Combines the benefits of atlantis, terragrunt, and tfmask in an opinionated terraform ci/cd docker image with refreshingly clean output and proper GitHub status updates.
Table of Contents generated with DocToc
Terraform is an excellent tool for deploying infrastructure-as-code. However, keeping terraform DRY, automating deployment through gitflow and ci tools, and doing it all without leaking secrets takes a bit of extra tooling. With our docker image and by adopting terragrunt, you get all of the above with minimal overhead. Also see why use terragrunt.
- terragrunt is a terraform wrapper that helps keep code DRY, maintainable, and safe to automate. See why use terragrunt.
- atlantis is a terraform ci/cd tool that makes automating terraform via good git practices easy. No need for jenkins and you can deploy it anywhere.
- tfenv is a version manager for terraform making it easy to set, install and use multiple versions of terraform in a single config repo.
- tgenv is a similar version manager for terragrunt. Forked from tfenv.
- tfmask keeps ci/cd of terraform secure by filtering passwords and secrets in terraform output from plans and applies.
- nu-atlantis custom atlantis image with bash wrappers for everything above and some enhancements:
- sets opinionated atlantis config defaults so you don't need atlantis config in your tf repo.
- removes the notoriously verbose terragrunt output from the plan.
- ensures proper exit code for atlantis to update GitHub build status.
Follow instructions for atlantis but use this image. See especially the server-side config for setting env vars when deploying our image.
There is an official terraform module for deploying to AWS Fargate as well.
See our GitHub Container Registry for available image tags.
There are two images to choose from: full and base.
- full: This is the default image. Includes additional tooling and 3rd party providers, e.g. credstash
- base: Includes only the base tool-set.
Before using Atlantis and the code in this repository please make sure that you have read and understood the security implications described in the official Atlantis documentation.
While atlantis supports any terraform version at runtime, this image uses explicit terraform and terragrunt versions to ensure compatibility.
To override the terraform or terragrunt version in a hybrid scenario,
see documentation for tfenv and tgenv respectively.
Using .terraform-version and .terragrunt-version files will ensure
the appropriate versions of each are installed and used where desired.
See releases for latest version. May also use latest. Examples:
docker pull ghcr.io/taosmountain/nu-atlantis:latest
docker pull ghcr.io/taosmountain/nu-atlantis:1.0.0
docker pull ghcr.io/taosmountain/nu-atlantis:tf13-1.0.0
Use tf12-* tag prefix. Example:
docker pull ghcr.io/taosmountain/nu-atlantis:tf12-1.0.0
Please follow our contributing guidelines.
Use make update to update the CHANGELOG and README when appropriate.
- docker
- make (for build/test/publish shortcuts)
Running make build will build the docker image and use git tag information to tag the image.
There are simple make tasks that ensure certain tools are properly installed
on in the image. More testing is welcome. See Makefile for all testing tasks.
make test-all
Github Actions take care of docker image publish on GitHub release events.
To manually publish, run make publish to build and publish an image based on HEAD git tag.
If forking this repo, you'll want to customize the Makefile to deploy to your registry.
- hoppalotta for research and testing
This project stands on the shoulders of giants. Thanks to:
- hashicorp for terraform
- gruntwork for terragrunt
- runatlantis team for atlantis
- tfutils for tfenv
- cloudposse for tfmask
- thlorenz for doctoc