Plan and Apply from PR comments

As software developers, we all use a Version Control System (VCS) as the main tool in our process. With env0 you can also manage your Infrastructure-as-Code (IaC) deployments directly from your VCS provider.
By commenting with env0 commands on a pull request, it is possible to interact with your env0 environments without the need to log in to the env0 platform.

For an env0 environment to be actionable in a pull request comment, the following prerequisites must be met:

1. The environment originated from a VCS-integrated template, and its configured revision is the same as the base branch (target) of the pull request
2. The environment has Enable PR Comments Commands for this Environment enabled
3. (Optional) Environment has Alias set

Configuration

In order to configure this feature, you will have to enable the Enable PR Comments Commands for this environment" checkbox. Go to Environments, select Settings and check Enable PR Comments Commands for this environment.
Optional: Set an alias for each environment in which you would like to run individual commands using an -e flag. This alias will be used as a unique environment identifier when running a command from your VCS provider.
Environment aliases may only contain letters, numbers, _, and -.
Even without setting an alias, the environment will still be included when using --all or --path flags.

❗️

Role Based Access

Pay attention that when enabling this feature, anyone that can comment on the pull request can trigger a plan and an apply command, regardless of their role and access level in env0, making your VCS provider determine the RBAC in this case.

If you want to enforce PR commenter permissions based on env0 user permissions, jump to the Enforce PR commenter permissions section.

🚧

VCS provider support

We currently support the following VCS providers:

1. GitHub
2. Bitbucket Cloud
3. Bitbucket Server
4. GitLab Enterprise
5. Azure DevOps

For Bitbucket Server and GitLab Enterprise, in order to enable this feature, make sure your VCS Webhook is configured to send pr comments events.

List of Affected Environments

Every PR push will generate a PR comment, indicating which environments are affected by changes to this PR. An environment must enable the Enable PR Comments Commands for this environment to be detected as "affected", like described in the Configuration above . Below is an example for a comment which lists three affected environments and their full paths:

This comment is updated (edited) on every commit to the PR, so only a single comment will be shown in the PR.

Supported env0 commands:

env0 help command

ℹ️   env0 help - Lists all available commands.

env0 list command

🔢   env0 list - Returns a list of all available environments and their aliases to plan and apply in env0.

env0 plan command

🔂   env0 plan --all [-v {name=value}] - Runs plan on all the affected environments listed in the "affected environments" comment above.

🔂   env0 plan --path "<path glob pattern>" [-v {name=value}] - Runs plan on all the environments listed in the "affected environments" comment above whose full path matches the given glob pattern path. Use quotes " around the glob pattern if it contains spaces.

🔂   env0 plan -e {environments aliases} [-v {name=value}] - Runs plan on a set of provided env0 environment aliases (comma-separated).

env0 apply command

⏯️ env0 apply --all [-v {name=value}] - Runs apply on all the affected environments listed in the "affected environments" comment above.

⏯️ env0 apply --path "<path glob pattern>" [-v {name=value}] - Runs apply on all the environments listed in the "affected environments" comment above whose full path matches the given glob pattern path . Use quotes " around the glob pattern if it contains spaces.

⏯️ env0 apply -e {environments aliases} [-v {name=value}] - Runs apply on a set of provided env0 environment aliases (comma-separated).

📘

Environment Variable Support

When running all the plan and apply commands, you can specify a list of environment variables using the -v {name=value}

When specifying more than one variable, please use -v {name=value} -v {name=value}

This can be useful if you like to add specific Terraform environment variables. For example, you can Target Resources using ENV0_TERRAFORM_TARGET as described in our Additional Controls page.

Apply Requirements

The apply command also verifies that the pull request has the following requirements:

1. GitHub - We won't run the apply command if you have a protected branch in place and all the requirements are not met. You can read more about protected branch here.
2. Bitbucket / Bitbucket Server - We verify that at least one person who isn't the author of the PR approved the pull request, and none of the participants requested changes. You can learn more about reviewing a pull request in bitbucket and declining a pull request.
3. Azure DevOps - We won't run the apply command if you have required branch policies checks that failed.

env0/Apply Commit Check

When running env0 apply --allor env0 apply --path <path>, a new env0/Apply commit check will be added on top of the individual deployment checks that you have per environment deployed:

This commit check will show a success status once all the environments listed in the affected environments comment have been applied successfully. In case of failure in any of the deployments, the check's status will set to failure.

The check's status is calculated after every deployment of an environment listed in the affected environments comment.

Enforce PR commenter permissions on env0

With env0, you can restrict your users' permissions through role-based access controls. One drawback of using PR Comment Plan and Apply is that the VCS provider determines your user's permissions. By default, anyone with comment permission on your repository can run a Plan or an Apply on your environments.

The "Enforce PR commenter permissions on env0" organizational policy lets you apply your env0 permissions to your VCS provider users. When turned on, env0 will validate that a user trying to run PR Comment Commands have adequate permissions.

Turning on the policy for your organization

Navigate to Organization Settings > Policies and check Enforce commenter permissions on env0

Map VCS provider user

Now that the feature is turned on, it is mandatory for every user across the organization who would like to use the PR comments flow, to set up a mapping of their VCS provider user.
First of all, you will need to get your VCS provider user id from one of the supported VCS providers.

Setting your VCS user in env0

Now that you have your VCS provider user id, head to your env0 account, click on the avatar image in the top right corner, and click on Personal Settings to enter your profile page.
In the Profile tab, enter the id you got from the previous step in the VSC Provider User ID textbox and click on the Save button.

GitHub

While logged in to your GitHub account, click on your profile image in the right top corner of the page and copy your username.

Bitbucket

While logged in to your Bitbucket user, visit this url from your browser. you will receive a JSON from which you will need to extract the accound_id field.

Bitbucket Server

While logged into your Bitbucket Server account, go to your profile, and find the username near your avatar.

GitLab Enterprise Edition

While logged into your GitLab account, navigate to Profile > Main Settings section.

Azure DevOps

While logged in to your Azure DevOps account, click on your profile image in the right top corner of the page and copy your user's unique id.

📝

Additional Content

• Alternative to Atlantis
• Migrating from Atlantis to env0

Status Checks for PR Comments

env0 offers the convenience of tracking your PR Comment deployment status directly from your Git provider's user interface. By integrating this feature into the familiar UI, you not only gain visibility into deployment statuses but also leverage it to enhance your CI pipeline, similar to other checks in your workflow.