Resourcely Documentation
LoginSign Up
  • Get Started
    • 🎱What is Resourcely?
    • 👋Why Resourcely
    • 🏃Quickstart
      • Terraform policies integrated into CI
      • Remediate policy violations in existing infrastructure
      • Templates for generating Terraform
      • Glossary
  • Concepts
    • Foundry
      • Create Blueprints with Foundry
      • Creating Guardrails with Foundry
      • lmport Terraform Modules
    • Guardrails
      • Writing your own Guardrails
      • Editing Guardrails
      • Releasing Guardrails
      • Enabling Inactive Guardrails
      • Guardrails in Action
        • 🐱GitHub Actions
        • 🦊GitLab Pipelines
    • Campaigns
      • Get started with Campaigns
      • Creating Campaigns
      • Remediate Resources
      • Campaign Agent
        • State File Support
          • Amazon Simple Storage Service (S3)
          • Google Cloud Storage (GCS)
          • HCP Terraform
          • Spacelift
        • Running Campaigns with GitHub Actions and a Repo-Hosted State File
        • Running Campaigns Locally
    • Blueprints
      • Authoring Your Own Blueprints
      • Using Built-in Resourcely Blueprints
      • Configuring Global Contexts
      • Deep Linking
    • Resources
      • Provisioning Infrastructure
      • Editing Infrastructure
      • Shopping Cart
      • Config Roots and Environments
    • Other Features and Settings
      • Global Values
      • Global Context
      • Metrics
      • Resourcely-cli
      • Resourcely.yaml
      • VCS Proxy
      • Settings
        • User management
        • Company Information
        • Notification Settings
        • Change Management
          • 🐱Connect to GitHub
          • 🦊Connect to Gitlab
        • Generate API Token
    • ✨Production Setup
      • Single Sign-On (SSO)
        • Auth0
        • AWS Single Sign-On
        • Azure AD
        • Google Workspace
        • JumpCloud
        • Okta
        • Omnissa Workspace ONE (formerly VMware)
        • OneLogin
        • Ping Identity
        • Other SAML / OIDC Providers
      • Source Code Management
        • Page
        • 🐱GitHub
        • 🦊GitLab
        • Atlassian Bitbucket
        • Azure Repos
  • Tutorials and guides
    • Remediation Use Cases
      • Apply tags to resources for automating backups
      • Implement centralized logging
    • Blueprints Use Cases
      • Automate Data Pipeline Creation
      • Encryption for GCP
      • AWS Account Factory
      • Streamline and govern AI
      • IAM Factory
      • Cost optimization for FinOps
      • Guardrails for Terraform Modules
    • Using the Resourcely Terraform Provider
      • Setup Resourcely Provider
      • Blueprints
      • Guardrails
      • Global Context
  • Integrate
    • CI/CD & Terraform Runners
      • Atlantis
      • 🐟AWS CodeBuild
      • Azure Pipelines
      • Buildkite
      • CircleCI
      • CloudBees CI
      • Codefresh
      • Digger
      • Env0
      • 🎏GitHub Actions
        • 🐱Local Plan
          • 🐹AWS with OpenID Connect
        • 🐶Terraform Cloud Integration
      • 🦊GitLab Pipelines
      • Harness
      • 🗻HashiCorp Cloud Platform (formerly Terraform Cloud)
      • Jenkins
      • Octopus Deploy
      • Scalr
      • 🌌Spacelift
      • Terramate
      • 🌎Terrateam
    • Cloud Providers
      • 🌨️Amazon Web Services (AWS)
      • 🤓Google Cloud Platform (GCP)
        • Guardrail Gaunlet at Google Cloud Next 2025
      • 💾Microsoft Azure
      • Alibaba Cloud
      • Huawei Cloud
      • IBM Cloud
      • Oracle Cloud Infrastructure (OCI)
      • Tencent Cloud
      • VMware vSphere
    • Developer Portals
      • Atlassian Compass
      • Backstage
      • Cortex
      • Harness IDP
      • Home grown internal developer portals
      • OpsLevel
      • Port
      • Roadie
    • ITSM
      • Atlassian Jira
      • FreshWorks
      • ServiceNow ITSM
      • ZenDesk
    • CSPM
      • Wiz
    • More Terraform Provider Integrations
      • 🚂ConductorOne Provider
      • Databricks Provider
      • Kubernetes Provider
      • 🐕Datadog Provider
      • ❄️Snowflake Provider
Powered by GitBook
On this page
  • Prerequisites
  • Storing the Resourcely API Token
  • Granting Access to the Resourcely API Token
  • Adding the Resourcely Command
  1. Integrate
  2. CI/CD & Terraform Runners

Azure Pipelines

Integrating Resourcely with Azure Pipeline and GitHub as the Version Control System (VCS).

PreviousAWS CodeBuildNextBuildkite

Last updated 5 months ago

You can integrate Resourcely with Azure Pipelines to automatically evaluate your Terraform plans and policies on every pull request. This integration allows Resourcely to provide feedback directly within your pull/merge requests in GitHub or GitLab. The following guide will help you set up Resourcely with Azure Pipelines.

Prerequisites

Before integrating Resourcely with Azure Pipelines, ensure that the following prerequisites are met:

  • Azure Pipelines Project: You have an existing Azure Pipelines project configured.

  • Pipelines Egress Access: Your build agents have internet access to download the Resourcely CLI and communicate with Resourcely's API.

  • Docker Availability: Your build agents can run Docker containers. If not, you can pull the Resourcely CLI Binaries directly (see ).

Storing the Resourcely API Token

The Resourcely CLI requires access to a Resourcely API token at build time to report findings from your Terraform plans. You can securely store this token in Azure Pipelines using variable groups.

  1. Generate an API token from Resourcely:

    • Generate API Token

  2. Navigate to Your Project:

    • Go to your Azure DevOps project.

    • Select Pipelines > Library.

  3. Create a Variable Group:

    • Click on + Variable Group.

    • Name the variable group (e.g., Resourcely).

  4. Add the API Token:

    • Click Add to create a new variable.

    • Name: RESOURCELY_API_TOKEN.

    • Value: Paste your Resourcely API token.

    • Keep this value secret: Check this option to store the token securely.

    • Click OK and then Save the variable group.

  5. Add Pipeline Permission after generating the variable.

    • Select Pipelines > Library.

    • Select the variable group you want to authorize.

    • select the Pipeline permissions tab.

    • select + and then select a pipeline to authorize

Granting Access to the Resourcely API Token

Ensure that your pipeline has access to the variable group containing the Resourcely API token.

  1. Link Variable Group to Pipeline:

    • In your pipeline YAML file (azure-pipelines.yml), reference the variable group:

      variables:
        - group: 'Resourcely'

Adding the Resourcely Command

You'll need to update your pipeline to include steps that:

  • Run terraform plan and convert the plan to JSON.

  • Run the Resourcely CLI to evaluate the plan.

Here's an example of how to modify your azure-pipelines.yml file:

trigger:
  branches:
    include:
      - main

pr:
  branches:
    include:
      - main

variables:
- group: Resourcely
- name: 'RESOURCELY_API_HOST'
  value: "https://api.resourcely.io"
- name: 'TF_PLAN_DIRECTORY'
  value: "terraform-plans"
- name: 'VCS'
  value: "github"

jobs:
- job: TerraformPlanAndEvaluate
  displayName: 'Terraform Plan and Resourcely Evaluation'
  pool:
    vmImage: 'ubuntu-latest'

  steps:
  - task: TerraformInstaller@1
    displayName: 'Install Terraform'
    inputs:
      terraformVersion: 'latest'

  - script: |
      echo "Creating directory for Terraform plans: $(System.DefaultWorkingDirectory)/$(TF_PLAN_DIRECTORY)"
      mkdir -p $(System.DefaultWorkingDirectory)/$(TF_PLAN_DIRECTORY)
    displayName: 'Create Directory for Terraform Plans'

  - script: |
      terraform init
    displayName: 'Terraform Init'

  - script: |
      terraform plan -input=false -out=plan.raw
      terraform show -json plan.raw > $(System.DefaultWorkingDirectory)/$(TF_PLAN_DIRECTORY)/plan.json
    displayName: 'Generate Terraform Plan'
  
  - script: |
      echo "Pulling Resourcely CLI Docker Image..."
      docker pull ghcr.io/resourcely-inc/resourcely-cli:latest
      
      # Construct the Pull Request URL (Assumes only VCS == github)
      PR_URL="${SYSTEM_PULLREQUEST_SOURCEREPOSITORYURI}/pull/${SYSTEM_PULLREQUEST_PULLREQUESTNUMBER}"
      
      echo "Pull Request URL: ${PR_URL}"
      PLAN_FILE=$(ls $(System.DefaultWorkingDirectory)/$(TF_PLAN_DIRECTORY)/*.json | sed "s|^$(System.DefaultWorkingDirectory)/$(TF_PLAN_DIRECTORY)|/plans|" | tr '\\n' ',' | sed 's/,$//')
      echo "Running Resourcely CLI to evaluate the Terraform Plan..."
      docker run --rm \\
        -e RESOURCELY_API_HOST=$(RESOURCELY_API_HOST) \\
        -e RESOURCELY_API_TOKEN=$(RESOURCELY_API_TOKEN) \\
        --mount type=bind,src=$(System.DefaultWorkingDirectory)/$(TF_PLAN_DIRECTORY),dst=/plans \\
        ghcr.io/resourcely-inc/resourcely-cli:latest \\
        evaluate \\
        --vcs $(VCS) \\
        --config_root_path . \\
        --environment prod \\
        --change_request_url ${PR_URL} \\
        --change_request_sha ${SYSTEM_PULLREQUEST_SOURCECOMMITID} \\
        --plan ${PLAN_FILE} \\
    displayName: 'Run Resourcely CLI Evaluation'
  • Confirm your VCS is evaluating guardrails successfully

If you have questions, please email us at support@resourcely.io or .

contact us
CLI Artifacts
Variable Group
Giving pipeline permission to access variable group
Successful run of Resourcely guardrails