What we shipped last week
This is a round-up of what we shipped last week. For those of you who are reading this who don’t know what Digger is - Digger is an Open Source alternative to Terraform Cloud
Azure DevOps and Azure Repos support
Digger now has first-class support of Azure Devops as a CI system in addition to Github Actions and Gitlab Pipelines. The integration works in a similar way to Gitlab Pipelies: you just need to set up a minimal Azure Function to handle webhooks. This was requested by users multiple times and we were finally able to ship it last week!
AWS OIDC
领英推荐
Until now, the only way to configure an AWS account for your terraform was via setting up an AWS_SECRET_ACCESS_KEY environment variable. While still secure (assuming you use appropriate Secrets in Gitlab or Github), users we spoke to told us that the best practice with AWS is to use openID like this. We already had federated access support (OIDC) for GCP - but not for AWS or Azure. AWS is ticked off as of last week, thanks to a community contribution by @speshak. The current implementation adds an optional?aws-role-to-assume?parameter which is passed to?configure-aws-credentials?to use GitHub OIDC authentication.
Disabling locking with NoOp lock provider
Enhancement - PR
Another community contribution - thanks @duoctranth! Couldn’t summarise it better than the PR’s author: “By using the no-op lock, we can easily switch between enabling and disabling locking without modifying the DiggerExecutor logic. This allows us to maintain a clear separation between the locking mechanism and the executor logic. Additionally, it provides an opportunity for customization by allowing different messages to be displayed later on.”
Digger is an open-source alternative to Terraform Cloud