Skip to content

Give Atlantis apply permissions to more people in Your organisation

License

Notifications You must be signed in to change notification settings

czerasz/atlantis-org-applyer

Repository files navigation

Atlantis Organisation Applyer

When working with Atlantis on a bigger project (multiple GitHub repositories) a need arose to give apply permissions to more people in the organisation.

This project provides a solution (in form of a binary) which allows to grant apply permissions to GitHub users and teams for specific repository and Atlantis project pairs.

Atlantis Integration

  • add atlantis-org-applyer binary to the VM image or Docker image:

    version=1.0.1
    curl -SsLO "https://github.com/czerasz/atlantis-org-applyer/releases/download/v${version}/atlantis-org-applyer-v${version}-linux-amd64"
    curl -SsLO "https://github.com/czerasz/atlantis-org-applyer/releases/download/v${version}/atlantis-org-applyer-v${version}.sha256sum"
    grep "atlantis-org-applyer-v${version}-linux-amd64" "atlantis-org-applyer-v${version}.sha256sum" | sha256sum -c
    chmod u+x "atlantis-org-applyer-v${version}-linux-amd64"
  • mount configuration at /etc/atlantis/atlantis-org-applyer.yaml

  • configure Atlantis workflow in repo config file (/etc/atlantis/repos.yaml):

    ---
    ...
    workflows:
      standard:
        plan:
          steps:
          - env:
              name: GITHUB_BASE_URL # for GitHub Enterprise
              command: echo "https://${ATLANTIS_GH_HOSTNAME}/api/v3/"
          - env:
              name: GITHUB_TOKEN
              command: echo "${ATLANTIS_GH_TOKEN}"
          - env:
              name: CONFIG_PATH
              value: /etc/atlantis/atlantis-org-applyer.yaml
          - run: atlantis-org-applyer
          - apply

Sample Configurations (atlantis-org-applyer.yaml)

  • allow czerasz user to apply every PR on czerasz/repo-name repository:

    projects:
    - repo_owner: czerasz
      repo_name: repo-name
      atlantis_project: '.*' # allow every Atlantis project
      applyers:
      - name: czerasz
  • allow atlantis team to apply every PR on czerasz/repo-name repository:

    projects:
    - repo_owner: czerasz
      repo_name: repo-name
      atlantis_project: '.*' # allow every Atlantis project
      applyers:
      - name: atlantis
        type: team

    NOTE

    atlantis represents the GitHub team slug

  • allow atlantis team to apply every PR, on every repository in the czerasz organisation for projects prefixed with dev or test:

    projects:
    - repo_owner: czerasz
      repo_name: '.*'
      atlantis_project: '^(dev|test).*'
      applyers:
      - name: atlantis
        type: team
  • allow atlantis-ninjas team to apply every PR, on czerasz/databases repository for projects prefixed with prod only if the PR is in mergeable state:

    projects:
    - repo_owner: czerasz
      repo_name: '^databases$'
      atlantis_project: '^prod.*'
      required_mergeable: true
      applyers:
      - name: atlantis-ninjas
        type: team

    NOTE

    Remember to exclude mergeable from apply_requirements

Configuration Environment Variables

Variable Name DEscription Required Default
GITHUB_BASE_URL Custom URL when used with GitHub Enterprise installation yes ""
GITHUB_TOKEN GitHub token of API user yes -
BASE_REPO_OWNER Owner of the repository that the pull request will be merged into, ex. runatlantis yes -
BASE_REPO_NAME Name of the repository that the pull request will be merged into, ex. atlantis yes -
PULL_NUM Pull request number or ID, ex. 2 yes -
PROJECT_NAME Name of the project configured in atlantis.yaml yes -
USER_NAME Username of the VCS user running command, ex. czerasz yes -
CONFIG_PATH Configuration file used by atlantis-org-applyer yes atlantis-org-applyer.yaml
LOG_LEVEL Log level no debug

NOTE

Environment variable names were choosen to match as close as possible variables provided by Atlantis

Overview

Overview

About

Give Atlantis apply permissions to more people in Your organisation

Resources

License

Stars

Watchers

Forks

Packages

No packages published