DEV Community

Cover image for Resourcely adds Atlantis Support
Ryan Cartwright for Resourcely

Posted on

Resourcely adds Atlantis Support

You can integrate Resourcely with Atlantis to automatically evaluate your Terraform plans on pull requests. The Resourcely guardrail evaluation will result in findings that help developers address the violations.

In order to set up Resourcely with Atlantis, you must perform the following steps:

  • Verifying Prerequisites
  • Change management
  • Setup Resourcely with Custom workflows

Verifying Prerequisites

Before adding Resourcely to existing workflows, please verify that your Atlantis server environment:

  • Has internet egress access to download the Resourcely CLI binary or container (e.g., through a NAT Gateway).
  • Is configured to allow custom workflows.
  • Is used with GitHub as a VCS.

Change Management

This setup assumes you have already completed the integration of Source Code Management (SCM). If you have not, please follow this guide to complete the SCM integration.

Setup Resourcely with Custom workflows

This requires an Atlantis server-side workflow written in Atlantis YAML. Create a new file called repos.yaml or update your existing YAML and add the following content:

repos:
  - id: /.*/
    workflow: resourcely_guardrails
    allow_custom_workflows: true
    policy_check: false
    pre_workflow_hooks:
      # Install resourcely cli, use location `/opt/resourcely-cli` to run the CLI
      - run: |
            LATEST_RELEASE_TAG=$(curl -s -I <https://github.com/Resourcely-Inc/resourcely-container-registry/releases/latest> | awk -F '/' '/^location/ {print  substr($NF, 1, length($NF)-1)}')
            curl -s -L -O <https://github.com/Resourcely-Inc/resourcely-container-registry/releases/download/$LATEST_RELEASE_TAG/resourcely-cli-${LATEST_RELEASE_TAG}-linux-amd64.tar.gz> > /dev/null && tar xvzf resourcely-cli-${LATEST_RELEASE_TAG}-linux-amd64.tar.gz && mv resourcely-cli /opt/resourcely-cli
workflows:
  resourcely_guardrails:
    plan:
      steps:
        - env:
            name: RESOURCELY_API_TOKEN
            value: '<RESOURCELY_API_TOKEN>' # get a token from https://portal.resourcely.io/settings/generate-api-token
        - init
        - plan
        - show 
        # Run Resourcely 
        - run: /opt/resourcely-cli --log debug --api_host https://api.resourcely.io evaluate --change_request_url $PULL_URL  --change_request_sha $HEAD_COMMIT --format plain --plan $SHOWFILE
        description: Running Resourcely Guardrails
Enter fullscreen mode Exit fullscreen mode

The resourcely-cli command in your repos.yaml evaluates your Terraform plans by downloading policies from Resourcely, assessing them, and submitting the results to Resourcely. These findings will be displayed on the pull request associated with the Atlantis run.

Note that the server needs to run with --repo-config=repos.yaml

atlantis server \\
...
--repo-config=repos.yaml \\
...
...
Enter fullscreen mode Exit fullscreen mode

Atlantis should now run the Resourcely CLI on every pull request whenever new code is created or updated.

Top comments (0)