pr-automation
Harness IaCM supports reviewing infrastructure changes via pull request automation. This functionality allows developers to see the changes, such as the plan details, as comments in the PR, so they can see what the resource changes will be before applying the plan. Additionally, Harness IaCM also supports Open Policy Agent (OPA) for more advanced policy enforcement.
Create a PR pipeline
- Interactive guide
- Step-by-step
Create a pipeline similar to the way described in the provision workspace topic, and select Pull Request as the operation.
- Sign in to app.harness.io and select the Infrastructure module from the module pane.
- Create a PR pipeline. Create a pipeline similar to the way described in the provision workspace guide, and select Pull Request as the operation.
Create a pipeline trigger
- Interactive guide
- Step-by-step
- After saving the pipeline, select Trigger, and then add a new trigger.
- Select a Webhook trigger with the same connector as the workspace it is configured with.
- Fill in the following details:
- Trigger name: Add a name for the trigger.
- Connector: Select the same one your workspaces are using.
- Event: Select Pull Request.
- Actions: Select Any Actions or specific actions from which you want the PR pipeline to be triggered.
- Select Continue.
- On the second page of the trigger editor, you can specify that the trigger should only be activated when files within a certain folder are changed, for example, the trigger activates only if the PR affects files in the
terratest/examples/folder.
Review plan output in pull requests
Once the trigger is defined, create a PR in your git repository. You will see the trigger activation on the Trigger tab:
You will see the plan as a comment in the PR:
As a security measure, comments will not be populated if the repository is public. To override it, add the Environment Variable HARNESS_PASSWORD_API with the git repository token or secret set as the value.