Why should terragrunt-live be in a separate repo?

I have adopted the terragrunt-live repo layout suggested in terragrunt-infrastructure-live-example. I have been using it for a while and it works well.

Part of this methodology is a terragrunt-live repo separate from the repo containing my own Terraform modules. Whenever I partition code into different repositories, I must take over responsibility for synchronizing files, where Git is the true master.

Why must my terragrunt-live repo be a separate Git repo? Why can’t it be a terragrunt-live/ directory in my Terraform module repo?

One reason is to have a different set of maintainers for terragrunt-live and the Terraform modules. This is in fact the case with open source Terraform modules–I can commit to my own terragrunt-live, but I can only suggest changes to public Terraform modules via a pull request. However, these are my custom Terraform modules that I develop in sync with my terragrunt.hcl files. My experience is that I always commit them together, and having them in separate repos just invites file skew.

Are there other reasons to keep terragrunt-live and my own custom Terraform modules in separate repositories?

You certainly don’t have to do it - it’s merely a recommendation! The main reason that I can think of is that you might want to handle releases/tags separately. In infrastructure-modules, you:

  1. Create a feature branch
  2. Make some changes
  3. Commit and push those changes, then open a pull request
  4. Somebody reviews + approves it, and when ready, you merge it in
  5. You cut a release

Now, from infrastructure-live, you:

  1. Find the relevant module in your sandbox/dev/lowest environment
  2. Update the ref to point at the new release
  3. Test it out, and if it looks good, follow the same review/release process
  4. Progress through other environments as necessary

So now your release cadence is different between your code (Terraform modules) and your configuration (Terragrunt).

In general, as a matter of hygiene, its nice to have code separate from config. This way you can grant access to the modules to anyone else who may be interested and not worry about polluting it with environment configuration.

2 Likes

Ah. Different releases/tags is definitely only possible with separate repositories. Thank you for your astute answer.

1 Like