Terraform Versioning

Hi Everyone,

Thank you in advance for reading and helping me wrap my mind around this issue. At my organization, we just started leveraging Terraform to create and manage our cloud resources. At the moment, we using Terraform in GitLab-CI CI/CD pipelines in a few different repositories. In my environment, Terraform is executed from the terraform Docker container on DockerHub. My question around what the best practices are versioning Terraform for CICD pipelines. When terraform 0.12.13 came out, we decided to pin to that version back in November to keep things relatively stable while we learned Terraform. Now we are quite a few versions behind, but more mature in our Infrastructure as Code platform.

It looks like in Terraform 0.12.14, lots of new syntax changes came in regarding deprecating variables using: ${var.variable} syntax which is a huge change for us. We are currently working on migrating all our pipelines to the new syntax and terraform 0.12.26 version. In an effort to not repeat this upgrade exercise again with new Terraform releases, what is the best practice for managing Terraform in a CICD pipeline? I see it working like this:

  1. Pin the Terraform version and do periodic upgrades: This works well for keeping things stable, but requires a lot of syntax changes to be back ported and code changes across our terraform repositories.

  2. Use the latest or light Docker Tag: This approach means that we will always be running the latest Terraform version which could introduce breaking changes into our CICD pipelines. Not to mention running Terraform locally will mean our team will always be downloading the latest release. This may also have implications for when Terraform 0.13 arrives. Any new syntax changes in that release could potentially cause issues the pipelines to break.

Are there any other options or best practices for using Terraform in a CICD pipeline?
Ideally, I wish there was a terraform:stable Docker tag that would be a little slower to update. This way we could avoid running bleeding edge, but not get stuck a few versions behind. Also, if there was a Docker tag for terraform:0.12 which always kept to the most recent version of the 0.12.x release, that would helpful as well.

I’m wondering as well how other folks version their Terraform projects? Run latest? or pin to a specific version and periodically upgrade?

Thanks in advance!