Does anyone have a pants + terraform workflow they would recommend? I have been using them separately, and I have now attempted to deploy a container that I have forgotten to publish multiple times today and I'm sort of wondering if there is a good setup with pants where it makes sure to publish images for me. I don't always want to push the application code at HEAD though and would like to still be able to make terraform changes without pushing new application code.

If I've got your workflow right, I think it's that there are 2 cases: 1. You would like to deploy a new version of the application. You want pants to build the docker container and apply the terraform (For example, you release application version 1.2.3, and have a

helm_release

resource for that application that you update to use version 1.2.3) 2. You want to change something in the terraform, but don't want to publish a new docker container. I don't think pants has a builtin way to do item 1. terraform support is still experimental. You can add a

terraform_deployment

to deploy terraform, but there isn't currently a way to have Pants

publish

a docker container before deploying a

terraform_deployment

. This feature has been requested before, and I think the helm backend can do this; it's In The Future. At my work, we've got a few scripts to tie things like this together. If I've got your workflow right, I think you could do scenario 1 with a script that uses

bump2version

to also upgrade the version referenced in terraform, then

pants publish

, and then

pants experimental-deploy

(or just

terraform

itself)

Yeah, that's an accurate summary. Could definitely make a script to do it, but it doesn't seem super worth it atm. I'm not super clear what the current value prop is for the terraform backend, what does it do for you vs just using terraform?

Currently the TF backend doesn't really do much. We've got a lot of folks who don't have a lot of TF experience but who need to dabble. Being able to run lint and check without keep a devenv up to date is enough, especially since it's just a few lines in the config. Also we have a lot of small TF deployments, so having something to gather all the invocation args for each one (which tfbackend, Which tfvars) bundled together is nice. And again, not having to keep all these devenvs set up is nice.

How does it help with the devenv situation?

It downloads terraform and runs terraform-init, and all the linters run through pants rather than having to be run separately

ah, ok, that makes sense, thanks!

You're welcome! It's not huge, but it can add up. I think it'll be compelling when more linters are incorporated into pants. Having automatic install and run of trivy and checov and friends will be nice.

The automatic install is really nice; it has been particularly good for the JVM. I hope the Go backend starts doing automatic install soon too.