opentofu icon indicating copy to clipboard operation
opentofu copied to clipboard

Published 20 hours ago verified publisher icon opentofu

Support Dependabot for update automation

Open rdhar opened this issue 1 year ago • 5 comments

OpenTofu Version

OpenTofu v1.6.1

Use Cases

For keeping up-to-date with the regular flow of dependency updates across all providers.

Attempted Solutions

Using terraform in dependabot.yml which, let's be frank, is "eugh" in 2024.

It's also interesting to note the supported version range is only >= 0.13, <= 1.5.x; I wonder why that may be...

Proposal

Use opentofu within dependabot.yml instead as a 1-to-1 replacement!

Following today's public dev-sync, here's a link to the current handling of dependabot-terraform (with a dash of Ruby).

References

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems

rdhar avatar Feb 07 '24 13:02 rdhar

Hi @rdhar thank you for this issue. We had a look with the core team and we tentatively decided to accept this issue based on Dependabot accepting us as a provider. We've assigned @Yantrio to track this down.

ghost avatar Feb 13 '24 13:02 ghost

Also interested in this.

joeybenamy avatar Feb 19 '24 19:02 joeybenamy

Just wanted to update people here, We've been really busy lately but this is high up on my TODO list and it will be tackled soon!

Yantrio avatar Apr 09 '24 14:04 Yantrio

Just wanted to update people here, We've been really busy lately but this is high up on my TODO list and it will be tackled soon!

Thanks so much! For us, this is the biggest pain point in the transition from Terraform to OpenTofu. Honestly, the only pain point since the rest was so easy!

joeybenamy avatar Apr 09 '24 14:04 joeybenamy

Could I request an update on this request please?

With the advent on OpenTofu v1.8, specifically its early-evaluation of variables, Dependabot's terraform package-ecosystem is categorically broken since it's no longer "valid" Terraform, as shown here.

Dependabot encountered '2' error(s) during execution, please check the logs for more details.
+----------------------------------------------------------------------+
|                    Dependencies failed to update                     |
+-------------------------------------+--------------------------------+
| hashicorp/aws                       | dependency_file_not_resolvable |
| terraform-aws-modules/s3-bucket/aws | unknown_error                  |
+-------------------------------------+--------------------------------+

Taken from Dependabot's workflow log.

rdhar avatar Aug 14 '24 19:08 rdhar