|
1 | 1 | # What is a Patcher Patch? |
2 | 2 |
|
3 | | -This page is under construction |
| 3 | +A Patch is a set of instructions executed by Patcher that do code transformations. |
| 4 | +This strategy is especially useful as a way to automate adoption of a breaking change with infrastructure as code, such as Terragrunt, OpenTofu, or Terraform. |
| 5 | +This instruction sheet is delivered by means of a `yaml` file in a specific format: |
| 6 | + |
| 7 | +```yaml title=".patcher/patches/v1.0.0/my-patch/patch.yaml" |
| 8 | +name: "<name-of-patch>" |
| 9 | +description: "<description for patch>" |
| 10 | +author: <your-name-here> <<your-email-address-here>> |
| 11 | + |
| 12 | +# Optional dependencies. Terrapatch is a typical one |
| 13 | +dependencies: |
| 14 | + - name: terrapatch |
| 15 | + version: "0.1.0" |
| 16 | + |
| 17 | +# Steps necessary to resolve breaking change |
| 18 | +steps: |
| 19 | + - name: "<name-of-step>" |
| 20 | + run: <command-to-run> |
| 21 | + - name: "<name-of-second-step>" |
| 22 | + run: <second-command-to-run> |
| 23 | + # etc |
| 24 | +``` |
| 25 | + |
| 26 | +[Check out an example of a patch in the CIS Service Catalog.](https://github.com/gruntwork-io/terraform-aws-service-catalog/blob/c3d5ede211fc3230a7d493ceea43622b337ee88a/.patcher/patches/v0.96.4/switch-to-cis-rds-module/patch.yaml) |
| 27 | + |
| 28 | +## For Module Consumers |
| 29 | + |
| 30 | +As an OpenTofu/Terraform module consumer, modules are imported to launch infrastructure by writing Terragrunt units (`terragrunt.hcl` files) or OpenTofu/Terraform code that calls a module. |
| 31 | + |
| 32 | +It is best practice to reference a specific version of an OpenTofu/Terraform module. |
| 33 | +Over time, module authors release new versions of the module, and the code that consumes those modules slowly gets out of date. |
| 34 | +In some cases, the latest update of the underlying modules requires a breaking change to the consuming code, meaning the version can't just be bumped. |
| 35 | +The consuming code needs to be edited to make use of the new version. |
| 36 | +In this instance, using a patch with Patcher comes in handy. |
| 37 | + |
| 38 | +Patches can be consumed with either a "push" strategy, when Patcher proactively opens a pull request with the latest update, or a "pull" strategy, when a repo is manually scanned to look at the current state of your infrastructure using the Patcher CLI tool. |
| 39 | + |
| 40 | +Regardless of methodology, the concept remains the same. |
| 41 | +Patcher will suggest changes to your codebase in order to keep your infrastructure up to date, however you see fit. |
| 42 | + |
| 43 | +Here is an example of what your PR will look like, after being generated by Patcher: |
| 44 | + |
| 45 | + |
| 46 | + |
| 47 | +### Update Push Strategy |
| 48 | + |
| 49 | +Let's take a look at the experience of the "push" strategy available through our [GitHub action](https://github.com/gruntwork-io/patcher-action). |
| 50 | +Using the GitHub action, PRs will be opened against your codebase on a cadence specified by you, against environments, versions, etc. specified by you. |
| 51 | +The intention with this GitHub action is to leave the repo owner in full control of your upgrade cadence. Check out our guide on [promotion workflows](/2.0/docs/patcher/guides/promotion-workflows), so that updates can proceed from `dev` to `stage` to `prod` (or any other environment sequence) to mitigate risks around upgrades. |
| 52 | + |
| 53 | +### Update Pull Strategy |
| 54 | + |
| 55 | +Let's take a look at the experience of "pulling" available updates by using the Patcher CLI tool. |
| 56 | +The first step is to run `patcher update` within the repo in which updates are desired. |
| 57 | +When `patcher update` is run, the default mode is to click through the updates **interactively**. |
| 58 | +In this mode, available updates are found, and the details of those updates are presented to you: |
| 59 | + |
| 60 | + |
| 61 | + |
| 62 | +You can choose to run in `--non-interactive` mode, which will modify the codebase and present results about what the program did at the end. |
| 63 | + |
| 64 | +By default a PR will _not_ be opened with the changes. |
| 65 | +However, the changes should be visible within the version control system. At that point, you may make a PR or apply the changes using your IaC system. |
| 66 | + |
| 67 | +### Examples Running `patcher update` |
| 68 | + |
| 69 | +Here's the easiest way to run this command: |
| 70 | + |
| 71 | +```bash |
| 72 | +$ cd <repo-root-directory> |
| 73 | +# Show what patches are available for everything in the current directory and all it's children |
| 74 | +$ patcher update ./ |
| 75 | +``` |
| 76 | + |
| 77 | +If more fine-grain controls are desired, the following example (which includes advanced usage topics like [update strategies](/2.0/docs/patcher/concepts/update-strategies.md)) has those: |
| 78 | + |
| 79 | +```bash |
| 80 | +# run 'update' non-interactively, only up to the next safe version, and publish a PR with the changes |
| 81 | +$ patcher update --update-strategy next-safe --non-interactive --publish --pr-branch grunty/update-via-patcher --pr-title "[Patcher] Update All Dependencies to Next Safe" |
| 82 | +``` |
| 83 | + |
| 84 | +More details on the available options included in `patcher update` can be found in the [reference section](/2.0/reference/patcher/index.md#update). |
| 85 | + |
| 86 | +## For Module Authors |
| 87 | + |
| 88 | +Module authors periodically need to introduce breaking changes in their modules, causing a downstream, potentially painful, experience for module consumers. |
| 89 | +With patches, module authors include a patch YAML file that automatically updates consuming code to incorporate the breaking changes associated with the updated module code. |
| 90 | +Doing so allows module consumers to use patches to enable their modules consumers to automatically update consuming code to adopt breaking changes. |
| 91 | + |
| 92 | +In a Patcher ecosystem, the resolution to such a change is written once, in a patch, and distributed to all consumers. |
| 93 | +Although your release will succeed with or without a patch, downstream consumers of your breaking change will praise you thoroughly for your advance work. |
| 94 | + |
| 95 | +In theory, you may write whatever command execution steps you want to perform patch steps. |
| 96 | +For example, there are many cases where validating tool versions are required, or using `sed` to find and replace certain values. |
| 97 | +However, we _strongly_ recommend using [`terrapatch`](https://github.com/gruntwork-io/terrapatch), a Gruntwork tool that surgically updates Terraform/OpenTofu HCL files. |
0 commit comments