Atlantis with Github Deployments #3669
Unanswered
mattjamesaus
asked this question in
Q&A
Replies: 3 comments 2 replies
-
that is an interesting idea, I do not see why you could not use a post_workflow_hook to do it. |
Beta Was this translation helpful? Give feedback.
1 reply
-
that should work , you just need to change the scope to allow it and it
should work
…On Mon, Aug 14, 2023, 6:53 p.m. Matt James ***@***.***> wrote:
Yeah that's what i thought, the post hook seems easiest but i'm wondering
if i can leverage the existing app permissions to do so vs having to
generate a new token. That would just reduce the amount of tokens etc being
required.
—
Reply to this email directly, view it on GitHub
<#3669 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQ3ERBSM2WDIPYVDDUAT6DXVLJCFANCNFSM6AAAAAA3PIFDYI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
I think you need to add to the script a step to obtain the session token
using the app authentication and use that to interact with the deployment
…On Mon, Aug 14, 2023, 9:47 p.m. Matt James ***@***.***> wrote:
Yeah the only thing i'm wondering is like how does the altantis container
interact with the github API, the script itself would be pretty trivial
(GPT whipped this up but it's for the most part accuate)
#!/bin/bash
# Assuming ATLANTIS_GITHUB_TOKEN is set in the environment
GITHUB_TOKEN="$ATLANTIS_GITHUB_TOKEN"
# Other variables
GITHUB_REPO="org/repo"
DEPLOYMENT_REF="commit_sha"
# GitHub Deployment API Endpoint
API_ENDPOINT="https://api.github.com/repos/$GITHUB_REPO/deployments"
# Deployment Payload
DEPLOYMENT_JSON=$(cat <<EOL
{
"ref": "$DEPLOYMENT_REF",
"description": "Description of the deployment",
...
}
EOL
)
# Create GitHub Deployment
curl -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Content-Type: application/json" \
-d "$DEPLOYMENT_JSON" \
"$API_ENDPOINT"
Assuming this is all gravy the big question here for me at least is what
would the GITHUB_TOKEN in this case be? Assuming i change the scopes for
atlantis to create deployments (which doesn't seem to be an issue) how
would i delegate that token to this script (or any other post hook for the
matter)? The rest seems like its made available to the post hook per the
documentation i'd really like to avoid having to like commit that to code
if possible.
The other line of thinking was expose a PAT to the container to try to
have that surface up but that doesn't seem ideal (although reasonably
secure i suppose)
—
Reply to this email directly, view it on GitHub
<#3669 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQ3ERD2LXNU55DWC53MVO3XVL5OTANCNFSM6AAAAAA3PIFDYI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Has anyone had any luck writing a post apply hook or some other method for creating GitHub deployments? JIRA has a pretty nice GitHub integration these days which basically annotates the case for a github deployment. I could see something similar where Atlantis generates the deployment in GitHub so IAC changes get the same treatment as GHA runs.
I'm wondering if it would be possible to leverage the existing atlantis GH app to do this in more secure fashion i.e only create deploys on GH atlantis enabled repos etc.
Beta Was this translation helpful? Give feedback.
All reactions