Skip to content

Deployment Workflows

formae supports multiple deployment workflows to match how your team operates. This flexibility allows you to adopt formae in existing environments or choose the workflow that best fits your organizational constraints.

Prerequisites: Before exploring workflows, understand Fundamentals and Modular infrastructure.

The three workflows

Classic GitOps

Your forma files in Git are the single source of truth. External changes are rejected or overwritten. This is the traditional GitOps approach where infrastructure changes must go through code review and version control.

Best for: - Teams with strict change control processes - Automated CI/CD deployments - Environments where all changes should be code-reviewed

Key characteristics: - Git is the only source of truth - Reconcile mode overwrites external changes - Discovery and synchronization disabled - Complete control over infrastructure state

Learn more about Classic GitOps →

Always up-to-date GitOps

Extends Classic GitOps by automatically discovering and tracking external changes. Your forma remains the source of truth, but formae helps you incorporate changes made outside your code.

Best for: - Teams using multiple infrastructure tools - Gradual migration to formae - Mixed workflows (some teams use ClickOps, others use code)

Key characteristics: - Git is the source of truth, but discovery and sync are enabled - External changes are tracked, not rejected - Extract unmanaged resources and bring them under management - Patch mode for additive changes with minimal blast radius

Learn more about Always up-to-date GitOps →

No-Git GitOps (Experimental)

formae itself becomes the system of record. You work with temporary forma files and use extract/apply at any granularity. Git is optional and only used for audit trails.

Best for: - Teams wanting maximum flexibility - Situations where Git workflow is too rigid - Environments with audit requirements but flexible processes

Key characteristics: - formae is the system of record - Work with temporary forma files - Extract and apply at any granularity - Git optional for audit purposes

⚠️ Experimental: This workflow is still in early development and lacks features like user management and full audit trails.

Learn more about No-Git GitOps →

Apply modes explained

All workflows use two primary apply modes:

Reconcile mode

formae apply --mode reconcile compares your forma against actual infrastructure and brings reality in line with your code. Resources in your forma are created or updated. Resources that exist in AWS but not in your forma are destroyed.

Use reconcile for: - Complete infrastructure deployments - Structural changes (Day-0 deployments) - When you want formae to remove resources not in your code

Patch mode

formae apply --mode patch only creates or updates resources. It never destroys anything. Resources in your forma are created or updated, but resources that exist in AWS but not in your forma are left alone.

Use patch for: - Adding new resources to existing infrastructure - Quick fixes and emergency changes - Team-specific additions without affecting shared infrastructure - Minimizing blast radius

Watch mode and async execution

All workflows support watch mode with the --watch flag. This lets you monitor the progress of your operations in real-time:

formae apply --mode reconcile --watch main.pkl

Important: Commands are executed asynchronously on the agent. This means:

  • You can safely exit the watch at any time (Ctrl+C) - the operation continues running
  • The agent keeps working in the background
  • To check on progress later, use formae status to see running operations

Learn more in CLI: Status.

What's next

Choose a workflow to dive deeper:

Or continue learning: