I’m using TFLint to analyze my code, but it doesn’t give me an alert when my provider version is very out of date.
Is there any tool or script that performs this validation?
Terraform itself has a version nag, but I haven’t seen something similar for providers.
Renovate (which normally runs as a cloud-hosted bot, but which can also run as a GitHub action) is a tool that doesn’t do exactly what you want, but can make PRs to update dependencies, lockfiles, even things like tflint
or pre-commit
plugins. It also opens a GitHub issue that serves as a “dependency dashboard”, and has a configurable schedule, so if you set a limited # of concurrent PRs and a reasonable schedule, you can probably set it up to “remind” you about updates in a way that will work for you.
It can work with both looser or tighter styles of defining version constraints, and (in most cases) can handle lockfiles, if you’re checking them in.
Alternatively, you could set a looser version constraint for the providers, and then run terraform init
with -upgrade
(and / or add -upgrade
to TF_CLI_ARGS_init
). I personally prefer to be more tight with pinning or version constraints, but use a bot like Renovate to keep things up to date.