Reference runner: Atmos
Tags: Substrate · Automation · Self-host Substrate: Atmos
The customer-deployed Docker runner for the atmos-workflow trigger. Atmos has no hosted API,
so Terrantula ships this reference runner as a wrapper you deploy on your own infrastructure.
Terrantula never hosts this runner. It's the substrate companion to the
Atmos cattle demo.
What you'll see
The atmos-workflow trigger HTTP-POSTs a structured dispatch payload to this runner. The runner:
- Receives the payload at
POST /dispatchand validates the bearer token. - Clones your Atmos repo from
ATMOS_REPO_URL@ATMOS_REPO_BRANCH. - Runs
atmos workflow <name> -s <stack> --vars ...inside an isolated, auto-cleaned temp dir. - POSTs back to Terrantula's callback URL with success or failure.
On the callback, the ActionRun transitions to succeeded/failed and the target entity moves to
its onSuccess/onFailure state. The runner runs Atmos inside your workflow definition;
Terrantula never runs atmos terraform apply directly. It runs as a non-root user (UID 1001)
and uses StrictHostKeyChecking=yes for SSH clones — it never disables host-key checking.
Try it
Deploy in under 30 minutes:
The runner listens on port 8080 (expose it via your load balancer or ingress). Point your Action's trigger at it:
Key environment variables: RUNNER_AUTH_TOKEN (required), ATMOS_REPO_URL (required),
ATMOS_REPO_BRANCH (default main), and GIT_SSH_KEY + ATMOS_REPO_KNOWN_HOSTS for private
repos over SSH.
Key files
| File | What it is |
|---|---|
Dockerfile | Builds the non-root runner image. |
docker-compose.yml | Drop-in deployment for the customer's infrastructure. |
server.ts | The HTTP server — validates the token, dispatches, calls back. |
entrypoint.sh | Container entrypoint. |
lib/ | Dispatch schema, SSH key handling, URL validation, variable mapping. |
Related docs
- Cattle: per-tenant SaaS (Atmos) — the demo that uses this runner.
- On-ramp: from Atmos.
- Triggers Reference — the
atmos-workflowtrigger. - Multi-tenancy & self-hosting.