digger VS github

None of these are a replacement of Terraform Cloud (recently rebranded to HCP Terraform). For example, when you create a PR, it could affect multiple workspaces. The new experimental version of TFC/TFE (I refuse to call it HCP!) implements Stacks, which is something like a workflow, and links one workspace output to other workspace inputs. None of the open-source solutions, including the paid Digger [0], support this - only the paid one, such as Spacelift [1] (which is the closest to TFC if you ask me). Having a monorepo of Terraform is a common design pattern, so, if I change an embedded module, it could trigger changes it many workspaces. As far as I know, Atlantis [2] can't really help in this case.

By the way, the reason I singled-out Spacelift is due to its quality, and the great Terraform provider it has. Scalr [3], for example, has a really low-quality Terraform provider. I extensively use the hashicorp/tfe provider to manage TFC itself.

[0]: https://digger.dev/

[1]: https://spacelift.io/

[2]: https://www.runatlantis.io/

[3]: https://www.scalr.com/

Currently, Github Actions is de-facto the only fully supported CI platform in Digger, we’ve been building it as a CI-agnostic tool (https://github.com/diggerhq/digger) from get go. We keep getting requests to support more CI systems on our community slack and over Github issues (https://github.com/diggerhq/digger/issues/81).

Unlike other automation tools for Terraform, Digger doesn’t run jobs on the server; instead it uses your CI (like Actions) as a compute backend. This is more secure and also much cheaper if you use your own runners in your CI.

But each CI and each VCS is ever so slightly different; and we are now at a crossroads - Should we build support for more CI platforms, or more features for GitHub Actions? We’d love any thoughts/inputs!

We just had a user submit an issue and a PR to revert the changes we made earlier that remove the option to disable telemetry. We feel like it’s a fair ask to share usage data with authors of an open-source tool that’s early in the making; but the user’s viewpoint is also perfectly understandable. Are we in the wrong here?

https://github.com/diggerhq/digger/issues/1179

Surely we aren’t the first open-source company to face this dilemma. We don’t want to alienate the community; but losing visibility of usage doesn’t sound great either. Give people the “more privacy” button and most are going to press it. Is there a happy medium?

Detecting and managing drift in Terraform is a multifaceted process. The use of Terraform commands such as terraform refresh and terraform plan plays a critical role in identifying drifts. Additionally, periodic monitoring of the infrastructure using these commands can aid in early detection and prevention of larger issues. Tools like Digger and Terraform Cloud offer dedicated drift detection and remediation mechanisms. These tools provide continuous monitoring and notifications, enabling teams to stay informed about the state of their infrastructure.

Star us on GitHub | Check out Docs | Blog | Slack

I would be extremely grateful if you could give us a star & share your thoughts in the comments section below https://github.com/diggerhq/digger

Check Digger's repo on GitHub

Digger is an Open Source Infrastructure as Code management tool that helps orchestrate IaC such as Terraform & OpenTofu within GitHub Actions. Digger reuses compute used for application code so that you don't overpay for 3rd party managed compute for IaC. This approach eliminates the duplication of CI/CD infrastructure such as compute, jobs, and logs, and reduces security concerns by keeping sensitive data within the CI job. Digger's integration with existing CI systems offers scalability by leveraging on-demand compute resources and enhances security by confining data within the existing CI environment.

Digger is an Open Source IaC management platform that allows you to orchestrate terraform/OpenTofu in your CI/CD system. It helps you resue async jobs infrastructure with compute, orchestration, logs, etc of your existing CI. Digger also has a pro version built on top of Digger’s community edition. Digger’s “bring your own compute” ensures that users have private runners by defualt and don’t have to pay for it additionally. Digger pro gives team leads, managers and IaC practitioners dashboards, Drift Detection, RBAC via OPA policies and concurrency so they can help guide the team.

We have this issue filed by a user and cannot quite decide internally what to do about it. It is clear that allowing everyone who comments to trigger apply is problematic. And we have this covered by the RBAC via OPA feature that allows users to set granular rego policies for who can do what. But it can also be viewed as an overkill to introduce the whole policy-as-code setup for a basic restriction like this.

While looking for solutions, I realized that many developers face similar challenges. This issue is widely discussed, particularly in a GitHub thread: Track traffic to GitHub repo longer than 14 days #399.

Probably the older email address is still the primary one for the GitHub account.

GitHub took it upon themselves to change email addresses and author names when merging via the UI buttons like "Squash and Merge" in 2018 and then again in 2019. See <https://github.com/isaacs/github/issues/1368> for the tedious details.

Essentially the post-2019 behaviour seems to be that where possible with "Squash and Merge" they will set noreply@github as the committer so that they can sign the merged commit themselves, and set author name & email to what they have recorded for the GH account involved (and the signature is then a record that GH have verified that account's involvement).

Personally I think it is shocking that they ignore the name and email address that the actual author of the commit has selected. This is both a violation of the author's intentions -- for example, you may set work and personal email addresses in different repositories as discussed here, but GitHub will rewrite them all to the same thing when other people press "Squash and Merge" on your pull requests -- and potentially a doxxing security risk.

I have considered re-reporting this to GitHub via the newer community discussions or via support again, but given the extent to which they've ignored all such reports over the last five years it is hard to find the motivation to do so.

However, there is a massive issue. Github by default truncates insights to t-14 days (where t = today). This is super annoying as there is a discontinuity in data. There is also an archived issue on Github regarding this. The issue has a whopping 119 comments and has been around for over 8 years now. Basically, from the discussions there - Data you don't persist today will be gone 14 days from now. And looks like Github hasn't done anything about it.

> Hi, people have made money using my code and I also don’t care

looks like everyone's missing the point.

> I understand this is upsetting to you

Again, maybe I am on another level of comprehension, so I don't understanda why it is so hard for someone to get it, but I am not upset by that, at all.

I simply know that those who think "it will be fine" are delusional and don't know what they are talking about!

So I just will paste some link to relevant news here, maybe it will make things clearer.

It includes the opinion of Antirez, father of one of the most successful OSS ever: Redis. Maybe his words will open your eyes and tear the veil of Maya.

(spoiler ahead alert!)

Basically you work for free and people don't even thank you and the maintainer ends up being doxed or blamed or pushed aside and in the long term the only solution to keep sanity is to resign

https://www.jeffgeerling.com/blog/2022/burden-open-source-ma...

https://www.theregister.com/2022/01/13/opensource_apacheplc4...

https://nolanlawson.com/2017/03/05/what-it-feels-like-to-be-...

https://old.reddit.com/r/linux/comments/z14tt2/reason_why_op...

https://github.com/isaacs/github/issues/167

http://web.archive.org/web/20221217180915/http://antirez.com...

I don't know what the fuss is all about. It was publicly known that Github was breaking automatic git archives consistency for many years. Here is a bug on a project to stop relying on fake github archives (as opposed to stable git-archive(1)):

https://bugzilla.tianocore.org/show_bug.cgi?id=3099

At some point it was impossible to go a few weeks (or even days) without a github archive change (depending on which part of the "CDN" you hit), I guess they must have stabilized it at some point. Here is an old issue before GitHub had a community issue tracker:

https://github.com/isaacs/github/issues/1483

Hello, I see you stepped on my favourite personal soapbox! :)

https://github.com/isaacs/github/issues/1017

I really, really like semi-linear branching/merging. I.e. always rebase-merging, but with a merge commit.

Reasons, in comparison to Github's "rebase merge" which doesn't produce a merge commit:

1. It makes it clear which commits were part of one PR

2. It makes it clear who did the merge

3. It's okay to not have every commit build. but the one being merged will.

4. Still pretty bisectable. You'll narrow things down at least to the PR that caused an issue, and from there it's usually quite simple.

5. Looks very tidy in gitk & Co

Not to say that the feature isn't coming to FOSS git services.. Just that even proprietary organizations have had issues with taking a while to implement them.

Oh this is cool actually! Nice! One of the grievances I have with github commit signing is this issue https://github.com/isaacs/github/issues/1099

In addition, you probably want to read this discussion. https://github.com/isaacs/github/issues/1138