Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/diggerhq/digger
Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline ⚡️
https://github.com/diggerhq/digger
github-actions hacktoberfest infrastructure-as-code tacos terraform terraform-aws terraform-gcp terraform-github-actions terraformcloud
Last synced: 5 days ago
JSON representation
Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline ⚡️
- Host: GitHub
- URL: https://github.com/diggerhq/digger
- Owner: diggerhq
- License: apache-2.0
- Created: 2023-02-24T11:07:31.000Z (almost 2 years ago)
- Default Branch: develop
- Last Pushed: 2025-01-11T22:30:32.000Z (14 days ago)
- Last Synced: 2025-01-13T16:54:59.583Z (12 days ago)
- Topics: github-actions, hacktoberfest, infrastructure-as-code, tacos, terraform, terraform-aws, terraform-gcp, terraform-github-actions, terraformcloud
- Language: Go
- Homepage: https://digger.dev
- Size: 97.1 MB
- Stars: 4,398
- Watchers: 21
- Forks: 563
- Open Issues: 289
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- awesome-opentofu - digger - Open-source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline. (Tools / Platforms)
- awesome-repositories - diggerhq/digger - Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline ⚡️ (Go)
- awesome-rainmana - diggerhq/digger - Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline ⚡️ (Go)
- awesome-starred - diggerhq/digger - Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline ⚡️ (terraform)
- jimsghstars - diggerhq/digger - Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline ⚡️ (Go)
README
Community Slack |
Schedule a call |
Demo Video |
Docs
CI/CD for Terraform is [tricky](https://itnext.io/pains-in-terraform-collaboration-249a56b4534e). To make life easier, specialized CI systems aka [TACOS](https://itnext.io/spice-up-your-infrastructure-as-code-with-tacos-1a9c179e0783) exist - Terraform Cloud, Spacelift, Atlantis, etc.
But why have 2 CI systems? Why not reuse the async jobs infrastructure with compute, orchestration, logs, etc of your existing CI?
Digger runs Terraform natively in your CI. This is:
- Secure, because cloud access secrets aren't shared with a third-party
- Cost-effective, because you are not paying for additional compute just to run your Terraform
## Features
- Terraform plan and apply in pull request comments
- Private runners - thanks to the fact that there are no separate runners! Your existing CI's compute environment is used
- Open Policy Agent (OPA) support for RBAC
- PR-level locks (on top of Terraform native state locks, similar to Atlantis) to avoid race conditions across multiple PRs
- Terragrunt, Workspaces, multiple Terraform versions, static analysis via Checkov, plan persistence, ...
- Drift detection
## Getting Started
- [GitHub Actions + AWS](https://docs.digger.dev/getting-started/github-actions-+-aws)
- [GitHub Actions + GCP](https://docs.digger.dev/getting-started/github-actions-and-gcp)
## How it works
Digger has 2 main components:
- CLI that runs inside your CI and calls Terraform with the right arguments
- Orchestrator - a minimal backend (that can also be self-hosted) that triggers CI jobs in response to events such as PR comments
Digger also stores PR-level locks and plan cache in your cloud account (DynamoDB + S3 on AWS, equivalents in other cloud providers)
## Compared to Atlantis
- No need to host and maintain a server (although you [can](https://docs.digger.dev/self-host/deploy-helm))
- Secure by design: jobs run in your CI, so sensitive data stays there
- Scalable compute: jobs can run in parallel
- RBAC and policies via OPA
- Drift detection
- Apply-after-merge workflows
- Web UI (cloud-based)
- Read more about differences with Atlantis in our [blog post](https://medium.com/@DiggerHQ/digger-and-atlantis-key-differences-c08029ffe112)
## Compared to Terraform Cloud and other TACOs
- Open source; orchestrator can be self-hosted
- Unlimited runs and unlimited resources-under-management on all tiers
- Jobs run in your CI, not on a third-party server
- Supports PR automation (apply before merge)
- No duplication of the CI/CD stack
- Secrets not shared with a third party
## Contributing
We love contributions. Check out our [contributing guide](CONTRIBUTING.md) to get started.
Please pick an issue that already exists if you’re interested in contributing, otherwise, feel free to create an issue and triage with the maintainers before creating a PR.
Not sure where to get started? You can:
- Join our Slack, and ask us any questions there.
## Telemetry
Digger collects anonymized telemetry. See [usage.go](https://github.com/diggerhq/digger/blob/develop/cli/pkg/usage/usage.go) for detail. You can disable telemetry collection either by setting `telemetry: false` in digger.yml, or by setting the `TELEMETRY` env variable to `false`.
## Running migrations
```
atlas migrate apply --url $DATABASE_URL
```
## Resources
- [Docs](https://docs.digger.dev/) for comprehensive documentation and guides
- [Slack](https://join.slack.com/t/diggertalk/shared_invite/zt-1tocl4w0x-E3RkpPiK7zQkehl8O78g8Q) for discussion with the community and Digger team.
- [GitHub](https://github.com/diggerhq/digger) for code, issues, and pull request
- [Medium](https://medium.com/@DiggerHQ) for terraform automation and collaboration insights, articles, tutorials, and updates.