You can integrate Resourcely with Atlantis to automatically evaluate your Terraform plans on pull requests. The Resourcely guardrail evaluation will result in findings that help developers address the violations.
In order to set up Resourcely with Atlantis, you must perform the following steps:
- Verifying Prerequisites
- Change management
- Setup Resourcely with Custom workflows
Verifying Prerequisites
Before adding Resourcely to existing workflows, please verify that your Atlantis server environment:
- Has internet egress access to download the Resourcely CLI binary or container (e.g., through a NAT Gateway).
- Is configured to allow custom workflows.
- Is used with GitHub as a VCS.
Change Management
This setup assumes you have already completed the integration of Source Code Management (SCM). If you have not, please follow this guide to complete the SCM integration.
Setup Resourcely with Custom workflows
This requires an Atlantis server-side workflow written in Atlantis YAML. Create a new file called repos.yaml or update your existing YAML and add the following content:
repos:
- id: /.*/
workflow: resourcely_guardrails
allow_custom_workflows: true
policy_check: false
pre_workflow_hooks:
# Install resourcely cli, use location `/opt/resourcely-cli` to run the CLI
- run: |
LATEST_RELEASE_TAG=$(curl -s -I <https://github.com/Resourcely-Inc/resourcely-container-registry/releases/latest> | awk -F '/' '/^location/ {print substr($NF, 1, length($NF)-1)}')
curl -s -L -O <https://github.com/Resourcely-Inc/resourcely-container-registry/releases/download/$LATEST_RELEASE_TAG/resourcely-cli-${LATEST_RELEASE_TAG}-linux-amd64.tar.gz> > /dev/null && tar xvzf resourcely-cli-${LATEST_RELEASE_TAG}-linux-amd64.tar.gz && mv resourcely-cli /opt/resourcely-cli
workflows:
resourcely_guardrails:
plan:
steps:
- env:
name: RESOURCELY_API_TOKEN
value: '<RESOURCELY_API_TOKEN>' # get a token from https://portal.resourcely.io/settings/generate-api-token
- init
- plan
- show
# Run Resourcely
- run: /opt/resourcely-cli --log debug --api_host https://api.resourcely.io evaluate --change_request_url $PULL_URL --change_request_sha $HEAD_COMMIT --format plain --plan $SHOWFILE
description: Running Resourcely Guardrails
The resourcely-cli command in your repos.yaml evaluates your Terraform plans by downloading policies from Resourcely, assessing them, and submitting the results to Resourcely. These findings will be displayed on the pull request associated with the Atlantis run.
Note that the server needs to run with --repo-config=repos.yaml
atlantis server \\
...
--repo-config=repos.yaml \\
...
...
Atlantis should now run the Resourcely CLI on every pull request whenever new code is created or updated.
Top comments (0)