Running Campaigns Locally

PreviousRunning Campaigns with GitHub Actions and a Repo-Hosted State File NextBlueprints

Last updated 2 months ago

Running Campaigns Locally

You can run campaigns on a local state file. This feature requires the following:

Prerequisite

An active account on
An active list of guardrails in order to generate violations, see Guardrails
Resourcely-CLI which you can find the list of available versions
A valid RESOURCELY_API_TOKEN which can be obtained Generate API Token
A copy of state file in JSON format - You can find example state file in our

Running CLI

Now you can run the resourcely-cli against a local state file. We can export a CSV of findings associated with a single state file without needing any configuration beyond the normal for the resourcely CLI.

export RESOURCELY_API_TOKEN=<token>

Without config root

resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name>

With config root configured via resourcely.yaml

resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name> --config_root_path "."

Results will look like this

... Logs trimmed to highlight relevant sections ...
2025-01-08T13:25:20.666-0800	info	evaluate/state.go:650	Checking Campaigns:All (config_root=., environment=dev) for guardrail violations...	{"run_id": "d32d5491-f9aa-4137-8cbd-31405aea5abe", "repo_url": "<https://github.com/org/repo_name>", "config_root": "."}
2025-01-08T13:25:20.737-0800	info	evaluate/evaluate_state.go:82	Evaluation returned 0 passed checks, 3 violations
2025-01-08T13:25:20.737-0800	warn	cl/cl.go:124	Guardrail checks found 3 violations
2025-01-08T13:25:20.737-0800	info	evaluate/evaluate.go:294	=============== Guardrail ID 2c451692-1bef-43e7-8597-0680d8ae6bc3 ==============
2025-01-08T13:25:20.737-0800	warn	cl/cl.go:124	(config_root_path: "." environment: "dev") Resource "aws_s3_bucket_versioning.campaigns-data-resource_fraMshbmm94dxGRa" violates requirement "REQUIRE versioning_configuration.status = \\"Enabled\\"". Approver: "default"
2025-01-08T13:25:20.737-0800	info	evaluate/evaluate.go:294	=============== Guardrail ID 2ced4a82-23fa-4e42-b467-b60c2605745f ==============
2025-01-08T13:25:20.738-0800	warn	cl/cl.go:124	(config_root_path: "." environment: "dev") Resource "aws_s3_bucket_public_access_block.campaigns-data-resource_fraMshbmm94dxGRa" violates requirement "REQUIRE block_public_acls = true AND restrict_public_buckets = true". Approver: "default"
2025-01-08T13:25:20.738-0800	info	evaluate/evaluate.go:294	=============== Guardrail ID 7d69433d-3018-4889-8bb2-6725d2d2a18b ==============
2025-01-08T13:25:20.738-0800	warn	cl/cl.go:124	(config_root_path: "." environment: "dev") Resource "aws_s3_bucket.campaigns-data-resource_fraMshbmm94dxGRa" violates requirement "REQUIRE bucket STARTSWITH \\"resourcely\\"". Approver: "default"

With environment

resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name> --config_root_path "." --environment "dev"

Output results to a CSV file

resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name> --output_file_csv /path/to/export.csv

Upload Findings

We can add findings into a config root as long as it doesn’t have an actual setup for campaigns; these will be rejected if there is any pre-existing setup for that config root. This allows you to see the findings in the UI, and go through the steps for campaigns without needing the proxy set up.

resourcely-cli evaluate_state state terraform.json --api_host https://api.resourcely.io --repo_url https://github.com/org/repo_name --config_root_path us-east-1 --upload_demo_findings true

PreviousRunning Campaigns with GitHub Actions and a Repo-Hosted State File NextBlueprints

Last updated 2 months ago