// the find
runatlantis/atlantis
Terraform Pull Request Automation
Atlantis is a self-hosted server that listens for GitHub/GitLab/Bitbucket webhook events on PRs touching Terraform files, runs plan/apply remotely, and posts the output as PR comments. It solves the 'who ran terraform locally and from which state?' problem by making every infrastructure change go through a PR with a visible plan. For teams where ops and dev both touch infra, this is the missing piece.
The locking model is well thought out: a directory gets locked to a PR the moment plan runs, so two people can't apply conflicting changes to the same workspace simultaneously. Custom workflows let you wrap terraform calls with policy checks (OPA, Conftest) without forking the tool. OpenTofu support was added properly — it's not an afterthought, it's a first-class option in the workflow config. The e2e test suite runs against real VCS providers with real Terraform, which means regressions in the webhook-to-comment loop actually get caught.
It's a single stateful process with no built-in HA — if the server restarts mid-apply you're in an unknown state and have to manually unlock. The per-repo atlantis.yaml configuration grows complex fast in a monorepo with dozens of workspaces; the YAML schema has enough footguns that most teams end up cargo-culting examples rather than understanding what they've configured. Drift detection is still tracked as an ADR (adr/0002) rather than a shipped feature, so you won't know your deployed infra has diverged from your last applied plan unless you add your own scheduled runs. The web UI is genuinely minimal — it shows locks and a log stream, but there's no history of past plans or applies.