Terrateam is an open-source GitOps platform that automates infrastructure-as-code (IaC) workflows like Terraform, OpenTofu, CDKTF, Terragrunt, and Pulumi directly within GitHub pull requests. It solves the complexity of managing large-scale IaC across monorepos by providing automated plan/apply cycles, policy enforcement, and real-time visibility without requiring manual CLI execution. Built for teams running hundreds to thousands of infrastructure workspaces, it eliminates manual toil and reduces deployment risk.
Built in OCaml and designed as a stateless system, Terrateam runs on your infrastructure using self-hosted runners and integrates with GitHub Actions. It supports OIDC, RBAC, and policy engines like OPA/Rego and Checkov. The full UI, cost estimation, and dependency coordination are included in the open-source version, making it deployable behind your firewall with full control over secrets and state.
What You Get
- GitOps Pull Request Automation - Automatically runs Terraform, OpenTofu, Pulumi, or Terragrunt plans and applies in GitHub PRs, eliminating manual CLI commands and enforcing review workflows.
- Tag-Based Configuration - Define IaC policies and workflows using tags (e.g.,
tag:production AND team:payments) to apply rules consistently across thousands of workspaces in monorepos.
- Smart Locking & Parallel Execution - Apply-only locking allows unlimited parallel plans while preventing conflicting applies, enabling safe concurrent infrastructure changes.
- Policy Enforcement with OPA/Rego & Checkov - Enforce compliance rules using Open Policy Agent (OPA), Rego, or Checkov to block non-compliant infrastructure changes before they’re applied.
- Cost Estimation & Drift Detection - Automatically shows cost estimates and detects infrastructure drift in PRs, helping teams avoid budget overruns and unexpected state changes.
- Full Self-Hostable UI with Run Logs - Includes a complete web interface to track all runs, view execution logs, debug failures, and monitor infrastructure changes—all in the open-source version.
Common Use Cases
- Managing 10,000+ Terraform workspaces in a monorepo - A cloud platform team uses Terrateam to automate IaC changes across hundreds of microservices and environments without manual intervention or config duplication.
- Enforcing compliance in regulated environments - A fintech company uses OPA/Rego policies in Terrateam to block any PR that creates public S3 buckets or disables encryption before approval.
- Running multi-cloud infrastructure with Pulumi and CDKTF - A DevOps team automates deployments across AWS, Azure, and GCP using Terrateam’s support for multiple IaC tools in a single workflow.
- Reducing deployment risk in production - A SaaS company uses Terrateam’s pre-merge plans and apply-only locks to ensure infrastructure changes are validated and safe before merging to main.
Under The Hood
Architecture
- The repository exhibits a well-defined architecture with a clear separation of concerns, organizing functionality into distinct modules for core operations, provider implementations, and the command-line interface.
- A plugin-based system is central, allowing for extensibility through the addition of new providers and planning strategies.
- Dependency injection is widely used, promoting loose coupling and simplifying testing.
- Interfaces are leveraged to define contracts, further enhancing modularity and independent evolution of components.
- The command-line interface is structured around a command pattern, improving maintainability and user experience.
Tech Stack
- The core platform is built using Go, capitalizing on its concurrency features for efficient state management.
- Terraform is a foundational element, with the project demonstrating a deep understanding of its SDK and concepts.
- The frontend is implemented with React and TypeScript, providing a modern and type-safe user interface, likely leveraging Next.js for server-side rendering.
- Kubernetes is used for orchestration and scaling, indicating a cloud-native deployment strategy, with Helm for packaging.
- PostgreSQL serves as the primary database, with a focus on data integrity and relational modeling.
- A comprehensive testing strategy is employed, utilizing tools like Jest, React Testing Library, Go’s testing package, and Cypress.
Code Quality
- The codebase demonstrates a strong focus on testing, particularly around validating the robustness of the HCL parser against invalid input.
- Code organization is modular, with distinct modules for different testing concerns.
- Naming conventions are generally clear and consistent, enhancing readability.
- Type safety is enforced through the underlying language, though explicit type annotations are not always abundant.
- Error handling is primarily delegated to the parser, with minimal explicit error handling in the core logic.
What Makes It Unique
- The project prioritizes the comprehensive validation of the HCL parser’s error reporting capabilities, ensuring robustness against malformed input.
- The implementation of a persistent caching layer for repositories, coupled with a loading state management system, improves responsiveness and user experience.