search

minamijoyo / tfupdate

Update version constraints in your Terraform configurations
MIT License
542 stars 23 forks source link

Dependabot vs tfupdate #30

Closed MPV closed 1 year ago

MPV commented 3 years ago

How do they compare?

I'm using tfupdate today and I've found that it works well.

I noticed you've been trying out Dependabot for similar (same?) use cases here:

https://github.com/minamijoyo/dependabot-terraform-test

Are there still reasons not to use Dependabot over tfupdate (feature-wise)?

minamijoyo commented 3 years ago

At the time of writing, dependabot has not support HCL2, that is to say, it doesn't work with Terraform v0.12 or later. It seems to be unmaintained for now. https://github.com/dependabot/dependabot-core/issues/1176

To be fair, If you are looking for a SaaS solution, another option is renovate. Since I've not use renovate so I don't know the exact difference in features. https://docs.renovatebot.com/modules/manager/terraform/

The tfupdate itself is just a CLI tool, it allows you to fully control an entire workflow by yourself. Which one you prefer is up to you.

MPV commented 3 years ago

@minamijoyo Thanks for sharing your insights. 🥰

Seems like we have made the right choice in trying out tfupdate. 🎉

minamijoyo commented 1 year ago

Since then, the dependabot finally supports Terraform v1.0 and HCL2. The tfupdate gives you ways to build your own CI pipeline, but it is not purely a replacement for dependabot. Use whichever you prefer. Thanks!