Support Nested Terraform Code (HCL) #649
Comments
|
In general, the approach we take with recursive dependency file finding is:
What's the setup with Terraform? I'd like to improve the flow for setups that we don't bump all-at-once, but I think it's a UI tweak rather than a core change (i.e., making it easier to select them in the dashboard). What do you reckon? |
|
It's a bit of a bear to manually add every directory with terraform configurations into dependabot. Each directory with .tf files is really its own, independent terraform module. Plus, the way dependabot is now, restructuring the repo would mean needing to also "fix" the dependabot config. A better workflow to me would be to scan the repo for directories with .tf files, check each for module sources, and create separate PRs for each. |
|
That makes sense to me. I think what's needed here is a better frontend for Dependabot for selecting multiple directories to apply it to, and an option to "always apply to all directories" or something like that (maybe with a blacklist). Sounds like you think the backend implementation (separate PRs for each module) is basically correct, though? |
|
Separate PRs for each updated "source" is my preference... That way each dependency update gets tested on it's own. If there are interrelated changes between dependencies needed to pass tests, I'd modify the PR myself. |
|
Great. We're planning to work on the front-end a bunch over the next couple of months, so I should be able to get this sorted then. |
|
Any updates on this? This would be a really awesome feature to have! |
|
We haven't had a chance to work on the improved project-selection interface yet, but I'm still keen to do it. Will have an update in the next few weeks. |
|
@greysteil awesome, thanks! I'll keep an eye out for updates. I just added dependabot to a bunch of repos, several of which have multiple terraform stacks/modules. It would be cool to have the auto detect feature but I was still able to set everything up with the current config format so I'm pretty happy with that for now. |
|
Any updates on this? Seems common to have Terraform modules as separate subdirectories and it can be tedious to add each one. |
|
Hello, any update on this ? |
|
Any updates on this? |
|
Any update on this ? |
|
I am having the same problem. How do we address this? |
|
Piling on here, looking for this functionality as well. |
|
Hoping to see this as well. |
|
Any updates? :) |
|
Also looking for this option :) |
|
Looking forward for this feature. I think this would also solve our problem around upgrading modules in terragrunt nested directories. |
|
FWIW I have been able to completely ditch dependabot for this use case by using Renovate and a quick custom CI job. |
|
has anyone tried the described options in github blog? looks promising. |
I don't see where the new Dependabot grouping feature helps with this request. Can you give an example? |
|
@SchulteMarkus sure If you have a terraform modules in a repo like the ss below, you need to specify every directory in the dependabot config. As far as I understand, the blog post introduces a feature that allows you to use terraform modules in dependabot config with a wildcard pattern without specifying each of them seperately. 
|
|
Is there any plan to support this? It's been years. Right now if a repo has let's say 100 modules in their own folder, which is convention, then we need 100 TF dependabot configs in the YAML file. It's a lot of maintenance that can quickly fall out of sync minimizing the benefits of Dependabot with Terraform |
|
Just use Snyk - dependabot clearly does not care about Terraform. |
|
@dependabot recreate |
|
I've just realised that |
what
.tfcodewhy
references
The text was updated successfully, but these errors were encountered: