go for detail. You can disable telemetry collection either by setting telemetry: false
in digger.yml, or by setting the TELEMETRY
env variable to false
.
atlas migrate apply --url $DATABASE_URL