• Unlike application code, terraform code has state. This makes CI/CD for it painful
  • You could use a dedicated CI like Terraform Cloud or Atlantis, known as TACOs
  • But then you end up duplicating your CI/CD infrastructure - compute, jobs, logs etc
  • And you need to give it admin access to your cloud accounts

Run Terraform in your CI

Digger spins up jobs in your existing CI instead of running its own CI-like infrastructure. This is:

  • More scalable, because the on-demand compute of your CI is reused
  • More secure, because your sensitive data never leaves the CI job

Compared to Atlantis

  • No need to host and maintain a server
  • Secure by design
  • Scalable compute with jobs isolation
  • Role-based access control via OPA

Read more about differences with Atlantis in our blog post

Compared to Terraform Cloud and other TACOs

  • Open source
  • No duplication of the CI/CD stack
  • Secrets not shared with a third party