Prerequisites
- A GitHub repository with valid terraform code. Here’s a demo repo for inspiration.
- A GCP Service Account Key json file. See Hashicorp’s GCP tutorial
- Digger token from cloud.digger.dev. You can also self-host Digger
Create Action Secrets
In GitHub repository settings, go to Secrets and Variables - Actions. Create the following secrets:GCP_CREDENTIALS
- contents of your GCP Service Account Key json fileDIGGER_TOKEN
- your Digger token (cloud or self-hosted)
Create digger.yml
This file contains Digger configuration and needs to be placed at the root level of your repository. Assuming your terraform code is in theprod
directory:
Create Github Actions workflow file
Place it at.github/workflows/digger_workflow.yml
(name is important!)
- Checkout repository using Github’s official Checkout action
- Authenticate into GCP using Google’s official Auth action. Note the
create_credentials_file: true
option; without it, subsequent steps that rely Application Default Credentials will not work. - Set up Google Cloud SDK for use in the subsequent steps via Google’s official Setup-gcloud action
- Verify that GCP is configured correctly by running
gcloud info
- Run Digger. Note that
DIGGER_TOKEN
needs to be set as a secret in Actions (either repository secret, or environment secret)
Create a PR to verify that it works
Make any change to your terraform code e.g. add a blank line. An action run should start (you can see log output in Actions). After some time you should see output of Terraform Plan added as a comment to your PR:digger apply
and shortly after apply output will be added as comment too.