{"id":46419956,"url":"https://github.com/yesdevnull/tf-version-bump","last_synced_at":"2026-03-05T15:32:57.619Z","repository":{"id":325071969,"uuid":"1098840168","full_name":"yesdevnull/tf-version-bump","owner":"yesdevnull","description":null,"archived":false,"fork":false,"pushed_at":"2026-01-12T20:40:53.000Z","size":29406,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-13T07:29:22.113Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yesdevnull.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-11-18T08:02:09.000Z","updated_at":"2025-12-18T08:28:13.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/yesdevnull/tf-version-bump","commit_stats":null,"previous_names":["yesdevnull/tf-version-bump"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/yesdevnull/tf-version-bump","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yesdevnull%2Ftf-version-bump","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yesdevnull%2Ftf-version-bump/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yesdevnull%2Ftf-version-bump/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yesdevnull%2Ftf-version-bump/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yesdevnull","download_url":"https://codeload.github.com/yesdevnull/tf-version-bump/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yesdevnull%2Ftf-version-bump/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30133261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T14:41:47.141Z","status":"ssl_error","status_checked_at":"2026-03-05T14:41:21.567Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-05T15:32:57.277Z","updated_at":"2026-03-05T15:32:57.609Z","avatar_url":"https://github.com/yesdevnull.png","language":"Go","readme":"# Terraform Version Bump\n\n\u003e **Note:** This repository is an experiment for generative AI coding tools. It may contain bugs, incomplete features, or other issues. Use at your own discretion.\n\nA CLI tool written in Go that updates Terraform module versions across multiple files using glob patterns. The tool matches modules by their source attribute, making it easy to update all instances of a particular module to a new version.\n\n## Features\n\n- Parse Terraform files using the official HashiCorp HCL library\n- Update module versions by matching on module source\n- Process multiple files using glob patterns\n- **Batch updates** via YAML configuration files\n- **Selective updates** with ignore patterns (wildcard support)\n- **Version filtering** to skip specific versions or update only from specific versions\n- Preserves formatting and comments in Terraform files\n- Safe and reliable HCL parsing and writing\n- Comprehensive test suite\n\n## Installation\n\n### Install with go install (recommended)\n\nIf you have Go installed (version 1.24 or later), this is the easiest and recommended method:\n\n```bash\ngo install github.com/yesdevnull/tf-version-bump@latest\n```\n\nThis installs the binary to your `$GOPATH/bin` directory (usually `~/go/bin`). Ensure this directory is in your `PATH`.\n\n### Download pre-built binary with verification\n\nFor environments without Go, or when you need supply chain verification (particularly useful for CI/production), download a pre-built binary from the [GitHub Releases](https://github.com/yesdevnull/tf-version-bump/releases) page:\n\n```bash\n# Set the version you want to install (replace with desired version)\nVERSION=\"1.0.0\"\n\n# Download the binary and verification files\ncurl -LO \"https://github.com/yesdevnull/tf-version-bump/releases/download/v${VERSION}/tf-version-bump_${VERSION}_linux_x86_64.tar.gz\"\ncurl -LO \"https://github.com/yesdevnull/tf-version-bump/releases/download/v${VERSION}/tf-version-bump-v${VERSION}.checksums.txt\"\n\n# Verify the checksum\nsha256sum -c \"tf-version-bump-v${VERSION}.checksums.txt\" --ignore-missing\n\n# Extract and install\ntar -xzf \"tf-version-bump_${VERSION}_linux_x86_64.tar.gz\"\nsudo mv tf-version-bump /usr/local/bin/\n```\n\n#### Verify SLSA provenance (optional but recommended)\n\nFor enhanced supply chain security, verify the SLSA Level 3 provenance:\n\n```bash\n# Install slsa-verifier\ngo install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@latest\n\n# Download provenance\ncurl -LO \"https://github.com/yesdevnull/tf-version-bump/releases/download/v${VERSION}/tf-version-bump-v${VERSION}.intoto.jsonl\"\n\n# Verify\nslsa-verifier verify-artifact \"tf-version-bump_${VERSION}_linux_x86_64.tar.gz\" \\\n  --provenance-path \"tf-version-bump-v${VERSION}.intoto.jsonl\" \\\n  --source-uri github.com/yesdevnull/tf-version-bump \\\n  --source-tag \"v${VERSION}\"\n```\n\n#### Platform-specific downloads\n\n| Platform | Architecture | Filename |\n|----------|-------------|----------|\n| Linux | x86_64 | `tf-version-bump_\u003cversion\u003e_linux_x86_64.tar.gz` |\n| Linux | arm64 | `tf-version-bump_\u003cversion\u003e_linux_arm64.tar.gz` |\n| macOS | x86_64 | `tf-version-bump_\u003cversion\u003e_darwin_x86_64.tar.gz` |\n| macOS | arm64 (Apple Silicon) | `tf-version-bump_\u003cversion\u003e_darwin_arm64.tar.gz` |\n| Windows | x86_64 | `tf-version-bump_\u003cversion\u003e_windows_x86_64.zip` |\n| Windows | arm64 | `tf-version-bump_\u003cversion\u003e_windows_arm64.zip` |\n\n### Build from source\n\n```bash\ngit clone https://github.com/yesdevnull/tf-version-bump.git\ncd tf-version-bump\ngo build -o tf-version-bump\n\n# Run the locally built binary\n./tf-version-bump --help\n```\n\n## Usage\n\nThe tool supports four modes of operation:\n\n1. **Single Module Mode**: Update one module at a time via command-line flags\n2. **Config File Mode**: Update multiple modules in one operation using a YAML configuration file\n3. **Terraform Version Mode**: Update Terraform `required_version` in terraform blocks\n4. **Provider Version Mode**: Update provider versions in terraform `required_providers` blocks\n\n### Single Module Mode\n\nBasic syntax:\n\n```bash\ntf-version-bump -pattern \u003cglob-pattern\u003e -module \u003cmodule-source\u003e -to \u003cversion\u003e\n```\n\n**Note:** If you built from source, use `./tf-version-bump` instead of `tf-version-bump`.\n\n#### Arguments\n\n- `-pattern`: Glob pattern for Terraform files (e.g., `*.tf`, `modules/**/*.tf`)\n- `-module`: Source of the module to update (e.g., `terraform-aws-modules/vpc/aws`)\n- `-to`: Desired version number\n- `-from`: (Optional) Version to update from (can be specified multiple times, e.g., `-from 3.0.0 -from '~\u003e 3.0'`)\n- `-ignore-version`: (Optional) Version(s) to skip (can be specified multiple times, e.g., `-ignore-version 3.0.0 -ignore-version '~\u003e 3.0'`)\n- `-ignore-modules`: (Optional) Comma-separated list of module names or patterns to ignore (e.g., `vpc,legacy-*,*-test`)\n- `-force-add`: (Optional) Add version attribute to modules that don't have one (default: false, skip with warning)\n- `-dry-run`: (Optional) Show what changes would be made without actually modifying files\n- `-verbose`: (Optional) Show verbose output including skipped modules\n- `-output`: (Optional) Output format: `text` (default) or `md` (Markdown). Controls whether strings are quoted with single quotes or backticks\n\n#### Examples\n\nUpdate all VPC modules from the Terraform AWS modules registry to version `5.0.0`:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\"\n```\n\nUpdate S3 bucket modules in a specific directory:\n\n```bash\ntf-version-bump -pattern \"environments/prod/*.tf\" -module \"terraform-aws-modules/s3-bucket/aws\" -to \"4.1.2\"\n```\n\nUpdate modules across subdirectories (recursive):\n\n```bash\ntf-version-bump -pattern \"modules/**/*.tf\" -module \"terraform-aws-modules/security-group/aws\" -to \"4.9.0\"\n```\n\nUpdate modules with subpaths in their source:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/iam/aws//modules/iam-user\" -to \"5.2.0\"\n```\n\nUpdate only modules currently at version `3.14.0` to version `5.0.0`:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\" -from \"3.14.0\"\n```\n\nUpdate modules from multiple specific versions (CLI supports multiple -from flags):\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/s3-bucket/aws\" -to \"4.0.0\" -from \"3.0.0\" -from \"~\u003e 3.0\"\n```\n\nThis will update S3 bucket modules that are currently at version `3.0.0` OR `~\u003e 3.0` to version `4.0.0`, while leaving modules at other versions (like `3.1.0`) unchanged.\n\nSkip updating specific versions using ignore-version flag:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\" -ignore-version \"3.14.0\"\n```\n\nThis will update all VPC modules to version `5.0.0` EXCEPT those currently at version `3.14.0`.\n\nSkip multiple versions (can specify flag multiple times):\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/s3-bucket/aws\" -to \"4.0.0\" -ignore-version \"3.0.0\" -ignore-version \"~\u003e 3.0\"\n```\n\nThis will update all S3 bucket modules to version `4.0.0` EXCEPT those currently at version `3.0.0` or `~\u003e 3.0`.\n\nUpdate all VPC modules except specific ones using ignore patterns:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\" -ignore-modules \"legacy-vpc,test-*\"\n```\n\nThis will update all VPC modules to version 5.0.0 except:\n- The module named exactly `legacy-vpc`\n- Any modules starting with `test-` (like `test-vpc`, `test-network`, etc.)\n\nUpdate Git-based modules:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"git::https://github.com/example/terraform-module.git\" -to \"v1.2.3\"\n```\n\nPreview changes without modifying files (dry-run):\n\n```bash\ntf-version-bump -pattern \"**/*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\" -dry-run\n```\n\nUse Markdown output format (backticks instead of single quotes):\n\n```bash\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\" -output md\n```\n\nThis will output messages like:\n```\nFound 3 file(s) matching pattern `*.tf`\n✓ Updated module source `terraform-aws-modules/vpc/aws` to version `5.0.0` in main.tf\n```\n\nInstead of:\n```\nFound 3 file(s) matching pattern '*.tf'\n✓ Updated module source 'terraform-aws-modules/vpc/aws' to version '5.0.0' in main.tf\n```\n\n**Note:** Local modules (sources starting with `./`, `../`, or `/`) are not supported and will be skipped with a warning. Version bumping is only supported for registry modules and remote sources (Git, HTTP, etc.).\n\n### Config File Mode\n\nFor updating multiple modules at once, use a YAML configuration file:\n\n```bash\ntf-version-bump -pattern \u003cglob-pattern\u003e -config \u003cconfig-file\u003e\n```\n\n**Note:** If you built from source, use `./tf-version-bump` instead of `tf-version-bump`.\n\n#### Arguments\n\n- `-pattern`: Glob pattern for Terraform files (required)\n- `-config`: Path to YAML configuration file (required)\n- `-force-add`: (Optional) Add version attribute to modules that don't have one (default: false, skip with warning)\n- `-dry-run`: (Optional) Show what changes would be made without actually modifying files\n- `-output`: (Optional) Output format: `text` (default) or `md` (Markdown). Controls whether strings are quoted with single quotes or backticks\n\n#### Config File Format\n\nCreate a YAML file with the following structure:\n\n```yaml\nmodules:\n  - source: \"terraform-aws-modules/vpc/aws\"\n    version: \"5.0.0\"\n    from: \"3.14.0\"       # Optional: only update if current version is 3.14.0\n    ignore_versions:     # Optional: versions to skip\n      - \"3.0.0\"\n      - \"~\u003e 3.0\"\n    ignore_modules:      # Optional: module names or patterns to ignore\n      - \"legacy-vpc\"\n      - \"test-*\"\n  - source: \"terraform-aws-modules/s3-bucket/aws\"\n    version: \"4.0.0\"\n    from:                # Optional: update from multiple versions\n      - \"3.0.0\"\n      - \"~\u003e 3.0\"\n    ignore_versions:     # Optional: skip specific versions\n      - \"3.5.0\"\n  - source: \"terraform-aws-modules/security-group/aws\"\n    version: \"5.1.0\"\n    from: \"4.0.0\"        # Optional: only update from version 4.0.0\n    ignore_modules:\n      - \"*-deprecated\"\n```\n\nEach module entry supports the following fields:\n- `source` (required): Module source identifier\n- `version` (required): Target version to update to\n- `from` (optional): Only update modules currently at this version (or any version in a list)\n  - Can be a single string: `from: \"3.14.0\"`\n  - Can be a list of versions: `from: [\"3.0.0\", \"~\u003e 3.0\"]`\n  - Modules will be updated if their current version matches any version in the list\n- `ignore_versions` (optional): Skip modules currently at these version(s)\n  - Can be a single string: `ignore_versions: \"3.14.0\"`\n  - Can be a list of versions: `ignore_versions: [\"3.0.0\", \"~\u003e 3.0\"]`\n  - Modules will be skipped if their current version matches any version in the list\n  - Takes precedence over `from` filter (if a version matches both, it will be skipped)\n- `ignore_modules` (optional): List of module names or wildcard patterns to skip\n  - Supports exact matches: `\"vpc\"` matches only a module named \"vpc\"\n  - Supports wildcards with `*`:\n    - Prefix: `\"legacy-*\"` matches `legacy-vpc`, `legacy-network`, etc.\n    - Suffix: `\"*-test\"` matches `vpc-test`, `network-test`, etc.\n    - Both: `\"*-vpc-*\"` matches `prod-vpc-test`, `staging-vpc-1`, etc.\n    - Any: `\"*\"` matches all modules (effectively disables updates for this source)\n\n**Note about local modules:** Local modules (sources starting with `./`, `../`, or `/`) are not supported and will be skipped with a warning. The tool only updates registry modules and remote sources.\n\n#### Examples\n\nUpdate modules using a basic config file:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -config \"config.yml\"\n```\n\nUpdate modules in production environment:\n\n```bash\ntf-version-bump -pattern \"environments/prod/**/*.tf\" -config \"config-production.yml\"\n```\n\nUpdate all Terraform files recursively:\n\n```bash\ntf-version-bump -pattern \"**/*.tf\" -config \"module-updates.yml\"\n```\n\n#### Example: Skipping Specific Versions with ignore_versions\n\nYou can use `ignore_versions` to skip updating modules at specific versions while updating all others. This is useful when you want to keep certain versions pinned (e.g., for compatibility reasons) but update everything else.\n\n**Example scenario:** Update all VPC modules to version `5.0.0` EXCEPT those at version `3.14.0` and `~\u003e 3.0` (which should remain unchanged).\n\n**Config file** (`skip-versions.yml`):\n```yaml\nmodules:\n  - source: \"terraform-aws-modules/vpc/aws\"\n    version: \"5.0.0\"\n    ignore_versions:\n      - \"3.14.0\"\n      - \"~\u003e 3.0\"\n```\n\n**Terraform file before** (`main.tf`):\n```hcl\nmodule \"vpc_old\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"3.14.0\"  # Will NOT be updated (ignored)\n}\n\nmodule \"vpc_constraint\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"~\u003e 3.0\"  # Will NOT be updated (ignored)\n}\n\nmodule \"vpc_newer\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"4.0.0\"  # Will be updated\n}\n```\n\n**Run the update:**\n```bash\ntf-version-bump -pattern \"main.tf\" -config \"skip-versions.yml\"\n```\n\n**Terraform file after:**\n```hcl\nmodule \"vpc_old\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"3.14.0\"  # Unchanged (ignored)\n}\n\nmodule \"vpc_constraint\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"~\u003e 3.0\"  # Unchanged (ignored)\n}\n\nmodule \"vpc_newer\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"5.0.0\"  # Updated\n}\n```\n\n#### Example: Selective Updates with Multiple From Versions\n\nYou can specify multiple \"from\" versions to selectively update only modules matching specific versions. This is useful when you want to upgrade modules from certain versions while leaving others untouched.\n\n**Example scenario:** Update S3 bucket modules from versions `3.0.0` and `~\u003e 3.0` to `4.0.0`, but leave modules at `3.1.0` unchanged.\n\n**Config file** (`selective-update.yml`):\n```yaml\nmodules:\n  - source: \"terraform-aws-modules/s3-bucket/aws\"\n    version: \"4.0.0\"\n    from:\n      - \"3.0.0\"\n      - \"~\u003e 3.0\"\n```\n\n**Terraform file before** (`main.tf`):\n```hcl\nmodule \"s3_exact\" {\n  source  = \"terraform-aws-modules/s3-bucket/aws\"\n  version = \"3.0.0\"  # Will be updated\n}\n\nmodule \"s3_constraint\" {\n  source  = \"terraform-aws-modules/s3-bucket/aws\"\n  version = \"~\u003e 3.0\"  # Will be updated\n}\n\nmodule \"s3_other\" {\n  source  = \"terraform-aws-modules/s3-bucket/aws\"\n  version = \"3.1.0\"  # Will NOT be updated (doesn't match)\n}\n```\n\n**Run the update:**\n```bash\ntf-version-bump -pattern \"main.tf\" -config \"selective-update.yml\"\n```\n\n**Terraform file after:**\n```hcl\nmodule \"s3_exact\" {\n  source  = \"terraform-aws-modules/s3-bucket/aws\"\n  version = \"4.0.0\"  # Updated\n}\n\nmodule \"s3_constraint\" {\n  source  = \"terraform-aws-modules/s3-bucket/aws\"\n  version = \"4.0.0\"  # Updated\n}\n\nmodule \"s3_other\" {\n  source  = \"terraform-aws-modules/s3-bucket/aws\"\n  version = \"3.1.0\"  # Unchanged\n}\n```\n\n#### Example: Combining from and ignore_versions Filters\n\nYou can combine both `from` and `ignore_versions` filters for fine-grained control. The `ignore_versions` filter takes precedence - if a version matches both filters, it will be skipped.\n\n**Example scenario:** Update VPC modules from versions `3.x` and `4.x` to `5.0.0`, but keep version `4.0.0` pinned for compatibility.\n\n**Config file** (`combined-filters.yml`):\n```yaml\nmodules:\n  - source: \"terraform-aws-modules/vpc/aws\"\n    version: \"5.0.0\"\n    from:\n      - \"3.14.0\"\n      - \"4.0.0\"\n      - \"4.5.0\"\n    ignore_versions:\n      - \"4.0.0\"  # Keep this version pinned\n```\n\n**Result:** Modules at `3.14.0` and `4.5.0` will be updated to `5.0.0`, but modules at `4.0.0` will remain unchanged.\n\n#### Example Config Files\n\nSee the `examples/` directory for sample configuration files:\n\n- `config-basic.yml` - Simple configuration with a few modules\n- `config-advanced.yml` - Advanced configuration showing various module types (subpaths, Git sources)\n- `config-production.yml` - Production-ready configuration with common AWS modules\n- `config-with-ignore.yml` - Examples of using the ignore_modules feature with various patterns\n\n### Terraform Version Mode\n\nUpdate the Terraform `required_version` in terraform blocks across your configuration files.\n\n**Basic syntax:**\n\n```bash\ntf-version-bump -pattern \u003cglob-pattern\u003e -terraform-version \u003cversion\u003e\n```\n\n**Arguments:**\n\n- `-pattern`: Glob pattern for Terraform files (required)\n- `-terraform-version`: Target Terraform version (e.g., `\"\u003e= 1.5\"`, `\"~\u003e 1.6\"`)\n- `-dry-run`: (Optional) Preview changes without modifying files\n- `-output`: (Optional) Output format: `text` (default) or `md` (Markdown)\n\n**Examples:**\n\nUpdate all Terraform files to require Terraform \u003e= 1.5:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -terraform-version \"\u003e= 1.5\"\n```\n\nUpdate Terraform version in a specific directory:\n\n```bash\ntf-version-bump -pattern \"environments/prod/*.tf\" -terraform-version \"~\u003e 1.6\"\n```\n\nPreview changes before applying:\n\n```bash\ntf-version-bump -pattern \"**/*.tf\" -terraform-version \"\u003e= 1.5\" -dry-run\n```\n\n**Example transformation:**\n\nBefore:\n```hcl\nterraform {\n  required_version = \"\u003e= 1.0\"\n  \n  required_providers {\n    aws {\n      source  = \"hashicorp/aws\"\n      version = \"~\u003e 4.0\"\n    }\n  }\n}\n```\n\nAfter running: `tf-version-bump -pattern \"*.tf\" -terraform-version \"\u003e= 1.5\"`\n\n```hcl\nterraform {\n  required_version = \"\u003e= 1.5\"\n  \n  required_providers {\n    aws {\n      source  = \"hashicorp/aws\"\n      version = \"~\u003e 4.0\"\n    }\n  }\n}\n```\n\n**Notes:**\n\n- Only updates the `required_version` attribute in terraform blocks\n- Provider versions are not modified\n- Preserves all formatting and comments\n- If a file has multiple terraform blocks (unusual but valid), all will be updated\n\n### Provider Version Mode\n\nUpdate provider versions in terraform `required_providers` blocks across your configuration files.\n\n**Basic syntax:**\n\n```bash\ntf-version-bump -pattern \u003cglob-pattern\u003e -provider \u003cprovider-name\u003e -to \u003cversion\u003e\n```\n\n**Arguments:**\n\n- `-pattern`: Glob pattern for Terraform files (required)\n- `-provider`: Provider name (e.g., `aws`, `azurerm`, `google`)\n- `-to`: Target provider version (required)\n- `-dry-run`: (Optional) Preview changes without modifying files\n- `-output`: (Optional) Output format: `text` (default) or `md` (Markdown)\n\n**Examples:**\n\nUpdate AWS provider to version ~\u003e 5.0:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -provider aws -to \"~\u003e 5.0\"\n```\n\nUpdate Azure provider in production environment:\n\n```bash\ntf-version-bump -pattern \"environments/prod/**/*.tf\" -provider azurerm -to \"~\u003e 3.5\"\n```\n\nPreview changes for Google Cloud provider:\n\n```bash\ntf-version-bump -pattern \"*.tf\" -provider google -to \"~\u003e 5.0\" -dry-run\n```\n\n**Example transformation:**\n\nBefore:\n```hcl\nterraform {\n  required_version = \"\u003e= 1.0\"\n  \n  required_providers {\n    aws {\n      source  = \"hashicorp/aws\"\n      version = \"~\u003e 4.0\"\n    }\n    azurerm {\n      source  = \"hashicorp/azurerm\"\n      version = \"~\u003e 3.0\"\n    }\n  }\n}\n```\n\nAfter running: `tf-version-bump -pattern \"*.tf\" -provider aws -to \"~\u003e 5.0\"`\n\n```hcl\nterraform {\n  required_version = \"\u003e= 1.0\"\n  \n  required_providers {\n    aws {\n      source  = \"hashicorp/aws\"\n      version = \"~\u003e 5.0\"\n    }\n    azurerm {\n      source  = \"hashicorp/azurerm\"\n      version = \"~\u003e 3.0\"\n    }\n  }\n}\n```\n\n**Attribute-based syntax example:**\n\nBefore:\n\n```hcl\nterraform {\n  required_providers {\n    aws = {\n      source  = \"hashicorp/aws\"\n      version = \"~\u003e 4.0\"\n    }\n    azurerm = {\n      source  = \"hashicorp/azurerm\"\n      version = \"~\u003e 3.0\"\n    }\n  }\n}\n```\n\nAfter running: `tf-version-bump -pattern \"*.tf\" -provider aws -to \"~\u003e 5.0\"`\n\n```hcl\nterraform {\n  required_providers {\n    aws = {\n      source  = \"hashicorp/aws\"\n      version = \"~\u003e 5.0\"\n    }\n    azurerm = {\n      source  = \"hashicorp/azurerm\"\n      version = \"~\u003e 3.0\"\n    }\n  }\n}\n```\n\n**Notes:**\n\n- Only updates the specified provider's version\n- Other providers in the same required_providers block remain unchanged\n- Terraform required_version is not modified\n- Preserves all formatting and comments\n- Supports both block-based syntax: `aws { source = \"...\" version = \"...\" }`\n- Supports attribute-based syntax: `aws = { source = \"...\" version = \"...\" }`\n\n## How it Works\n\n1. The tool uses `filepath.Glob` to find all files matching the specified pattern\n2. For each file, it:\n   - Parses the HCL structure using `hashicorp/hcl/v2`\n   - Searches for `module` blocks with the specified source attribute\n   - Checks if the module name matches any ignore patterns and skips if matched\n   - Skips local modules (sources starting with `./`, `../`, or `/`) with a warning\n   - If the `-ignore-version` flag is specified, skips modules with matching current version (takes precedence)\n   - If the `-from` flag is specified, only updates modules with matching current version\n   - Updates the `version` attribute to the desired version\n   - If a module doesn't have a version attribute, it prints a warning and skips it (no version will be added)\n   - Writes the updated content back to the file with proper formatting\n3. Reports the number of files successfully updated\n\n### Local Modules\n\nLocal modules (those with sources starting with `./`, `../`, or `/`) are automatically skipped because they reference local filesystem paths and don't use version attributes in standard Terraform configurations.\n\n**Example warning output:**\n```\nWarning: Module \"local_vpc\" in main.tf (source: \"./modules/vpc\") is a local module and cannot be version-bumped, skipping\n```\n\n### Modules Without Version Attributes\n\nBy default, if a registry module matching the source pattern doesn't have a version attribute, the tool will:\n- Print a warning message to stderr indicating which module was skipped\n- Continue processing other modules\n- Not add a version attribute to that module\n\n**Example warning output:**\n```\nWarning: Module \"vpc\" in main.tf (source: \"terraform-aws-modules/vpc/aws\") has no version attribute, skipping\n```\n\n#### Force-Adding Version Attributes\n\nIf you want to add version attributes to registry modules that don't have them, use the `-force-add` flag:\n\n```bash\n# Add version attribute to registry modules that don't have one\ntf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\" -force-add\n\n# Force-add with config file\ntf-version-bump -pattern \"**/*.tf\" -config \"config.yml\" -force-add\n```\n\n**Note:** This flag only affects registry modules and remote sources. Local modules are always skipped regardless of the `-force-add` flag.\n\n## Example Terraform File\n\n**Before:**\n\n```hcl\nmodule \"vpc\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"3.14.0\"\n\n  name = \"my-vpc\"\n  cidr = \"10.0.0.0/16\"\n}\n\nmodule \"another_vpc\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"3.14.0\"\n\n  name = \"another-vpc\"\n  cidr = \"172.16.0.0/16\"\n}\n```\n\n**After running:** `tf-version-bump -pattern \"*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\"`\n\n```hcl\nmodule \"vpc\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"5.0.0\"\n\n  name = \"my-vpc\"\n  cidr = \"10.0.0.0/16\"\n}\n\nmodule \"another_vpc\" {\n  source  = \"terraform-aws-modules/vpc/aws\"\n  version = \"5.0.0\"\n\n  name = \"another-vpc\"\n  cidr = \"172.16.0.0/16\"\n}\n```\n\nNote: Both modules are updated because they share the same source attribute, regardless of their module names.\n\n## Testing\n\nRun the tests:\n\n```bash\ngo test -v -race -coverprofile=coverage.out -covermode=atomic ./...\n```\n\n## Releases\n\nPre-built binaries are available on the [GitHub Releases](https://github.com/yesdevnull/tf-version-bump/releases) page.\n\nEach release includes:\n- Binaries for Linux, macOS, and Windows (amd64/arm64)\n- Linux packages (deb, rpm)\n- SHA256 checksums\n- SLSA Level 3 provenance attestations\n\nFor verification instructions and detailed release information, see [docs/RELEASING.md](docs/RELEASING.md).\n\n## Security Considerations\n\n### Best Practices\n\n- **Always use version control**: This tool modifies files in place. Ensure your Terraform files are committed to Git before running updates.\n- **Test before production**: Always test updates in a development environment first, especially when using config files with multiple module updates.\n- **Review changes**: Use `git diff` after running the tool to review all modifications before committing.\n- **Use dry-run mode**: Run with `-dry-run` flag first to preview changes: `tf-version-bump -pattern \"*.tf\" -module \"...\" -to \"...\" -dry-run`\n\n### Known Limitations\n\n- **Concurrent execution**: This tool does not implement file locking. Running multiple instances simultaneously on the same files may cause corruption. Use external coordination (e.g., CI/CD job locks) if needed.\n- **Config file trust**: YAML configuration files should come from trusted sources only. While the tool validates required fields, extremely large or malicious YAML files could cause resource exhaustion.\n- **File size**: The tool loads entire files into memory for parsing. Very large Terraform files (\u003e 100MB) may cause performance issues, though typical Terraform files are much smaller.\n\n### Unicode Support\n\nThe tool fully supports Unicode characters in:\n- Module names (e.g., `module \"vpc-主要\"`)\n- Module sources (e.g., `source = \"registry.example.com/組織/module\"`)\n- Ignore patterns (e.g., `ignore_modules: [\"vpc-主要\", \"test-🚀-*\"]`)\n\n### Permissions\n\nThe tool preserves original file permissions when updating files. It runs with the same permissions as the user executing it and does not require elevated privileges.\n\n## Advanced Usage\n\n### Looping Through Git Branches\n\nYou can use shell scripts to run `tf-version-bump` across multiple branches matching a filter. This is useful for updating module versions across feature branches, release branches, or any set of branches matching a pattern.\n\n#### Basic Branch Loop\n\nLoop through all branches matching a pattern and update modules:\n\n```bash\n#!/bin/bash\n\n# Configuration\nBRANCH_PATTERN=\"feature/*\"\nMODULE_SOURCE=\"terraform-aws-modules/vpc/aws\"\nTARGET_VERSION=\"5.0.0\"\nFILE_PATTERN=\"**/*.tf\"\n\n# Get current branch to return to later\nORIGINAL_BRANCH=$(git branch --show-current)\n\n# Loop through branches matching the pattern\nfor branch in $(git branch --list \"${BRANCH_PATTERN}\" --format='%(refname:short)'); do\n    echo \"Processing branch: $branch\"\n\n    # Checkout the branch\n    git checkout \"$branch\" || continue\n\n    # Run tf-version-bump\n    tf-version-bump -pattern \"$FILE_PATTERN\" -module \"$MODULE_SOURCE\" -to \"$TARGET_VERSION\"\n\n    # Check if there are changes to commit\n    if [[ -n $(git status --porcelain) ]]; then\n        git add -A\n        git commit -m \"chore: bump $MODULE_SOURCE to $TARGET_VERSION\"\n        echo \"  Committed changes on $branch\"\n    else\n        echo \"  No changes needed on $branch\"\n    fi\ndone\n\n# Return to original branch\ngit checkout \"$ORIGINAL_BRANCH\"\necho \"Done! Returned to $ORIGINAL_BRANCH\"\n```\n\n#### Using Config Files Across Branches\n\nFor batch updates with a config file:\n\n```bash\n#!/bin/bash\n\nBRANCH_PATTERN=\"release/*\"\nCONFIG_FILE=\"module-updates.yml\"\nFILE_PATTERN=\"**/*.tf\"\n\nORIGINAL_BRANCH=$(git branch --show-current)\n\nfor branch in $(git branch --list \"$BRANCH_PATTERN\" --format='%(refname:short)'); do\n    echo \"Processing branch: $branch\"\n\n    git checkout \"$branch\" || continue\n\n    tf-version-bump -pattern \"$FILE_PATTERN\" -config \"$CONFIG_FILE\"\n\n    if [[ -n $(git status --porcelain) ]]; then\n        git add -A\n        git commit -m \"chore: batch update module versions\"\n    fi\ndone\n\ngit checkout \"$ORIGINAL_BRANCH\"\n```\n\n#### Including Remote Branches\n\nTo include remote branches that haven't been checked out locally:\n\n```bash\n#!/bin/bash\n\nBRANCH_PATTERN=\"feature/*\"\nMODULE_SOURCE=\"terraform-aws-modules/vpc/aws\"\nTARGET_VERSION=\"5.0.0\"\n\n# Fetch all remote branches first\ngit fetch --all\n\nORIGINAL_BRANCH=$(git branch --show-current)\n\n# List remote branches matching pattern (strip 'origin/' prefix)\nfor branch in $(git branch -r --list \"origin/${BRANCH_PATTERN}\" --format='%(refname:short)' | sed 's|origin/||'); do\n    echo \"Processing branch: $branch\"\n\n    # Checkout the branch (create if it doesn't exist locally)\n    if git show-ref --verify --quiet \"refs/heads/$branch\"; then\n        git checkout \"$branch\" || continue\n        git pull origin \"$branch\" || continue\n    else\n        git checkout -b \"$branch\" \"origin/$branch\" || continue\n    fi\n\n    tf-version-bump -pattern \"**/*.tf\" -module \"$MODULE_SOURCE\" -to \"$TARGET_VERSION\"\n\n    if [[ -n $(git status --porcelain) ]]; then\n        git add -A\n        git commit -m \"chore: bump $MODULE_SOURCE to $TARGET_VERSION\"\n\n        # Optionally push changes\n        # git push origin \"$branch\"\n    fi\ndone\n\ngit checkout \"$ORIGINAL_BRANCH\"\n```\n\n#### Dry Run Mode\n\nPreview what changes would be made on each branch without modifying files:\n\n```bash\n#!/bin/bash\n\nBRANCH_PATTERN=\"feature/*\"\nMODULE_SOURCE=\"terraform-aws-modules/vpc/aws\"\nTARGET_VERSION=\"5.0.0\"\n\nORIGINAL_BRANCH=$(git branch --show-current)\n\nfor branch in $(git branch --list \"$BRANCH_PATTERN\" --format='%(refname:short)'); do\n    echo \"Processing branch: $branch\"\n    git checkout \"$branch\" || continue\n\n    # Use -dry-run to preview changes without modifying files\n    tf-version-bump -pattern \"**/*.tf\" -module \"$MODULE_SOURCE\" -to \"$TARGET_VERSION\" -dry-run\ndone\n\ngit checkout \"$ORIGINAL_BRANCH\"\n```\n\n#### Filtering by Recent Activity\n\nProcess only branches with recent commits.\n\n**Note:** This script uses GNU `date` syntax and requires Linux. For macOS/BSD, you'll need to modify the date commands.\n\n```bash\n#!/bin/bash\n\nBRANCH_PATTERN=\"feature/*\"\nDAYS_AGO=30\n\nORIGINAL_BRANCH=$(git branch --show-current)\n\n# Get branches with commits in the last N days\nfor branch in $(git branch --list \"$BRANCH_PATTERN\" --format='%(refname:short)'); do\n    # Check if branch has commits within the time window\n    last_commit=$(git log -1 --format=\"%ci\" \"$branch\" 2\u003e/dev/null)\n    if [[ -n \"$last_commit\" ]]; then\n        commit_date=$(date -d \"$last_commit\" +%s)\n        cutoff_date=$(date -d \"$DAYS_AGO days ago\" +%s)\n\n        if [[ $commit_date -gt $cutoff_date ]]; then\n            echo \"Processing recent branch: $branch\"\n            git checkout \"$branch\" || continue\n\n            tf-version-bump -pattern \"**/*.tf\" -module \"terraform-aws-modules/vpc/aws\" -to \"5.0.0\"\n\n            if [[ -n $(git status --porcelain) ]]; then\n                git add -A\n                git commit -m \"chore: bump module versions\"\n            fi\n        fi\n    fi\ndone\n\ngit checkout \"$ORIGINAL_BRANCH\"\n```\n\n#### Error Handling and Logging\n\nProduction-ready script with comprehensive error handling:\n\n```bash\n#!/bin/bash\n\nBRANCH_PATTERN=\"${1:-feature/*}\"\nMODULE_SOURCE=\"${2:-terraform-aws-modules/vpc/aws}\"\nTARGET_VERSION=\"${3:-5.0.0}\"\nLOG_FILE=\"version-bump-$(date +%Y%m%d-%H%M%S).log\"\n\nlog() {\n    echo \"[$(date '+%Y-%m-%d %H:%M:%S')] $1\" | tee -a \"$LOG_FILE\"\n}\n\nORIGINAL_BRANCH=$(git branch --show-current)\nPROCESSED=0\nUPDATED=0\nFAILED=0\n\nlog \"Starting branch loop for pattern: $BRANCH_PATTERN\"\nlog \"Module: $MODULE_SOURCE -\u003e $TARGET_VERSION\"\n\nfor branch in $(git branch --list \"$BRANCH_PATTERN\" --format='%(refname:short)'); do\n    ((PROCESSED++))\n    log \"Processing: $branch\"\n\n    if ! git checkout \"$branch\" 2\u003e\u003e\"$LOG_FILE\"; then\n        log \"  ERROR: Failed to checkout $branch\"\n        ((FAILED++))\n        continue\n    fi\n\n    if ! tf-version-bump -pattern \"**/*.tf\" -module \"$MODULE_SOURCE\" -to \"$TARGET_VERSION\" 2\u003e\u003e\"$LOG_FILE\"; then\n        log \"  ERROR: tf-version-bump failed on $branch\"\n        ((FAILED++))\n        git checkout \"$ORIGINAL_BRANCH\" 2\u003e/dev/null\n        continue\n    fi\n\n    if [[ -n $(git status --porcelain) ]]; then\n        git add -A\n        git commit -m \"chore: bump $MODULE_SOURCE to $TARGET_VERSION\"\n        ((UPDATED++))\n        log \"  SUCCESS: Committed changes\"\n    else\n        log \"  SKIPPED: No changes needed\"\n    fi\ndone\n\ngit checkout \"$ORIGINAL_BRANCH\"\n\nlog \"Complete! Processed: $PROCESSED, Updated: $UPDATED, Failed: $FAILED\"\nlog \"Log saved to: $LOG_FILE\"\n```\n\nUsage:\n```bash\n./update-branches.sh \"feature/*\" \"terraform-aws-modules/vpc/aws\" \"5.0.0\"\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyesdevnull%2Ftf-version-bump","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyesdevnull%2Ftf-version-bump","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyesdevnull%2Ftf-version-bump/lists"}