feat: Add OpenTofu (#157)

- chore: update and use terramate 0.8.0
- feat: Allow manual drift runs
- fix: Terramate cloud preview link
- chore: mark stack as terraform

.github/workflows/deploy.yml

@@ -38,6 +38,11 @@ jobs:
           asdf plugin add terraform
           asdf install terraform
 
+      - name: Install OpenTofu with asdf
+        run: |
+          asdf plugin add opentofu
+          asdf install opentofu
+
       ### Check for changed stacks
 
       - name: List changed stacks
@@ -69,7 +74,7 @@ jobs:
             -C stacks \
             --parallel 1 \
             --changed \
-            terraform init
+            init
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -81,7 +86,7 @@ jobs:
             -C stacks \
             --parallel 5 \
             --changed \
-            terraform deploy
+            deploy
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -92,6 +97,6 @@ jobs:
             -C stacks \
             --parallel 5 \
             --changed \
-            terraform drift detect
+            drift detect
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/drift-detection.yml

@@ -40,6 +40,11 @@ jobs:
           asdf plugin add terraform
           asdf install terraform
 
+      - name: Install OpenTofu with asdf
+        run: |
+          asdf plugin add opentofu
+          asdf install opentofu
+
       ### Configure cloud credentials
 
       - name: Configure AWS credentials
@@ -61,7 +66,7 @@ jobs:
           terramate script run \
             -C stacks \
             --parallel 1 \
-            terraform init
+            init
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -73,7 +78,7 @@ jobs:
             --parallel 5 \
             --continue-on-error \
             -- \
-            terraform drift detect
+            drift detect
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -87,6 +92,6 @@ jobs:
             --parallel 5 \
             --continue-on-error \
             -- \
-            terraform drift reconcile
+            drift reconcile
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/preview.yml

@@ -51,6 +51,11 @@ jobs:
           asdf plugin add terraform
           asdf install terraform
 
+      - name: Install OpenTofu with asdf
+        run: |
+          asdf plugin add opentofu
+          asdf install opentofu
+
       ### Linting
 
       - name: Check Terramate formatting
@@ -90,7 +95,7 @@ jobs:
             -C stacks \
             --changed \
             --parallel 1 \
-            terraform init
+            init
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -103,7 +108,7 @@ jobs:
             --parallel 5 \
             --continue-on-error \
             -- \
-            terraform preview
+            preview
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -126,9 +131,15 @@ jobs:
           echo >>pr-comment.txt "#### Terraform Plan"
           echo >>pr-comment.txt
           echo >>pr-comment.txt '```terraform'
-          terramate run -C stacks --changed -- terraform show -no-color out.tfplan |& dd bs=1024 count=248 >>pr-comment.txt
+          terramate run -C stacks/terraform --changed -- terraform show -no-color out.tfplan |& dd bs=1024 count=248 >>pr-comment.txt
           [ "${PIPESTATUS[0]}" == "141" ] && sed -i 's/#### Terraform Plan/#### :warning: Terraform Plan truncated: please check console output :warning:/' pr-comment.txt
           echo >>pr-comment.txt '```'
+          echo >>pr-comment.txt "#### OpenTofu Plan"
+          echo >>pr-comment.txt
+          echo >>pr-comment.txt '```terraform'
+          terramate run -C stacks/opentofu --changed -- tofu show -no-color out.tfplan |& dd bs=1024 count=248 >>pr-comment.txt
+          [ "${PIPESTATUS[0]}" == "141" ] && sed -i 's/#### OpenTofu Plan/#### :warning: OpenTofu Plan truncated: please check console output :warning:/' pr-comment.txt
+          echo >>pr-comment.txt '```'
           cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
 
       - name: Generate preview when no stacks changed

.tool-versions

@@ -1,3 +1,4 @@
 terraform 1.7.5
 terramate 0.8.0
 pre-commit 3.6.2
+opentofu 1.6.2

_bootstrap/terraform-state-bucket/config.tm.hcl

@@ -35,7 +35,7 @@ generate_hcl "_main.tf" {
     }
 
     resource "aws_dynamodb_table" "terraform-lock" {
-      name           = tm_try(global.terraform.backend.dyanmodb_table, "terraform_state")
+      name           = tm_try(global.terraform.backend.dyanmodb_table, "terraform-lock")
       read_capacity  = 5
       write_capacity = 5
       hash_key       = "LockID"

config.tm.hcl

@@ -3,9 +3,8 @@ globals "terraform" {
 }
 
 globals "terraform" "backend" {
-  bucket         = "terramate-example-terraform-state-backend"
-  dyanmodb_table = "terraform-lock"
-  region         = "us-east-1"
+  bucket = "terramate-example-terraform-state-backend"
+  region = "us-east-1"
 }
 
 globals "aws" "oidc" {

imports/mixins/backend.tm.hcl

@@ -6,7 +6,7 @@ generate_hcl "backend.tf" {
       backend "s3" {
         region         = global.terraform.backend.region
         bucket         = global.terraform.backend.bucket
-        key            = "terraform/stacks/by-id/${terramate.stack.id}/terraform.tfstate"
+        key            = tm_try(global.terraform.backend.key, "terraform/stacks/by-id/${terramate.stack.id}/terraform.tfstate")
         encrypt        = true
         dynamodb_table = tm_try(global.terraform.backend.dyanmodb_table, "terraform-lock")
       }

scripts/script_tofu_deploy.tm

@@ -0,0 +1,18 @@
+script "tofu" "deploy" {
+  name        = "OpenTofu Deployment"
+  description = "Run a full OpenTofu deployment cycle and synchronize the result to Terramate Cloud."
+
+  job {
+    name        = "OpenTofu Apply"
+    description = "Initialize, validate, plan, and apply OpenTofu changes."
+    commands = [
+      ["tofu", "init", "-lock-timeout=5m"],
+      ["tofu", "validate"],
+      ["tofu", "plan", "-out", "plan.tfplan", "-lock=false"],
+      ["tofu", "apply", "-input=false", "-auto-approve", "-lock-timeout=5m", "plan.tfplan", {
+        sync_deployment = true
+        tofu_plan_file  = "plan.tfplan"
+      }],
+    ]
+  }
+}

scripts/script_tofu_detect_drift.tm

@@ -0,0 +1,16 @@
+script "tofu" "detect-drift" {
+  name        = "OpenTofu Drift Check"
+  description = "Detect drifts in OpenTofu configuration and synchronize it to Terramate Cloud."
+
+  job {
+    name        = "OpenTofu Plan"
+    description = "Initialize, validate, and plan OpenTofu changes."
+    commands = [
+      ["tofu", "init", "-lock-timeout=5m"],
+      ["tofu", "plan", "-out", "drift.tfplan", "-detailed-exitcode", "-lock=false", {
+        sync_drift_status = true
+        tofu_plan_file    = "drift.tfplan"
+      }],
+    ]
+  }
+}

scripts/script_tofu_preview.tm

@@ -0,0 +1,17 @@
+script "tofu" "preview" {
+  name        = "OpenTofu Deployment Preview"
+  description = "Create a preview of OpenTofu Changes and synchronize it to Terramate Cloud."
+
+  job {
+    name        = "OpenTofu Plan"
+    description = "Initialize, validate, and plan OpenTofu changes."
+    commands = [
+      ["tofu", "init", "-lock-timeout=5m"],
+      ["tofu", "validate"],
+      ["tofu", "plan", "-out", "preview.tfplan", "-detailed-exitcode", "-lock=false", {
+        sync_preview   = true
+        tofu_plan_file = "preview.tfplan"
+      }],
+    ]
+  }
+}

stacks/opentofu/config.tm.hcl

@@ -0,0 +1,7 @@
+globals "terraform" "backend" {
+  key = "opentofu/stacks/by-id/${terramate.stack.id}/opentofu.tfstate"
+}
+
+globals "terraform" {
+  version = "1.6.2"
+}

stacks/opentofu/empty/backend.tf

@@ -0,0 +1,11 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+terraform {
+  backend "s3" {
+    bucket         = "terramate-example-terraform-state-backend"
+    dynamodb_table = "terraform-lock"
+    encrypt        = true
+    key            = "opentofu/stacks/by-id/f50a9ef3-c5de-48ab-8acf-a60d91bfef7b/opentofu.tfstate"
+    region         = "us-east-1"
+  }
+}

stacks/opentofu/empty/stack.tm.hcl

@@ -0,0 +1,5 @@
+stack {
+  name        = "Empty Stack"
+  description = "An empty OpenTofu Stack"
+  id          = "f50a9ef3-c5de-48ab-8acf-a60d91bfef7b"
+}

stacks/opentofu/empty/terraform.tf

@@ -0,0 +1,16 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+terraform {
+  required_version = "1.6.2"
+}
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.31"
+    }
+  }
+}
+provider "aws" {
+  region = "us-east-1"
+}

stacks/opentofu/workflows.tm.hcl

@@ -0,0 +1,69 @@
+script "init" {
+  name        = "OpenTofu Init"
+  description = "Downloads the required provider plugins and modules and setting up the backend"
+
+  job {
+    commands = [
+      ["tofu", "init", "-lock-timeout=5m"],
+    ]
+  }
+}
+
+script "preview" {
+  name        = "OpenTofu Deployment Preview"
+  description = "Create a preview of OpenTofu Changes and synchronize it to Terramate Cloud."
+
+  job {
+    commands = [
+      ["tofu", "validate"],
+      ["tofu", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
+        sync_preview   = true
+        tofu_plan_file = "out.tfplan"
+      }],
+    ]
+  }
+}
+
+script "deploy" {
+  name        = "OpenTofu Deployment"
+  description = "Run a full OpenTofu deployment cycle and synchronize the result to Terramate Cloud."
+
+  job {
+    commands = [
+      ["tofu", "validate"],
+      ["tofu", "plan", "-out", "out.tfplan", "-lock=false"],
+      ["tofu", "apply", "-input=false", "-auto-approve", "-lock-timeout=5m", "out.tfplan", {
+        sync_deployment = true
+        tofu_plan_file  = "out.tfplan"
+      }],
+    ]
+  }
+}
+
+script "drift" "detect" {
+  name        = "OpenTofu Drift Check"
+  description = "Detect drifts in OpenTofu configuration and synchronize it to Terramate Cloud."
+
+  job {
+    commands = [
+      ["tofu", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
+        sync_drift_status = true
+        tofu_plan_file    = "out.tfplan"
+      }],
+    ]
+  }
+}
+
+script "drift" "reconcile" {
+  name        = "OpenTofu Drift Reconciliation"
+  description = "Reconciles drifts in all changed stacks."
+
+  job {
+    commands = [
+      ["tofu", "plan", "-out", "drift.tfplan", "-detailed-exitcode", "-lock=false", {
+        sync_drift_status = true
+        tofu_plan_file    = "drift.tfplan"
+      }],
+    ]
+  }
+}

workflows.tm.hcl → stacks/terraform/workflows.tm.hcl

@@ -1,4 +1,4 @@
-script "terraform" "init" {
+script "init" {
   name        = "Terraform Init"
   description = "Downloads the required provider plugins and modules and setting up the backend"
 
@@ -9,7 +9,7 @@ script "terraform" "init" {
   }
 }
 
-script "terraform" "preview" {
+script "preview" {
   name        = "Terraform Deployment Preview"
   description = "Create a preview of Terraform Changes and synchronize it to Terramate Cloud."
 
@@ -24,7 +24,7 @@ script "terraform" "preview" {
   }
 }
 
-script "terraform" "deploy" {
+script "deploy" {
   name        = "Terraform Deployment"
   description = "Run a full Terraform deployment cycle and synchronize the result to Terramate Cloud."
 
@@ -40,7 +40,7 @@ script "terraform" "deploy" {
   }
 }
 
-script "terraform" "drift" "detect" {
+script "drift" "detect" {
   name        = "Terraform Drift Check"
   description = "Detect drifts in Terraform configuration and synchronize it to Terramate Cloud."
 
@@ -54,7 +54,7 @@ script "terraform" "drift" "detect" {
   }
 }
 
-script "terraform" "drift" "reconcile" {
+script "drift" "reconcile" {
   name        = "Terraform Drift Reconciliation"
   description = "Reconciles drifts in all changed stacks."