diggerhq
diff --git a/‎docs/CLAUDE.md
Lines changed: 53 additions & 0 deletions b/‎docs/CLAUDE.md
Lines changed: 53 additions & 0 deletions
diff --git a/‎docs/ce/getting-started/with-opentofu.mdx
Lines changed: 174 additions & 0 deletions b/‎docs/ce/getting-started/with-opentofu.mdx
Lines changed: 174 additions & 0 deletions
@@ -0,0 +1,53 @@
+# Mintlify documentation
+
+## Working relationship
+
+- You can push back on ideas-this can lead to better documentation. Cite sources and explain your reasoning when you do so
+- ALWAYS ask for clarification rather than making assumptions
+- NEVER lie, guess, or make up information
+
+## Project context
+
+- Format: MDX files with YAML frontmatter
+- Config: docs.json for navigation, theme, settings
+- Components: Mintlify components
+
+## Content strategy
+
+- Document just enough for user success - not too much, not too little
+- Prioritize accuracy and usability of information
+- Make content evergreen when possible
+- Search for existing information before adding new content. Avoid duplication unless it is done for a strategic reason
+- Check existing patterns for consistency
+- Start by making the smallest reasonable changes
+
+## Frontmatter requirements for pages
+
+- title: Clear, descriptive page title
+- description: Concise summary for SEO/navigation
+
+## Writing standards
+
+- Second-person voice ("you")
+- Prerequisites at start of procedural content
+- Test all code examples before publishing
+- Match style and formatting of existing pages
+- Include both basic and advanced use cases
+- Language tags on all code blocks
+- Alt text on all images
+- Relative paths for internal links
+
+## Git workflow
+
+- NEVER use --no-verify when committing
+- Ask how to handle uncommitted changes before starting
+- Create a new branch when no clear branch exists for changes
+- Commit frequently throughout development
+- NEVER skip or disable pre-commit hooks
+
+## Do not
+
+- Skip frontmatter on any MDX file
+- Use absolute URLs for internal links
+- Include untested code examples
+- Make assumptions - always ask for clarification
@@ -0,0 +1,174 @@
+---
+title: "With OpenTofu"
+---
+
+In this tutorial, you will set up Digger to automate OpenTofu pull requests using Github Actions
+
+# Prerequisites
+
+- A GitHub repository with valid OpenTofu code
+- Your cloud provider credentials:
+  - For AWS: [Hashicorp's AWS tutorial](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-build)
+  - For GCP: [Hashicorp's GCP tutorial](https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build)
+
+# Step 1: create your Digger account
+
+Head to [ui.digger.dev](https://ui.digger.dev) and sign up using your preferred method.
+
+You should see an empty dashboard after you sign up.
+
+# Step 2: install the Digger GitHub App
+
+Install the Digger [GitHub App](https://github.com/apps/digger-pro/installations/select_target) into your repository.
+
+<Note>
+Digger GitHub App does not need access to your cloud account, it just starts jobs in your CI. All sensitive data stays in your CI job.
+
+You can also [self-host Digger orchestrator](/ce/self-host/deploy-docker) with a private GiHub app and issue your own token
+
+</Note>
+
+# Step 3: Create Action Secrets with cloud credentials
+
+In GitHub repository settings, go to Secrets and Variables - Actions. Create the following secrets:
+
+<Tabs>
+  <Tab title="AWS">
+    - `AWS_ACCESS_KEY_ID` - `AWS_SECRET_ACCESS_KEY` You can also [use
+    OIDC](/ce/cloud-providers/authenticating-with-oidc-on-aws) for AWS
+    authentication.
+  </Tab>
+  <Tab title="GCP">
+    - `GCP_CREDENTIALS` - contents of your GCP Service Account Key json file You
+    can also [use OIDC](/gcp/federated-oidc-access/) for GCP authentication.
+  </Tab>
+</Tabs>
+
+# Step 4: Create digger.yml
+
+This file contains Digger configuration and needs to be placed at the root level of your repository. Assuming your OpenTofu code is in the `prod` directory:
+
+```
+projects:
+- name: production
+  dir: prod
+```
+
+# Step 5: Create Github Actions workflow file
+
+Place it at `.github/workflows/digger_workflow.yml` (name is important!)
+
+<Tabs>
+  <Tab title="AWS">
+    ```yaml
+    name: Digger Workflow
+
+    on:
+      workflow_dispatch:
+        inputs:
+          spec:
+            required: true
+          run_name:
+            required: false
+
+    run-name: '${{inputs.run_name}}'
+
+    jobs:
+      digger-job:
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write      # required to merge PRs
+          actions: write       # required for plan persistence
+          id-token: write      # required for workload-identity-federation
+          pull-requests: write # required to post PR comments
+          issues: read         # required to check if PR number is an issue or not
+          statuses: write      # required to validate combined PR status
+
+        steps:
+          - uses: actions/checkout@v4
+          - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
+            run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
+          - uses: diggerhq/digger@vLatest
+            with:
+              digger-spec: ${{ inputs.spec }}
+              setup-aws: true
+              setup-opentofu: true
+              opentofu-version: 1.10.3
+              aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+              aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+            env:
+              GITHUB_CONTEXT: ${{ toJson(github) }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    ```
+
+  </Tab>
+  <Tab title="GCP">
+    ```yaml
+    name: Digger
+
+    on:
+      workflow_dispatch:
+        inputs:
+          spec:
+            required: true
+          run_name:
+            required: false
+
+    run-name: '${{inputs.run_name}}'
+
+    jobs:
+      digger-job:
+        name: Digger
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write      # required to merge PRs
+          actions: write       # required for plan persistence
+          id-token: write      # required for workload-identity-federation
+          pull-requests: write # required to post PR comments
+          issues: read         # required to check if PR number is an issue or not
+          statuses: write      # required to validate combined PR status
+        steps:
+        - uses: actions/checkout@v4
+        - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
+          run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
+        - id: 'auth'
+          uses: 'google-github-actions/auth@v1'
+          with:
+            credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+            create_credentials_file: true
+        - name: 'Set up Cloud SDK'
+          uses: 'google-github-actions/setup-gcloud@v1'
+        - name: 'Use gcloud CLI'
+          run: 'gcloud info'
+        - name: digger run
+            uses: diggerhq/digger@vLatest
+            with:
+              digger-spec: ${{ inputs.spec }}
+              setup-aws: false
+              setup-opentofu: true
+              opentofu-version: 1.10.3
+            env:
+              GITHUB_CONTEXT: ${{ toJson(github) }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    ```
+
+    This workflow includes additional steps for GCP:
+    - Authenticate into GCP using Google's official [Auth action](https://github.com/google-github-actions/auth). Note the `create_credentials_file: true` option; without it, subsequent steps that rely on [Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc) will not work.
+    - Set up Google Cloud SDK for use in the subsequent steps via Google's official [Setup-gcloud action](https://github.com/google-github-actions/setup-gcloud)
+    - Verify that GCP is configured correctly by running `gcloud info`
+
+  </Tab>
+</Tabs>
+
+# Step 6: Create a PR to verify that it works
+
+OpenTofu will run an existing plan against your code.
+
+Make any change to your OpenTofu code e.g. add a blank line. An action run should start (you can see log output in Actions). After some time you should see output of OpenTofu Plan added as a comment to your PR.
+
+Then you can add a comment like `digger apply` and shortly after apply output will be added as comment too.
+
+# Demo repositories
+
+- [AWS demo repo](https://github.com/diggerhq/quickstart-actions-aws)
+- [GCP demo repo](https://github.com/diggerhq/demo-conftest-gcp/)