A CLI agent that runs in your CI and interacts with Terraform or OpenTofu CLI
An orchestrator backend that responds to events from GitHub and triggers CI jobs When a PR is opened, Digger starts a CI job that runs terraform plan and posts plan output as comment. You can then comment “digger apply” to run terraform apply.
Built by digger, oss USED BY cloud-native LEADERS
Pull Request
Comment
Comment
Comment
Your CI (e.g. Actions)
Digger CLI (CI Job)
Digger can also be configured to run apply only after the PR has been merged; to check plan output against OPA policies; to run drift detection on schedule; and so on.
The orchestrator backend does not have access to your cloud account, or terraform states, or plan output, or tfvars, or any other sensitive data. It just triggers CI jobs; your sensitive data never leaves the high-trust environment of your CI. For this reason, there is little reason to self-host the backend of Digger (although you still can). Much easier to use the managed cloud version of the orchestrator.
