Skip to main content
In this tutorial, you will set up Digger to automate terraform pull requests using Github Actions and AWS

Prerequisites

Step 1: create your Digger account

Head to ui.digger.dev and sign up using your preferred method. You should see onboarding screen after you sign up, which guides you to install the github app and perform the next steps

Step 2: install the Digger GitHub App

Install the Digger GitHub App into your repository.
Digger GitHub App does not need access to your cloud account, it just starts jobs in your CI. All sensitive data stays in your CI job.You can also self-host Digger orchestrator with a private GiHub app and issue your own token

Step 3: Create Action Secrets with AWS credentials (you can also use OIDC

In GitHub repository settings, go to Secrets and Variables - Actions. Create the following secrets:
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY

Step 4: Create digger.yml

This file contains Digger configuration and needs to be placed at the root level of your repository. Assuming your terraform code is in the prod directory: 
projects: - name: production  dir: prod

Step 5: Create Github Actions workflow file

Place it at .github/workflows/digger_workflow.yml (name is important!) 
name: Digger Workflow  on:  workflow_dispatch:  inputs:  spec:  required: true  run_name:  required: false  run-name: '${{inputs.run_name}}'  jobs:  digger-job:  runs-on: ubuntu-latest  permissions:  contents: write # required to merge PRs  actions: write # required for plan persistence  id-token: write # required for workload-identity-federation  pull-requests: write # required to post PR comments  issues: read # required to check if PR number is an issue or not  statuses: write # required to validate combined PR status   steps:  - uses: actions/checkout@v4  - name: ${{ fromJSON(github.event.inputs.spec).job_id }}  run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"  - uses: diggerhq/digger@vLatest  with:  digger-spec: ${{ inputs.spec }}  setup-aws: true  setup-terraform: true  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}  env:  GITHUB_CONTEXT: ${{ toJson(github) }}  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Step 6: Create a PR to verify that it works

Terraform will run an existing plan against your code. Make any change to your terraform code e.g. add a blank line. An action run should start (you can see log output in Actions). After some time you should see output of Terraform Plan added as a comment to your PR. Then you can add a comment like digger apply and shortly after apply output will be added as comment too.
⌘I