What is Digger
Digger is an open-source alternative to Terraform Cloud. It makes it easy to run
applyin the CI / CD platform you already have, such as Github Actions.
Can't I just run run it in my action as-is? Why do I need another tool?
Terraform has state, which is stored in a file. If you just run terraform on every PR like you would with application code, this can create a race condition. It can get pretty bad:
So there needs to be some sort of state-aware orchestration.
This isn't a new problem. Naturally, there are great products out there solving it.
- Terraform Cloud - Terraform Cloud enables infrastructure automation for provisioning, compliance, and management of any cloud, data center, and service
- Spacelift - sophisticated CI/CD platform for Terraform, CloudFormation, Pulumi, Kubernetes, and Ansible
All of the existing solutions (both commercial and open-source) are effectively full-stack CI systems. But why have 2 CI systems, each with its own UI, compute, access controls and everything? If the problem is state, then it should be possible to just bridge the gap without duplicating what works well already.
Digger runs completely within your CI, such as Github Actions. It is a simple, fast binary written in go that manages your states and locks. This approach has the following benefits:
- No need to share sensitive data with another 3rd party - things like AWS secrets stay within your CI
- No need to host and maintain any compute backend - terraform binary runs natively in your managed CI environment