Terrateam executes the following steps when it receives an event from GitHub:
- Is it a Terrateam event? - Only events
related to pull requests are processed.
- Does the pull request include infrastructure
changes? - The list of changed files is examined and if any
changes match your Terrateam configuration, the pull request is
considered an infrastructure change.
- Can the user perform this operation? - The
initiator of the plan or apply is evaluated against the RBAC rules to
ensure that they have permission to perform the change.
- Has the pull request passed apply
requirements? - If the user has initiated an apply, verify that
the pull request has passed all configured checks.
- Do plans exist? - If the user has initiated
an apply, do plans exist for the changes?
- Are there any locks? - If another user has a
change that is in progress that impacts the same set of resources as
those in the pull request, Terrateam does not allow an apply. A
change being "in progress" means it has either been merged to the main
branch or applied. This check ensures that the code is synchronized
with your deployed infrastructure.
- Are there any conflicting operations? -
Check that no apply is currently in progress that would conflict with
this change.
- Initiate the Terrateam GitHub Action - If
all of these checks have passed, initiate the Terrateam GitHub Action.
The GitHub Action performs the plan or apply on the changes the user
specified.
- Report results back to user - When the
GitHub Action completes, it reports the results to the Terrateam
service which then reports them back to the user.
All feedback is reported to the pull request via comments, users can
stay in GitHub through the entire process. Terrateam is built
on GitOps principles which means it is entirely
configured within the repository.
For a more detailed explaination, see
the How it Works section of the
documentation.