MCPcopy Index your code
hub / github.com/diggerhq/digger

github.com/diggerhq/digger @vo.6.96 sqlite

repository ↗ · DeepWiki ↗ · release vo.6.96 ↗
9,436 symbols 20,920 edges 418 files 340 documented · 4%
README

digger-opensource-gitops-banner

Community Slack | Schedule a call | Demo Video | Docs

CI/CD for Terraform is tricky. To make life easier, specialized CI systems aka TACOS exist - Terraform Cloud, Spacelift, Atlantis, etc.

But why have 2 CI systems? Why not reuse the async jobs infrastructure with compute, orchestration, logs, etc of your existing CI?

Digger runs Terraform natively in your CI. This is:

  • Secure, because cloud access secrets aren't shared with a third-party
  • Cost-effective, because you are not paying for additional compute just to run your Terraform

Features

  • Terraform plan and apply in pull request comments
  • Private runners - thanks to the fact that there are no separate runners! Your existing CI's compute environment is used
  • Open Policy Agent (OPA) support for RBAC
  • PR-level locks (on top of Terraform native state locks, similar to Atlantis) to avoid race conditions across multiple PRs
  • Terragrunt, Workspaces, multiple Terraform versions, static analysis via Checkov, plan persistence, ...
  • Drift detection

Getting Started

How it works

Digger has 2 main components: - CLI that runs inside your CI and calls Terraform with the right arguments - Orchestrator - a minimal backend (that can also be self-hosted) that triggers CI jobs in response to events such as PR comments

Digger also stores PR-level locks and plan cache in your cloud account (DynamoDB + S3 on AWS, equivalents in other cloud providers)

Compared to Atlantis

  • No need to host and maintain a server (although you can)
  • Secure by design: jobs run in your CI, so sensitive data stays there
  • Scalable compute: jobs can run in parallel
  • RBAC and policies via OPA
  • Drift detection
  • Apply-after-merge workflows
  • Web UI (cloud-based)
  • Read more about differences with Atlantis in our blog post

Compared to Terraform Cloud and other TACOs

  • Open source; orchestrator can be self-hosted
  • Unlimited runs and unlimited resources-under-management on all tiers
  • Jobs run in your CI, not on a third-party server
  • Supports PR automation (apply before merge)
  • No duplication of the CI/CD stack
  • Secrets not shared with a third party

Contributing

We love contributions. Check out our contributing guide to get started.

Please pick an issue that already exists if you’re interested in contributing, otherwise, feel free to create an issue and triage with the maintainers before creating a PR.

Not sure where to get started? You can:

  • Join our Slack, and ask us any questions there.

Telemetry

Digger collects anonymized telemetry. See usage.go for detail. You can disable telemetry collection either by setting telemetry: false in digger.yml, or by setting the TELEMETRY env variable to false.

Running migrations

atlas migrate apply --url $DATABASE_URL

Resources

  • Docs for comprehensive documentation and guides
  • Slack for discussion with the community and Digger team.
  • GitHub for code, issues, and pull request
  • Medium for terraform automation and collaboration insights, articles, tutorials, and updates.

Extension points exported contracts — how you extend this code

BitbucketProvider (Interface)
(no doc) [8 implementers]
backend/utils/bitbucket.go
CiBackend (Interface)
(no doc) [6 implementers]
backend/ci_backends/ci_backends.go
DriftNotificationProvider (Interface)
(no doc) [12 implementers]
cli/pkg/drift/Provider.go
Lock (Interface)
(no doc) [6 implementers]
libs/locking/core.go
PolicyCheckerProvider (Interface)
(no doc) [12 implementers]
libs/policy/core.go
PlanStorage (Interface)
(no doc) [6 implementers]
libs/storage/storage.go
PullRequestService (Interface)
(no doc) [9 implementers]
libs/ci/ci.go
Executor (Interface)
(no doc) [7 implementers]
libs/execution/execution.go

Core symbols most depended-on inside this repo

String
called by 368
cli/pkg/digger/digger.go
String
called by 74
libs/ci/gitlab/gitlab.go
InitCommentReporter
called by 63
backend/utils/pr_comment.go
Get
called by 63
next/utils/github.go
ReportErrorAndExit
called by 61
cli/pkg/usage/usage.go
UpdateComment
called by 57
libs/comment_utils/summary/updater.go
ToConfigStage
called by 44
libs/scheduler/jobs.go
get
called by 37
libs/digger_config/terragrunt/atlantis/generate.go

Shape

Method 7,677
Function 1,017
Struct 484
Class 120
Interface 97
TypeAlias 38
FuncType 3

Languages

Go86%
TypeScript14%

Modules by API surface

next/templates/static/js/bootstrap.bundle.min.js390 symbols
ee/backend/templates/static/js/bootstrap.bundle.min.js390 symbols
backend/templates/static/js/bootstrap.bundle.min.js390 symbols
next/models_generated/user_roles.gen.go110 symbols
next/models_generated/user_profiles.gen.go110 symbols
next/models_generated/user_private_info.gen.go110 symbols
next/models_generated/user_onboarding.gen.go110 symbols
next/models_generated/user_notifications.gen.go110 symbols
next/models_generated/user_m2m_applications.gen.go110 symbols
next/models_generated/user_api_keys.gen.go110 symbols
next/models_generated/teams.gen.go110 symbols
next/models_generated/team_members.gen.go110 symbols

Dependencies from manifests, versioned

ariga.io/atlas-go-sdkv0.2.3 · 1×
ariga.io/atlas-provider-gormv0.5.0 · 1×
cel.dev/exprv0.16.1 · 1×
cloud.google.com/gov0.116.0 · 1×
cloud.google.com/go/auth/oauth2adaptv0.2.5 · 1×
cloud.google.com/go/compute/metadatav0.5.2 · 1×
cloud.google.com/go/monitoringv1.21.1 · 1×
cloud.google.com/go/storagev1.46.0 · 1×
dario.cat/mergov1.0.0 · 1×
filippo.io/agev1.0.0 · 1×

Datastores touched

postgresDatabase · 1 repos

For agents

$ claude mcp add digger \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact