Automated Dependency Updates for Terragrunt

Categories: iac, terraform

Renovate supports updating Terragrunt dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)terragrunt\.hcl$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: git-tags, github-tags, gitlab-tags, bitbucket-tags, gitea-tags, terraform-module.

Default config

{
  "commitMessageTopic": "Terragrunt dependency {{depName}}",
  "fileMatch": [
    "(^|/)terragrunt\\.hcl$"
  ]
}

Additional Information

Currently by default, Terragrunt support is limited to Terraform registry sources and GitHub sources that include SemVer refs, e.g. like github.com/hashicorp/example?ref=v1.0.0.

You can create a custom versioning config to support non-SemVer references. For example, if you want to reference a tag like module-v1.2.5, a block like this would work:

{
  "terragrunt": {
    "versioning": "regex:^((?<compatibility>.*)-v|v*)(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$"
  }
}

Pinned Terragrunt dependencies like the following will get a PR whenever there is a newer version available:

terraform {
  source = "github.com/hashicorp/example?ref=v1.0.0"
}

Terraform lockfiles

The Terragrunt manager supports lock file maintenance for .terraform.lock.hcl artifacts. These artifacts will be updated if and only if the update type is lockFileMaintenance.