Automated Dependency Updates for Terraform
Categories: iac, terraform
Renovate supports updating Terraform dependencies.
File Matching¶
By default, Renovate will check any files matching any of the following regular expressions:
**/*.tf
**/*.tofu
For details on how to extend a manager's managerFilePatterns value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: bitbucket-tags, docker, git-tags, github-tags, github-releases, helm, terraform-module, terraform-provider.
Dependency types¶
This manager extracts the following depType values:
depType |
Description |
|---|---|
module |
A Terraform module source reference |
provider |
A Terraform provider declared in a provider block |
required_provider |
A Terraform provider declared in a required_providers block |
required_version |
The Terraform version constraint in a required_version field |
helm_release |
A Helm chart deployed via a helm_release resource |
tfe_workspace |
A Terraform version pinned in a tfe_workspace resource |
docker_image |
A Docker image in a docker_image resource |
docker_container |
A Docker image in a docker_container resource |
docker_service |
A Docker image in a docker_service resource |
docker_registry_image |
A Docker image in a docker_registry_image data source |
kubernetes_pod |
A container image in a kubernetes_pod resource |
kubernetes_pod_v1 |
A container image in a kubernetes_pod_v1 resource |
kubernetes_cron_job |
A container image in a kubernetes_cron_job resource |
kubernetes_cron_job_v1 |
A container image in a kubernetes_cron_job_v1 resource |
kubernetes_daemonset |
A container image in a kubernetes_daemonset resource |
kubernetes_daemon_set_v1 |
A container image in a kubernetes_daemon_set_v1 resource |
kubernetes_deployment |
A container image in a kubernetes_deployment resource |
kubernetes_deployment_v1 |
A container image in a kubernetes_deployment_v1 resource |
kubernetes_job |
A container image in a kubernetes_job resource |
kubernetes_job_v1 |
A container image in a kubernetes_job_v1 resource |
kubernetes_replication_controller |
A container image in a kubernetes_replication_controller resource |
kubernetes_replication_controller_v1 |
A container image in a kubernetes_replication_controller_v1 resource |
kubernetes_stateful_set |
A container image in a kubernetes_stateful_set resource |
kubernetes_stateful_set_v1 |
A container image in a kubernetes_stateful_set_v1 resource |
Default config¶
{
"commitMessageTopic": "Terraform {{depName}}",
"managerFilePatterns": [
"**/*.tf",
"**/*.tofu"
],
"pinDigests": false
}
Lock File Maintenance¶
This manager supports lockFileMaintenance for the following file(s):
.terraform.lock.hcl
Additional Information¶
Terraform vs OpenTofu¶
Renovate can not know if you want to use the Terraform or OpenTofu registry.
By default, Renovate uses the Terraform registry (registry.terraform.io) for providers and modules without a registry definition.
You can override this default with your own packageRules, for example:
{
"packageRules": [
{
"matchDatasources": ["terraform-provider", "terraform-module"],
"registryUrls": ["https://registry.opentofu.org"]
}
]
}
Supported dependencies¶
Renovate supports updating the Terraform dependencies listed below. Check the tables to see where some dependencies can be hosted.
Modules¶
| Name | Public hosting | Private hosting |
|---|---|---|
| GitTags | yes | yes |
| GithubTags | yes | yes |
| TerraformRegistry | yes | yes |
Providers¶
Providers are deprecated in Terraform 0.13.0.
| Name | Public hosting | Private hosting |
|---|---|---|
| TerraformRegistry | yes | yes |
required_providers block¶
Needs Terraform >= 0.13.0.
| Name | Public hosting | Private hosting |
|---|---|---|
| TerraformRegistry | yes | yes |
required_version¶
Renovate can update the required_version attribute of the Terraform block.
helm_release¶
Renovate can update the version attribute of helm_release resources. This applies to both helm chart repositories and charts published in OCI registries.
| Name | Public hosting | Private hosting |
|---|---|---|
| chart repository | yes | yes |
Docker¶
Renovate can update image references of the Docker provider resources (docker\_\*).
| Name | Public hosting | Private hosting |
|---|---|---|
| Docker registry | yes | yes |
Kubernetes¶
Renovate can update image references of Kubernetes provider resources (kubernetes\_\*).
| Name | Public hosting | Private hosting |
|---|---|---|
| Docker registry | yes | yes |
tfe_workspaces¶
Renovate can update tfe_workspaces.
Renovate searches for the terraform_version argument.
Range constraints¶
Renovate understands these Terraform range constraints:
| Terraform range | Notes |
|---|---|
>= 1.2.0 |
version 1.2.0 or newer |
<= 1.2.0 |
version 1.2.0 or older |
~> 1.2.0 |
any non-beta version >= 1.2.0 and < 1.3.0, e.g. 1.2.X |
~> 1.2 |
any non-beta version >= 1.2.0 and < 2.0.0, e.g. 1.X.Y |
>= 1.0.0, <= 2.0.0 |
any version between 1.0.0 and 2.0.0 inclusive |
Disabling parts of the manager¶
You can use these depTypes for fine-grained control, for example to disable parts of the Terraform manager.
| Resource | depType |
Notes |
|---|---|---|
| Terraform provider | provider |
|
| required Terraform provider | required_provider |
|
| required Terraform version | required_version |
This handles the required_version in terraform blocks |
| TFE workspace | tfe_workspace |
This handles the terraform_version argument in tfe_workspace resources |
| Terraform module | module |
|
| Helm release | helm_release |
|
| Docker container | docker_container |
|
| Docker image | docker_image |
|
| Docker service | docker_service |
|
| Kubernetes CronJob | kubernetes_cron_job |
|
| Kubernetes CronJob v1 | kubernetes_cron_job_v1 |
|
| Kubernetes DaemonSet | kubernetes_daemon_set |
|
| Kubernetes DaemonSet v1 | kubernetes_daemon_set_v1 |
|
| Kubernetes Deployment | kubernetes_deployment |
|
| Kubernetes Deployment v1 | kubernetes_deployment_v1 |
|
| Kubernetes Job | kubernetes_job |
|
| Kubernetes Job v1 | kubernetes_job_v1 |
|
| Kubernetes Pod | kubernetes_pod |
|
| Kubernetes Pod v1 | kubernetes_pod_v1 |
|
| Kubernetes Replication Controller | kubernetes_replication_controller |
|
| Kubernetes Replication Controller v1 | kubernetes_replication_controller_v1 |
|
| Kubernetes StatefulSet | kubernetes_stateful_set |
|
| Kubernetes StatefulSet v1 | kubernetes_stateful_set_v1 |
| Data Source | depType |
Notes |
|---|---|---|
| Docker registry image | docker_registry_image |
If you need to change the versioning format, read the versioning documentation to learn more.