- a CLI that runs inside your CI
- an orchestrator backend that triggers the CI jobs (GitHub App or self-hosted)
pull_request
and issue_comment
workflow triggers:
Limitations
Historically this was the original way of running Digger. The initial version called “tfrun” didn’t have any backend, it was just a GitHub action. But it quickly became apparent that without some sort of orchestration there’s only so much that can be done:- No concurrency; all plans / applies need to run sequentially, which is slow
- Action starts on every push or comment, often just to detect that there are no changes. That’s expensive, especially in large repos.
- Clashing applies from other jobs will fail as they cannot be queued
- Buckets / tables for PR-level locks need to be configured manually in your cloud account
- Comments and status checks will be updated with a delay
How it works
In order to function without a backend digger still needs store information about the PR locks so that it does not run “terraform plan” in 2 different PRs for the same digger project (since that would cause them stepping on top of eachother). In order to achieve that, digger will create a small resource in your cloud account to store which PR locked which project. The type of resource varies depending on the cloud account, here is what gets created:Cloud Provider | Resource Type |
---|---|
AWS | DynamoDB |
GCP | GCP Bucket |
Azure | Storage Tables |