Skip terraform for Renovate
tfaction supports skipping terraform plan and terraform apply in case of pull request by Renovate.
Basically in tfaction's workflow terraform plan and terraform apply are run.
But you don't have to run terraform plan and terraform apply when some dependencies such as tfsec and tflint are updated.
On the other hand, when Terraform and Terraform Providers are updated, you have to run terraform plan and terraform apply.
By skipping terraform plan and terraform apply, you can efficiently update dependencies.
- You can prevent unexpected changes from being applied
- You can prevent CI failure due to
terraform plan's unexpected changes - You can prevent API rate exceeded by
terraform planandterraform apply
How to use
To enable this feature, set skip_terraform_by_renovate in tfaction-root.yaml.
skip_terraform_by_renovate: true
Then terraform plan and terraform apply are skipped in pull requests by Renovate.
This is useful to update dependencies which are unrelated to the result of terraform plan and terraform apply.
But you should run terraform plan and terraform apply when Terraform or Terraform Providers are updated by Renovate.
So please set renovate_terraform_labels in tfaction-root.yaml and addLabels in renovate.json.
e.g.
renovate_terraform_labels:
- terraform
{
"packageRules": [
{
"matchManagers": ["terraform", "terraform-version"],
"addLabels": ["terraform"]
},
{
"matchPackageNames": ["hashicorp/terraform"],
"addLabels": ["terraform"]
}
]
}
The second rule is required if you manage Terraform with aqua.
If any one of labels in renovate_terraform_labels is set to the pull request, tfaction would run terraform plan and terraform apply.