Skip to main content
In this guide you will set up Digger to use completely segregated AWS accounts for Dev and Prod environments

Prerequisites

  • 2 Terraform projects with remote backends - example repo
  • 2 pairs of AWS keys
  • Using digger with orchestrator

Create digger.yml file

Place digger.yml file in the root of your repo. Point dir to folders with terraform 
projects: - name: develop  dir: dev  workflow_file: digger-run-dev.yml  - name: production  dir: prod  workflow_file: digger-run-prod.yml

Create 2 environments in GitHub

  • In your GitHub repo, go to Settings > Environments
  • Press “New Environment”
  • Name one “development” and another “production”
In each environment, create 2 secrets corresponding to your AWS accounts:
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY

Create 2 Actions workflow files

  • .github/workflows/digger-run-dev.yml for dev
  • .github/workflows/digger-run-prod.yml for prod
Don’t forget to change environment and the Rename step from Dev to Prod 
name: Digger Workflow  on:  workflow_dispatch:  inputs:  spec:  required: true  run_name:  required: false  run-name: '${{inputs.run_name}}'  jobs:  digger-job:  runs-on: ubuntu-latest  environment: development # CHANGE ME !!!  permissions:  contents: write # required to merge PRs  actions: write # required for plan persistence  id-token: write # required for workload-identity-federation  pull-requests: write # required to post PR comments  issues: read # required to check if PR number is an issue or not  statuses: write # required to validate combined PR status   steps:  - uses: actions/checkout@v4  - name: ${{ fromJSON(github.event.inputs.spec).job_id }}  run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"  - uses: diggerhq/digger@vLatest  with:  digger-spec: ${{ inputs.spec }}  setup-aws: true  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}  env:  GITHUB_CONTEXT: ${{ toJson(github) }}  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Verify that it works

That’s it! Now you can use Digger to automate your Terraform PRs.
  • Create a PR that changes terraform in one of your projects
  • You should see 2 Actions jobs started
  • Shortly after, a comment with plan output for the affected project will be added
  • You can comment digger apply to apply changes
  • If you do so, another Action job will start to run apply
⌘I