Terraform provider upgrades often turn into a manual research exercise. You check the registry, read changelogs, scan the codebase for deprecated resources…

Thomas Thornton is a software engineer and technology enthusiast known for his expertise in web development and cloud computing. Readers can learn about coding best practices, cloud architecture patterns, and emerging technologies. With blog posts, tutorials, and technical analysis, Thomas Thornton shares  insights and best practices for building modern and scalable software solutions.

Thomas Thornton

GitHub Agentic Workflows can automate the tedious parts of Terraform provider upgrades. By combining a Terraform MCP server, reusable agents, and skills imported from a shared repository, the workflow detects new provider versions, scans for deprecated resources, applies safe migrations (including `moved` blocks), generates upgrade documentation, and opens a draft PR for human review. A real example shows upgrading AzureRM from 3.75.0 to 4.63.0, automatically migrating deprecated `azurerm_sql_*` resources to their MSSQL equivalents. Safety is enforced via Safe Outputs — PRs are always drafts and nothing merges automatically. The pattern reduces a 30–60 minute manual upgrade task to roughly 5 minutes of PR review.

Automating Terraform provider upgrades with GitHub Agentic Workflows

The Real Problem with Terraform Provider Upgrades

Why This Matters for Platform Engineering Teams