VCS-Driven Deployments
Tharsis can automatically trigger runs when changes are pushed to a connected Git repository. This is powered by VCS providers — integrations with GitHub and GitLab.
How it works​
- A VCS provider is configured in a group with OAuth credentials for GitHub or GitLab.
- A workspace is linked to a repository and branch via a Workspace VCS Provider Link.
- When a commit is pushed to the configured branch, Tharsis automatically creates a run (plan + apply) using the Terraform configuration from the repository.
Setup​
1. Create a VCS provider​
Navigate to your group and create a VCS provider. See VCS Providers for detailed instructions on configuring OAuth applications for GitHub or GitLab.
2. Link a workspace to a repository​
Once the VCS provider is authenticated, link it to a workspace:
- Navigate to the workspace.
- Go to the VCS tab.
- Select the VCS provider, repository, and branch.
- Optionally configure the module directory if your Terraform files are in a subdirectory.
See Workspace VCS Provider Links for details.
3. Set workspace variables​
Since there's no CLI involved in VCS-driven runs, any variables needed by the Terraform configuration must be set as workspace variables:
- Navigate to the workspace in the UI.
- Go to the Variables tab.
- Add Terraform variables and environment variables as needed.
This includes registry credentials (TF_TOKEN_*) if your configuration references private module sources.
Automatic run triggers​
Once linked, Tharsis creates a run whenever:
- A commit is pushed to the configured branch.
- A merge/pull request is merged into the configured branch.
The run uses the Terraform configuration from the commit that triggered it.
If deploying to AWS or Azure, be sure to assign a managed identity to the target workspace!