By default, Digger does not run apply on merge. This is a safer way to resolve the merge-apply dilemma - run apply manually while the PR is still open, then merge when it succeeds in all target environments. But the tradeoff is that your main falls behind the state of your environments; this is not right from the purist point of view (plan = artifact, apply = deploy the artifact).

You can configure Digger to run apply on merge with the following entries in digger.yml

projects:
 ...
workflows:
   dev:
      workflow_configuration:
         on_pull_request_pushed: [digger plan]
         on_pull_request_closed: [digger unlock]
         on_commit_to_default: [digger apply]

Limitation

right now there is no way to prevent running apply via comment, even if apply on merge is configured. Tracked in #272

The tradeoff then of course shifts to handling flaky applies. You’ll need to raise a new PR for every change. But that might be preferable in some cases, for example for highly sensitive parts of production environments that are rarely changed. (eg the “foundation infra” layer with VPC definitions etc).

RBACAuto-merge