Skip to content

Automated Dependency Updates for Terragrunt

Categories: iac, terraform

Renovate supports updating Terragrunt dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)terragrunt\.hcl$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: git-tags, github-tags, gitlab-tags, bitbucket-tags, gitea-tags, terraform-module.

Default config

{
  "commitMessageTopic": "Terragrunt dependency {{depName}}",
  "fileMatch": [
    "(^|/)terragrunt\\.hcl$"
  ]
}

Additional Information

Currently by default, Terragrunt support is limited to Terraform registry sources and GitHub sources that include SemVer refs, e.g. like github.com/hashicorp/example?ref=v1.0.0.

You can create a custom versioning config to support non-SemVer references. For example, if you want to reference a tag like module-v1.2.5, a block like this would work:

{
  "terragrunt": {
    "versioning": "regex:^((?<compatibility>.*)-v|v*)(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$"
  }
}

Pinned Terragrunt dependencies like the following will get a PR whenever there is a newer version available:

terraform {
  source = "github.com/hashicorp/example?ref=v1.0.0"
}

Terraform lockfiles

The Terragrunt manager supports lock file maintenance for .terraform.lock.hcl artifacts. These artifacts will be updated if and only if the update type is lockFileMaintenance.

Open items

The below list of features were current when this page was generated on March 28, 2024.

Feature requests

  • Support updating Terragrunt-generated terraform.lock.hcl lock files #13393