We're excited to introduce a new feature in env0: Plan and Apply from PR Comments (also known as the Atlantis-style workflow). With this release, you can natively enable your team to manage IaC deployments directly within your VCS. This way, there’s no need to log in to another UI or platform. This enables collaboration and allows developers to run terraform plan and terraform apply directly from comments on a pull request/ merge request.
Atlantis at scale
Using Atlantis flow can result in permission issues as any developer with VCS pull request comment permission can run 'plan' and 'apply' on your IaC.
It may lead to problems, as they are unaware of the company's infrastructure management practices, but the commenter can still impact them.
Migrating to env0 can enforce PR commenter permissions, which maps an env0 user to a VCS user to enable the permission check.
Why Plan and Apply on PR?
The DevOps teams we speak with often start out by manually running Terraform on local workstations. But this doesn't keep track or give leadership visibility of what's being deployed. Our solution addresses this by allowing you to run terraform commands from pull request comments.
With this new env0 workflow, everything becomes visible right in the PR. That includes the plan details, the changes, and cost estimation… all while creating an audit trail for compliance.
Design Philosophy
A successful terraform plan doesn't always equal a successful terraform apply. We want you to be able to catch and remediate breaks in the same PR, as opposed to having to open a new PR to fix the break (thus creating rework). So we run terraform apply on the PR branch.
A key difference with our implementation is that PR Plans do not lock the Terraform state, and can be run concurrently. The reason for this comes directly from customer feedback. In multiple discussions, it was clear that locking the directory or workspace until merge blocks other devs from working on the same project, and slows teams down without adding much value.
Finally, we also ensured that repeated PR comment command outputs will not cause overwhelming comment spamming in the PR itself. As output is generated, env0 will append new output to the existing output comment, rather than create an entirely new comment. It's a subtle shift from how Atlantis did it, and it's a change that you'll love once you see it in action—especially on busy PRs.
So if you're looking to keep track of the history of your IaC, create visibility, automation, and compliance, PR Comment Commands is an easy-to-use solution within your very own VCS, be that Github, GitLab, or Bitbucket.