🔥Let’s Do DevOps: Updating Your TF and Action Dependencies on GitHub Repos with Dependabot🔥

Never let new module versions go unnoticed!

This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

I’ve moved to LetsDoDevOps.com, you can find the article here. This content has a paywall for 1 week, and then will be free starting at 10/29/24 9a CT. Feedback on the paywall model is welcome!

Hey all!

Recently I was asked to implement Dependabot for our Terraform/OpenTofu repos, and do we have a lot of them! As your terraform implementation matures, you’ll end up with lots of Repos that contain modules. These modules represent best practice deployments of all the resource types you need to manage in your environment.

Your Project repos will end up calling these Resource modules, and deploying them lots of times. This works great, and is very scalable, but it does lead to a problem — you’ll create a new version of a Resource module, and it’s hard to tell exactly which other Project repos (or other Resource Repos, even) are calling your Resource Repo, and which should probably be updated since there’s a new version.

That’s where Dependabot comes in — it has a lot of other uses, for all types of software, but we’ll stay firmly focused on the ecosystem I know the best — Terraform and OpenTofu (which I use as synonyms here and in all my articles).

Here’s an example PR opened by Dependabot when it noticed a new version of AzureRM available on GitHub. No manual steps were taken to trigger the check, and proposed code was tested in all envs.

You’ll also end up with lots of Actions files in your repos. GitHub has now developed some tools for centralizing the Actions files in a single repo, and calling them from each repo, but those tools are still pretty remedial, so I’d bet you have sometimes hundreds of copies of Actions in your repos.

Keeping up with all the step definitions can be a pain, even if you’ve centralized most of your logic in other Action-focused Repos. Dependabot can help with that too!

Implementation is incredibly simple, and doesn’t require any special license.

Let’s Do DevOps

From here on out, all content will be published on Let’s Do DevOps. I want to give back to the community as much as I’m able. Please subscribe there to avoid missing any content. Thanks all ❤.

This content has a paywall for 1 week, and then will be free starting at 10/29/2024 9a CT.

You can find this article here: https://www.letsdodevops.com/p/lets-do-devops-updating-your-tf-and