A cli tool used to make running terraform or opentofu project simpler. Includes secret fetching and remote state management.
Welcome to tfrunner, a cli tool to run terraform commands with the following facilities:
Since tfrunner is a cli tool, the recommended installation is using pipx.
Please ensure you have a compatible python >= 3.12 version.
Install with: pipx install tfrunner
Requirements: tfrunner expects the following binaries to be installed:
terraform: tfrunner is a wrapper on top of terraformgit: when using the --git-sandbox flag, ensure you have git installed and that you are running the command in a git projectTo use it to manage multiple projects, create a yaml file configuring each.
Here is an example file, let's name it tfrunner.yaml:
flavour: terraform # Can use tofu
state_backend:
kind: gitlab
spec:
url: https://gitlab.com
project_id: 12345678
token_var: GITLAB_TOKEN
secrets_backend:
kind: gitlab
spec:
url: https://gitlab.com
project_id: 12345678
token_var: GITLAB_TOKEN
tfvars:
gitlab_token: $GITLAB_TOKEN
projects:
dev: # Reflects name of the environment
path: ../infra/dev
state_name: dev
# Inner environment gets added (and overrides colliding vars) with global env vars
# env vars take precedence over secrets
tfvars:
doppler_token: $DOPPLER_TOKEN
# Inner secrets backend takes precendence
secrets_backend:
kind: doppler
spec:
project: my-project
config: dev
token_var: DOPPLER_TOKEN
Now you can run tfrunner as you would run any regular terraform command (options are also included). You need only to be wary of two additional arguments that are needed:
--project: name of your project, as specified in your config file.--config_path: path to your configuration file. By default it will look for a tfrunner.yaml file in the current folderAs examples, for the great-project in our example tfrunner.yaml file, you could run:
tfrunner init --project great-project
tfrunner fmt --project great-project
tfrunner validate --project great-project
tfrunner plan --project great-project
tfrunner apply --project great-project
tfrunner destroy --config_path tfrunner.yaml --project great-project
The --config_path is optional in the tfrunner destroy command, as tfrunner will by default assume its path to be tfrunner.yaml.
tfrunner init --project great-project --git-sandbox
tfrunner plan --project great-project --git-sandbox
tfrunner apply --project great-project --git-sandbox
tfrunner destroy --project great-project --git-sandbox
Requirements:
uv installedterraform installedgit installeduv sync --all-groupstfrunner plan generate a plan file by defaulttfrunner apply use that plan file by defaultFAQs
A cli tool used to make running terraform or opentofu project simpler. Includes secret fetching and remote state management.
We found that tfrunner demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.
Security News
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
Security News
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.