Add With Opentofu page

Author: ZIJ

docs/ce/getting-started/with-opentofu.mdx

@@ -0,0 +1,174 @@
+---
+title: "With OpenTofu"
+---
+
+In this tutorial, you will set up Digger to automate OpenTofu pull requests using Github Actions
+
+# Prerequisites
+
+- A GitHub repository with valid OpenTofu code
+- Your cloud provider credentials:
+  - For AWS: [Hashicorp's AWS tutorial](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-build)
+  - For GCP: [Hashicorp's GCP tutorial](https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build)
+
+# Step 1: create your Digger account
+
+Head to [ui.digger.dev](https://ui.digger.dev) and sign up using your preferred method.
+
+You should see an empty dashboard after you sign up.
+
+# Step 2: install the Digger GitHub App
+
+Install the Digger [GitHub App](https://github.com/apps/digger-pro/installations/select_target) into your repository.
+
+<Note>
+Digger GitHub App does not need access to your cloud account, it just starts jobs in your CI. All sensitive data stays in your CI job.
+
+You can also [self-host Digger orchestrator](/ce/self-host/deploy-docker) with a private GiHub app and issue your own token
+
+</Note>
+
+# Step 3: Create Action Secrets with cloud credentials
+
+In GitHub repository settings, go to Secrets and Variables - Actions. Create the following secrets:
+
+<Tabs>
+  <Tab title="AWS">
+    - `AWS_ACCESS_KEY_ID` - `AWS_SECRET_ACCESS_KEY` You can also [use
+    OIDC](/ce/cloud-providers/authenticating-with-oidc-on-aws) for AWS
+    authentication.
+  </Tab>
+  <Tab title="GCP">
+    - `GCP_CREDENTIALS` - contents of your GCP Service Account Key json file You
+    can also [use OIDC](/gcp/federated-oidc-access/) for GCP authentication.
+  </Tab>
+</Tabs>
+
+# Step 4: Create digger.yml
+
+This file contains Digger configuration and needs to be placed at the root level of your repository. Assuming your OpenTofu code is in the `prod` directory:
+
+```
+projects:
+- name: production
+  dir: prod
+```
+
+# Step 5: Create Github Actions workflow file
+
+Place it at `.github/workflows/digger_workflow.yml` (name is important!)
+
+<Tabs>
+  <Tab title="AWS">
+    ```yaml
+    name: Digger Workflow
+
+    on:
+      workflow_dispatch:
+        inputs:
+          spec:
+            required: true
+          run_name:
+            required: false
+
+    run-name: '${{inputs.run_name}}'
+
+    jobs:
+      digger-job:
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write      # required to merge PRs
+          actions: write       # required for plan persistence
+          id-token: write      # required for workload-identity-federation
+          pull-requests: write # required to post PR comments
+          issues: read         # required to check if PR number is an issue or not
+          statuses: write      # required to validate combined PR status
+
+        steps:
+          - uses: actions/checkout@v4
+          - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
+            run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
+          - uses: diggerhq/digger@vLatest
+            with:
+              digger-spec: ${{ inputs.spec }}
+              setup-aws: true
+              setup-opentofu: true
+              opentofu-version: 1.10.3
+              aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+              aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+            env:
+              GITHUB_CONTEXT: ${{ toJson(github) }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    ```
+
+  </Tab>
+  <Tab title="GCP">
+    ```yaml
+    name: Digger
+
+    on:
+      workflow_dispatch:
+        inputs:
+          spec:
+            required: true
+          run_name:
+            required: false
+
+    run-name: '${{inputs.run_name}}'
+
+    jobs:
+      digger-job:
+        name: Digger
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write      # required to merge PRs
+          actions: write       # required for plan persistence
+          id-token: write      # required for workload-identity-federation
+          pull-requests: write # required to post PR comments
+          issues: read         # required to check if PR number is an issue or not
+          statuses: write      # required to validate combined PR status
+        steps:
+        - uses: actions/checkout@v4
+        - name: ${{ fromJSON(github.event.inputs.spec).job_id }}
+          run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}"
+        - id: 'auth'
+          uses: 'google-github-actions/auth@v1'
+          with:
+            credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+            create_credentials_file: true
+        - name: 'Set up Cloud SDK'
+          uses: 'google-github-actions/setup-gcloud@v1'
+        - name: 'Use gcloud CLI'
+          run: 'gcloud info'
+        - name: digger run
+            uses: diggerhq/digger@vLatest
+            with:
+              digger-spec: ${{ inputs.spec }}
+              setup-aws: false
+              setup-opentofu: true
+              opentofu-version: 1.10.3
+            env:
+              GITHUB_CONTEXT: ${{ toJson(github) }}
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    ```
+
+    This workflow includes additional steps for GCP:
+    - Authenticate into GCP using Google's official [Auth action](https://github.com/google-github-actions/auth). Note the `create_credentials_file: true` option; without it, subsequent steps that rely on [Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc) will not work.
+    - Set up Google Cloud SDK for use in the subsequent steps via Google's official [Setup-gcloud action](https://github.com/google-github-actions/setup-gcloud)
+    - Verify that GCP is configured correctly by running `gcloud info`
+
+  </Tab>
+</Tabs>
+
+# Step 6: Create a PR to verify that it works
+
+OpenTofu will run an existing plan against your code.
+
+Make any change to your OpenTofu code e.g. add a blank line. An action run should start (you can see log output in Actions). After some time you should see output of OpenTofu Plan added as a comment to your PR.
+
+Then you can add a comment like `digger apply` and shortly after apply output will be added as comment too.
+
+# Demo repositories
+
+- [AWS demo repo](https://github.com/diggerhq/quickstart-actions-aws)
+- [GCP demo repo](https://github.com/diggerhq/demo-conftest-gcp/)

docs/ce/getting-started/with-terraform.mdx

@@ -19,7 +19,7 @@ You should see an empty dashboard after you sign up.
 
 # Step 2: install the Digger GitHub App
 
-Install the Digger [GitHub App](https://github.com/apps/digger-cloud/installations/select_target) into your repository.
+Install the Digger [GitHub App](https://github.com/apps/digger-pro/installations/select_target) into your repository.
 
 <Note>
 Digger GitHub App does not need access to your cloud account, it just starts jobs in your CI. All sensitive data stays in your CI job.
@@ -34,15 +34,13 @@ In GitHub repository settings, go to Secrets and Variables - Actions. Create the
 
 <Tabs>
   <Tab title="AWS">
-    - `AWS_ACCESS_KEY_ID`
-    - `AWS_SECRET_ACCESS_KEY`
-    
-    You can also [use OIDC](/ce/cloud-providers/authenticating-with-oidc-on-aws) for AWS authentication.
+    - `AWS_ACCESS_KEY_ID` - `AWS_SECRET_ACCESS_KEY` You can also [use
+    OIDC](/ce/cloud-providers/authenticating-with-oidc-on-aws) for AWS
+    authentication.
   </Tab>
   <Tab title="GCP">
-    - `GCP_CREDENTIALS` - contents of your GCP Service Account Key json file
-    
-    You can also [use OIDC](/gcp/federated-oidc-access/) for GCP authentication.
+    - `GCP_CREDENTIALS` - contents of your GCP Service Account Key json file You
+    can also [use OIDC](/gcp/federated-oidc-access/) for GCP authentication.
   </Tab>
 </Tabs>
 
@@ -95,12 +93,14 @@ Place it at `.github/workflows/digger_workflow.yml` (name is important!)
               digger-spec: ${{ inputs.spec }}
               setup-aws: true
               setup-terraform: true
+              terraform-version: 1.5.5
               aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
               aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
             env:
               GITHUB_CONTEXT: ${{ toJson(github) }}
               GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     ```
+
   </Tab>
   <Tab title="GCP">
     ```yaml
@@ -146,15 +146,17 @@ Place it at `.github/workflows/digger_workflow.yml` (name is important!)
               digger-spec: ${{ inputs.spec }}
               setup-aws: false
               setup-terraform: true
+              terraform-version: 1.5.5
             env:
               GITHUB_CONTEXT: ${{ toJson(github) }}
               GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     ```
-    
+
     This workflow includes additional steps for GCP:
     - Authenticate into GCP using Google's official [Auth action](https://github.com/google-github-actions/auth). Note the `create_credentials_file: true` option; without it, subsequent steps that rely on [Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc) will not work.
     - Set up Google Cloud SDK for use in the subsequent steps via Google's official [Setup-gcloud action](https://github.com/google-github-actions/setup-gcloud)
     - Verify that GCP is configured correctly by running `gcloud info`
+
   </Tab>
 </Tabs>
 
@@ -169,4 +171,4 @@ Then you can add a comment like `digger apply` and shortly after apply output wi
 # Demo repositories
 
 - [AWS demo repo](https://github.com/diggerhq/quickstart-actions-aws)
-- [GCP demo repo](https://github.com/diggerhq/demo-conftest-gcp/)
+- [GCP demo repo](https://github.com/diggerhq/demo-conftest-gcp/)

docs/mint.json

@@ -44,7 +44,8 @@
     {
       "group": "Getting Started",
       "pages": [
-        "ce/getting-started/with-terraform"
+        "ce/getting-started/with-terraform",
+        "ce/getting-started/with-opentofu"
       ]
     },
     {