VCS

Integrating with a VCS provider unlocks the ability to use GitOps workflows, import modules, enable Open Policy Agent, and much more.

The GitHub VCS Provider is authenticated by using the GitHub App feature. To enable the integration, go to "Integrations" and select GitHub. Enter the provider name prompted for and follow the flow:

Select the GitHub organization:

Then select the repositories that Scalr will need access to:

After clicking Install and Authorize you will be redirected back to Scalr.

Pull Request Comments

Scalr will automatically kick off dry runs (plan only) when a PR is opened against a branch that is linked to a Scalr workspace, commonly referred to GitOps automation. To be able to see the results in Github before merging the PR, you must enable the ability to do this in the Github integration at the account scope:

The end result will be an overall summary for the pull request as well as a per workspace report:

Draft PRs

Draft pull requests are commonly used during the early development cycles to note when a pull request is in a draft state. Since draft pull requests are so early on in the development cycle, it's possible that you don't want a Scalr plan to execute when pull requests are opened. Scalr gives you the option to ignore draft pull requests by unchecking "Trigger runs for draft pull requests". As of right now, this will apply to any workspace that is linked to the VCS provider.

Github Actions

Scalr has a supported Github action that can be found here. The action uses the Terraform and Scalr CLI to kickoff Terraform workflows with Scalr set as the remote backend where the run is executed and state is stored.

Secret Scanning

Scalr supports the ability to do Github Secret Scanning to ensure Scalr API tokens do not end up visible in code stored in Github. To enable this, go to your GitHub settings, specifically Code Security and then Global Settings. In there, click Scan for non-provider patterns and under Custom patterns, select New Pattern:

Once you are on the new pattern page, enter the following:

Secret Format: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.eyJpc3MiOiJzY2Fscj[a-zA-Z0-9_-]_\.[a-zA-Z0-9_-]_

Before Secret: \A|[^0-9A-Za-z]

After Secret: \z|[^0-9A-Za-z]

Upon saving the information above the secret scanning will be enabled and you will be notified if any Scalr API tokens make it into your code stored in GitHub.

The token must have been created on or after April, 11th 2024 for the secret scanning to work correctly.

Note: Scalr is currently awaiting approval from GitHub to join the [GitHub Secret Scanning program](https://docs.github.com/en/code-security/secret-scanning/secret-scanning-partner-program).