{"id":21514847,"url":"https://github.com/getindata/docker-atlantis","last_synced_at":"2025-10-08T11:23:09.976Z","repository":{"id":65781885,"uuid":"546594729","full_name":"getindata/docker-atlantis","owner":"getindata","description":"Custom Atlantis docker image developed by GetInData","archived":false,"fork":false,"pushed_at":"2024-04-29T11:29:17.000Z","size":50,"stargazers_count":14,"open_issues_count":1,"forks_count":2,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-09T20:11:35.726Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getindata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-06T10:27:51.000Z","updated_at":"2024-11-11T08:33:51.000Z","dependencies_parsed_at":"2024-04-18T14:45:29.334Z","dependency_job_id":"f03fad0e-a044-4efb-8d1b-bdbe74311b19","html_url":"https://github.com/getindata/docker-atlantis","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fdocker-atlantis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fdocker-atlantis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fdocker-atlantis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getindata%2Fdocker-atlantis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getindata","download_url":"https://codeload.github.com/getindata/docker-atlantis/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248103872,"owners_count":21048245,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-23T23:53:13.110Z","updated_at":"2025-10-08T11:23:04.920Z","avatar_url":"https://github.com/getindata.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker Atlantis Image\n\n\u003c!--- Build Badges --\u003e\n[![build test scan docker images](https://github.com/getindata/docker-atlantis/actions/workflows/pr_opened.yml/badge.svg)](https://github.com/getindata/docker-atlantis/actions/workflows/pr_opened.yml)\n[![create new release with changelog](https://github.com/getindata/docker-atlantis/actions/workflows/release.yml/badge.svg)](https://github.com/getindata/docker-atlantis/actions/workflows/release.yml)\n\n\u003c!--- Replace repository name --\u003e\n![Docker](https://badgen.net/badge/icon/docker?icon=docker\u0026label)\n![License](https://badgen.net/github/license/getindata/docker-atlantis/)\n![Release](https://badgen.net/github/release/getindata/docker-atlantis/)\n\n\n\u003cp align=\"center\"\u003e\n  \u003cimg height=\"150\" src=\"https://getindata.com/img/logo.svg\"\u003e\n  \u003ch3 align=\"center\"\u003eWe help companies turn their data into assets\u003c/h3\u003e\n\u003c/p\u003e\n\nThat custom `atlantis` docker image was created in order to install few helpful tools into \"stock\" solution:\n- `terragrunt-atlantis-config` - script that dynamically generates `atlantis.yaml` for terragrunt configurations\n- `checkov` (via asdf) - security and \"best-practice\" scanner (static code analysis)\n- `asdf` - version manager used to install needed packeges and versions \u003chttp://asdf-vm.com/\u003e\n- `terragrunt` (via asdf) - thin terraform wrapper\n- `terraform` (via asdf) - IaC automation\n- `helm` (via asdf) - k8s package manager used by `helm` terraform provider\n- `kubectl` (via asdf) - k8s CLI tool used by `kubernetes` terraform provider\n- `tflint` (via asdf) - a pluggable terraform linter\n- `terraform-docs` (via asdf) - a utility to generate documentation from terraform modules in various output formats\n- `jq` (via asdf) - command line JSON parser\n- `yq` (via asdf) - command like YAML parser\n- `glab` (via asdf) - GitLab CLI client\n- `az-cli` (via pip) - Azure CLI\n- `infracost` (via asdf) - cloud cost estimates\n- `aws-cli` (via apk) - AWS CLI\n\nFiles found in the repo:\n- `Dockerfile` is based on an official atlantis docker file (\u003chttps://github.com/runatlantis/atlantis/blob/v0.17.3/Dockerfile\u003e) with some additional tweaks (asdf installation and configuration)\n- `check-gitlab-approvals.sh` is a script, intended to work around GitLab CE repository security limitations (CODEOWNERS, allowed approvers, etc.)\n- `approval-config-example.yaml` is a sample approver config used by `check-gitlab-approvers.sh` script\n- `pull-gitlab-variables.sh` is a script that pulls GitLab variables and creates string with environment variables to be used by Atlantis in `multienv` step (see: https://www.runatlantis.io/docs/custom-workflows.html#multiple-environment-variables-multienv-command)\n\n---\n\n## Work around Free GitLab limitations\n\nFree versions of all major VCS systems (GitHub, GitLab, Bitbucket) introduce a set of limitations that should encourage it's users to pay for the service. One of those limitations is no `CODEOWNERS` support\nand no ability to configure \"allowed approvers\" in free repositories.\n\nSince Atlantis security depends on VCS level reviews (every approved MR/PR can be `atlantis apply`ed) it is crucial to somehow workaround this limitations.\n\nWe use hosted GitLab as our primary VCS in GetInData, also self-hosted version of GitLab is very popular among our clients. We're also big fans of Atlantis and engineers in the same time - which took us to obvious conclusions -\nwe should create a solution that allows our clients to use self-hosted GitLab CE and Atlantis securely.\n\nAs a result we created a simple bash script [check-gitlab-approval.sh](check-gitlab-approvals.sh) that uses GitLab CLI called `glab` and few other popular bash tools to verify MR approvals. Script's configuration is stored in\nyaml format and can be mounted/saved into the image or passed via environment variable, example configuration can be found [here](approval-config-example.yaml).\n\nThis script is intended to be used as one of `apply` steps in custom Atlantis workflow, example:\n\n```yaml\nworkflows:\n  myworkflow:\n    plan:\n      steps:\n        - init\n        - plan\n    apply:\n      steps:\n        - run: check-gitlab-approvals.sh\n        - apply\n```\n\nDuring the execution, script checks if any of approving users are present in `approval-config.yaml` file. It fails (returns error) when none of approving users were allowed by configuration, blocking atlantis workflow (and apply step).\n\n---\n\n## BUILDING\n\nPull requests are built automatically using https://github.com/getindata/docker-image-template\n\n## IMAGES\n\nMerged pull requests create new release and upload new images automatically. Check changelog for details.\n\n## USAGE\n\n## CONTRIBUTING\n\nContributions are very welcomed!\n\nStart by reviewing [contribution guide](CONTRIBUTING.md) and our [code of conduct](CODE_OF_CONDUCT.md). After that, start coding and ship your changes by creating a new PR.\n\n## LICENSE\n\nApache 2 Licensed. See [LICENSE](LICENSE) for full details.\n\n## AUTHORS\n\n\u003c!--- Replace repository name --\u003e\n\u003ca href=\"https://github.com/getindata/docker-atlantis/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=getindata/docker-atlantis\" /\u003e\n\u003c/a\u003e\n\nMade with [contrib.rocks](https://contrib.rocks)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fdocker-atlantis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetindata%2Fdocker-atlantis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetindata%2Fdocker-atlantis/lists"}