🐱Local Plan
CI/CD Automation
Last updated
CI/CD Automation
Last updated
This integration requires that the Terraform plan file be available to GitHub Actions and visible to the Resourcely. You must perform the following steps:
Adding Required Variables to the Repository
Configure GitHub Actions as a Terraform Runner
Resourcely can be configured using environment variables. Some variables are optional and used for configuration, while others must be defined before the guardrails can be validated.
RESOURCELY_API_TOKEN
(Required) Token generated from the Resourcely portal. Used to verify infrastructure guardrails.
Yes
TF_PLAN_DIRECTORY
(Optional) The directory where the terraform files to verify are located.
Default Value: tf-plan-files
No
TF_PLAN_PATTERN
(Optional) Pattern for Terraform plan files (e.g., plan*
).
Default Value: plan*
No
Secret variables allow you to store sensitive information in your organization, repository, or repository environments.
Open the repository you want Resourcely to watch
Click the Settings tab
Under the Security section, select Secrets and variables
Under the Secret section, press the New Repository secret button
Add the following variables and their values one at a time and press the Add secret button
You can learn more about GitHub Secret variables by checking out the following documentation:
Now let's add the Resourcely job to GitHub Actions in order to perform the following actions:
Obtain the resourcely-cli
Docker container, which is used to download policies from Resourcely, assess them, and submit the results to Resourcely. As a result, these findings will be displayed on your GitHub pull requests each time a new pull request is submitted.
Open the repository you want Resourcely to watch
Create a file named terraform.yml
under .github/workflows
. If the directory does not exist, create it.
Copy and paste the following code and make configuration changes as needed
Note: The Resourcely CI Action is imported from the GitHub Actions Marketplace
Commit the change to the main branch
You should now have the Resourcely Action enabled in GitHub, which will run each time a new resource generation PR is created.
This repository helps to integrate Resourcely into repository that used Github Actions as the Terraform runner.
It contains a workflow that waits for terraform plan and then uses the Resourcely Github Action to evaluate guardrails on that plan.
Note: If you wish to use the GitHub Actions Scaffolding and plan to configure AWS credentials, we recommend the assume role approach with OpenID Connect.
If you have multiple config roots, you'll likely want them to run in the same action. Update the existing workflow to specify each config root directory name in the strategy.matrix. And set the working directory for the job to use this value.
Additionally, update the upload step so that each plan gets a unique name
Then include a download step for each config-root to the resourcely-ci job
Lastly, supply a manifest of your config roots to the resourcely-action