feat: Bump Terraform to 1.15.6 and add Terragrunt 1.0.8

[Taegost]

Summary

Bump Terraform from 1.14.8 to 1.15.6 and add Terragrunt 1.0.8 — the widely-used Terraform/OpenTofu wrapper — with SHA256SUMS checksum verification and shell completions.

What changed

• Terraform 1.14.8 → 1.15.6. Minor version bump. HashiCorp maintains backward compatibility within 1.x.
• Terragrunt 1.0.8 added. Direct binary download with SHA256SUMS verification (following Packer's pattern), shell completions via --install-autocomplete, and a commented install block matching the Dockerfile's existing conventions. Placed after Terraform in the Dockerfile for logical grouping.
• Docs updated. .env.example and README.md reflect both changes.

Post-Deploy Monitoring & Validation

• Monitor the CI pipeline (build-and-push.yml) after merge — verify the multi-arch build completes and pushes to Docker Hub
• After the image publishes: docker pull taegost/devops-toolbox:latest && docker run --rm taegost/devops-toolbox:latest terragrunt --version should report v1.0.8
• No runtime service impact — this is a container image build change only

---

Summary by CodeRabbit

• New Features

  • Terragrunt (v1.0.8) infrastructure-as-code tool now included with automated bash completion support for improved developer workflow.

• Updates

  • Terraform version upgraded from 1.14.8 to 1.15.6, bringing latest features and compatibility enhancements.
  • Environment configuration templates, README documentation, and container build configuration updated to reflect new infrastructure tooling and version changes.

[coderabbitai]

Warning

Review limit reached

@Taegost, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 16 minutes and 10 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: b37bd1c7-4e7b-4f45-9f77-385426b47888

📥 Commits

Reviewing files that changed from the base of the PR and between 4876993 and 55c9776.

📒 Files selected for processing (3)

• .env.example
• CLAUDE.md
• Dockerfile

📝 Walkthrough

Walkthrough

Terraform is bumped from 1.14.8 to 1.15.6 and Terragrunt 1.0.8 is added to the Dockerfile via binary download with SHA256 checksum verification, system install, smoke test, and bash completion. Matching version pins are added to .env.example, a Terragrunt row is inserted in the README, and a plan document is included.

Changes

Terraform Bump and Terragrunt Addition

Layer / File(s)	Summary
Dockerfile: Terraform bump, Terragrunt install, and bash completion Dockerfile	TERRAFORM_VERSION default updated to 1.15.6; new TERRAGRUNT_VERSION=1.0.8 ARG added with download, SHA256SUMS verification, install to /usr/local/bin/terragrunt, and terragrunt --version smoke test; terragrunt --install-autocomplete added alongside the existing Terraform completion step.
Version pins, README entry, and implementation plan .env.example, README.md, docs/plans/2026-06-14-001-feat-terraform-bump-terragrunt-add-plan.md	TERRAFORM_VERSION updated and TERRAGRUNT_VERSION=1.0.8 added to .env.example pins and reference URLs; Terragrunt row inserted in the README tool table; plan document added covering requirements R1–R6, technical decisions, implementation units U1–U4, deferred items, and source references.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

enhancement

Poem

🐇 Hop hop, a new tool joins the box,
Terragrunt arrives in /usr/local/bin socks!
SHA256 checked, the version locked tight,
Bash completions sparkle in the image's light.
The README updated, the plan neatly penned —
Another fine tool for the DevOps blend! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the two main changes: bumping Terraform to 1.15.6 and adding Terragrunt 1.0.8, which align directly with the changeset across all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/terraform-bump-terragrunt-add

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Around line 152-173: The Terragrunt installation RUN command contains a
pipeline (grep piped to awk to sha256sum) where intermediate failures could be
silently masked, particularly if grep fails to find the expected binary name in
the SHA256SUMS file. Add `set -o pipefail` at the very beginning of the RUN
command (before the first curl statement) to ensure that any failure in the grep
to awk to sha256sum pipeline chain halts the build immediately rather than
allowing silent failures to propagate. This addresses the robust error handling
requirement and makes the checksum verification more reliable.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 3a0d9307-1a09-422f-ab5a-0b9df715c24d

📥 Commits

Reviewing files that changed from the base of the PR and between b43a4be and 4876993.

📒 Files selected for processing (4)

• .env.example
• Dockerfile
• README.md
• docs/plans/2026-06-14-001-feat-terraform-bump-terragrunt-add-plan.md

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Push

🧰 Additional context used

🪛 dotenv-linter (4.0.0)

.env.example

[warning] 47-47: [UnorderedKey] The PACKER_VERSION key should go before the TERRAFORM_VERSION key

(UnorderedKey)

🪛 Hadolint (2.14.0)

Dockerfile

[warning] 163-163: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check

(DL4006)

🔇 Additional comments (6)

Dockerfile (3)

142-142: LGTM!

---

461-467: LGTM!

---

163-173: Cross-file version consistency: Terraform 1.15.6 and Terragrunt 1.0.8 pinned correctly across Dockerfile and .env.example.

Both tool versions are consistently pinned and verified as stable releases:

• Dockerfile#L142: TERRAFORM_VERSION=1.15.6 (released June 10, 2026)
• .env.example#L46: TERRAFORM_VERSION=1.15.6
• Dockerfile#L161: TERRAGRUNT_VERSION=1.0.8 (released June 10, 2026)
• .env.example#L48: TERRAGRUNT_VERSION=1.0.8

Both versions are confirmed as stable releases on their respective repositories with all required release assets available (Terraform zip packages for Linux architectures, Terragrunt Linux binaries for both amd64 and arm64).

.env.example (1)

17-19: LGTM!

README.md (1)

18-18: LGTM!

docs/plans/2026-06-14-001-feat-terraform-bump-terragrunt-add-plan.md (1)

1-119: LGTM!