GitHub
04/01/2024, 5:49 PMGitHub
04/08/2024, 12:24 AMGitHub
04/11/2024, 9:02 AMrunning "/atlantis-data/bin/terraform1.8.0 init -input=false" in "/atlantis-data/repos/myOrg/myRepo/62/default/terraform/atlantis-test": exit status 1
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing modules...
Downloading git::<ssh://git@github.com/myOrg/myPrivateRepo.git?ref=aws_s3_bucket%2Fv2.2.0> for s3_bucket...
╷
│ Error: Failed to download module
│
│ on <http://main.tf|main.tf> line 5:
│ 5: module "s3_bucket" {
│
│ Could not download module "s3_bucket" (<http://main.tf:5|main.tf:5>) source code from
│ "git::<ssh://git@github.com/myOrg/myPrivateRepo.git?ref=aws_s3_bucket%2Fv2.2.0>":
│ error downloading
│ '<ssh://git@github.com/myOrg/myPrivateRepo.git?ref=aws_s3_bucket%2Fv2.2.0>':
│ /usr/bin/git exited with 128: Cloning into
│ '.terraform/modules/s3_bucket'...
│ remote: Repository not found.
│ fatal: repository '<https://github.com/myOrg/myPrivateRepo.git/>' not
│ found
│
╵
Atlantis is adding the following entry to .gitconfig (code):
[url "<https://x-access-token/@github.com>"]
insteadOf = <ssh://git@github.com>
It works OK if I manually change the entry so it's less greedy:
[url "<https://x-access-token/@github.com>"]
insteadOf = <ssh://git@github.com:myOrg/myRepo.git>
I also tried using GIT_CONFIG_GLOBAL to override the file completely… but the git config --global
command Atlantis runs just writes to this new file.
And XDG_CONFIG_HOME… but the config files seem to work additively, so nothing I add seem to override the rule Atlantis is adding.
I also tried to set GIT_CONFIG_GLOBAL=/dev/null like the documentations says. so it skips the file and uses the system configuration… but the git config --global
command Atlantis runs then throws an error so Atlantis doesn’t start.
I ran out of ideaas, is there any .gitconfig entry or variable that can be used to override this behavior? Or is it necessary to change a application logic?
Environment details
• Atlantis version: v0.27.2
• Chart version: atlantis-4.25.0
• Deployment method: helm to eks
Atlantis server-side config file:
repoConfig: |
repos:
- id: /.*/
plan_requirements: [undiverged]
apply_requirements: [approved, mergeable, undiverged]
import_requirements: [approved, mergeable, undiverged]
config:
config: |
repo-allowlist: <http://github.com/myOrg/myRepo|github.com/myOrg/myRepo>
checkout-strategy: merge
enable-diff-markdown-format: true
hide-prev-plan-comments: true
autoplan-file-list: '**/*.tf,**/.terraform.lock.hcl'
autoplan-modules: true
parallel-apply: true
parallel-plan: true
var-file-allowlist: ""
runatlantis/atlantisGitHub
04/16/2024, 7:57 PMstrip_refreshing
is applied.
Reproduction Steps
Run plan with a custom run step, which has output: strip_refreshing
set, and run a plan which results in an error.
Logs
Environment details
Additional Context
runatlantis/atlantisGitHub
04/17/2024, 7:18 AMrepos.yaml
as following:
repos:
- id: xxx
branch: /master/
apply_requirements: [approved, mergeable]
workflow: default
allowed_overrides: [workflow]
allow_custom_workflows: true
delete_source_branch_on_merge: true
workflows:
default:
plan:
steps:
- init
- plan
- run: terraform$ATLANTIS_TERRAFORM_VERSION show -no-color -json $PLANFILE > $SHOWFILE
- run: echo XXX > env_vars.txt
policy_check:
steps:
- env:
name: ENV_VAR_TEST
command: 'cat env_vars.txt'
- policy_check:
extra_args:
- --all-namespaces
- --show-builtin-errors
- --update
- git::https://<GIT_REPO>//policies?ref=master
- -p /atlantis-data/policy/env-variable-check
apply:
steps: [apply]
custom-workflow:
plan:
steps:
- init
- plan
- run: terraform$ATLANTIS_TERRAFORM_VERSION show -no-color -json $PLANFILE > $SHOWFILE
policy_check:
steps:
- policy_check:
extra_args:
- --all-namespaces
- --show-builtin-errors
- -p /atlantis-data/policy/deny-check1
- -p /atlantis-data/policy/deny-check2
policies:
owners:
teams:
- xxx
policy_sets:
- name: policies
path: /atlantis-data/policy
source: local
And atlantis.yaml
as following:
version: 3
projects:
- name: custom-project
dir: xxx
terraform_version: v1.5.3
workflow: custom-workflow
autoplan:
when_modified:
- xxx
enabled: true
My expected behavior is running workflows default
and custom-workflow
to do policy check for custom-project
with everything fine.But I got some issues:
1. I set an environment variable ENV_VAR_TEST
in workflow default
and also have the policy check env-variable-check
in this workflow but not custom-workflow
, but I got error info print from policy check env-variable-check
when I run atlantis plan
. The policy check can be success if I remove the custom-workflow
.
2. I have tried to write as following with multiple policy checks:
- --update
- git::https://<GIT_REPO>//policies/deny-check1?ref=master
- --update
- git::https://<GIT_REPO>//policies/deny-check2?ref=master
- --update
- git::https://<GIT_REPO>//policies/deny-check1?ref=master, git::https://<GIT_REPO>//policies/deny-check2?ref=master
policy_check:
steps:
- policy_check:
extra_args:
- --all-namespaces
- --show-builtin-errors
- --update
- git::https://<GIT_REPO>//policies/deny-check1?ref=master
- policy_check:
extra_args:
- --all-namespaces
- --show-builtin-errors
- --update
- git::https://<GIT_REPO>//policies/deny-check2?ref=master
But only last one policy check will be run with above format.
Any suggestions will be appreciate.
Reproduction Steps
Logs
Environment details
Additional Context
runatlantis/atlantisGitHub
04/17/2024, 7:56 AMGitHub
04/17/2024, 5:10 PMGitHub
04/17/2024, 5:17 PMGitHub
04/18/2024, 2:31 PMDisable Apply Commands
button as well as the ability to discard and unlock specific plans. Providing this via an unauthenticated web UI is a major security concern for some organizations. While Atlantis currently supports HTTP Basic Auth with a shared username and password, this is not sufficient for organizations with security policies prohibiting the use of shared login credentials.
Atlantis should provide, at a minimum, a way to authenticate users via a SAML provider. Ideally, this would also open the door to user accounts and roles through which distinct access controls could be configured for users or groups of users.
Describe the drawbacks of your solution
At present, Atlantis does not strictly require a stateful backend to function properly. The only consequence to running Atlantis in a stateless manner is that a restart of the container/pod hosting Atlantis will lose any current locks and plan information. If this feature provides more than just authn and authz, it will require a stateful backend to maintain user profile information. I would strongly encourage limiting the features for this to authn and authz only to permit SAML configuration information, loaded at runtime, to suffice for this feature.
Describe alternatives you've considered
The only mechanism at this time for providing SAML based authentication is via a reverse proxy such as NGINX. This, however, only provides authn and does nothing for authz so it is not a complete solution.
runatlantis/atlantisGitHub
04/18/2024, 2:43 PMkubectl logs -f atlantis-0 -n atlantis
No files found in /docker-entrypoint.d/, skipping
{"level":"info","ts":"2024-04-18T143201.110Z","caller":"vcs/gitlab_client.go:114","msg":"determined GitLab is running version 16.10.3","json":{}}
{"level":"info","ts":"2024-04-18T143201.613Z","caller":"server/server.go:447","msg":"Utilizing BoltDB","json":{}}
{"level":"info","ts":"2024-04-18T143201.629Z","caller":"policy/conftest_client.go:153","msg":"failed to get default conftest version. Will attempt request scoped lazy loads DEFAULT_CONFTEST_VERSION not set","json":{}}
{"level":"info","ts":"2024-04-18T143201.630Z","caller":"server/server.go:985","msg":"Atlantis started - listening on port 4141","json":{}}
{"level":"info","ts":"2024-04-18T143201.630Z","caller":"scheduled/executor_service.go:51","msg":"Scheduled Executor Service started","json":{}}Environment details If not already included, please provide the following: • Atlantis version: atlantis v0.27.2 (commit: 2991920) (build date: 2024-03-08T215757.207Z) • Deployment method: tf module • If not running the latest Atlantis version have you tried to reproduce this issue on the latest version: • Atlantis flags: Atlantis server-side config file:
Testing the atlantis application without any yaml
Repo atlantis.yaml
file:
Testing the atlantis application without any repo
I'm deploying in AKS
Additional Context
[Additional context on the problem. Docs, links to blogs, or other material that lead you to discover this issue or were helpful in troubleshooting the issue.
Use a bulleted list to link to tickets](#4087)
If i use the version v0.26.0, it works fine but not on v0.27.2
runatlantis/atlantisGitHub
04/19/2024, 2:09 PMGitHub
04/20/2024, 6:19 PMatlantis untaint
subcommand
https://developer.hashicorp.com/terraform/cli/commands/untaint
Similar to #527
Describe the solution you'd like
Allow running terraform untaint
using atlantis untaint
Describe the drawbacks of your solution
n/a
Describe alternatives you've considered
n/a
runatlantis/atlantisGitHub
04/22/2024, 2:55 PM{"level":"info","ts":"2024-04-22T14:36:31.966Z","caller":"models/shell_command_runner.go:161","msg":"successfully ran \"conftest test plan.json variables.json --combine --all-namespaces -p /atlantis-data/opa-rules/policy\" in \"/atlantis-data/repos/common/terraform/formation/15/live_dev_infrastructure_compute/live/dev/infrastructure/compute\"","json":{"repo":"common/terraform/formation","pull":"15","duration":0.892278925}}
{"level":"error","ts":"2024-04-22T14:36:31.966Z","caller":"events/project_command_runner.go:529","msg":"\n80 tests, 80 passed, 0 warnings, 0 failures, 0 exceptions\n","json":{"repo":"common/terraform/formation","pull":"15"},"stacktrace":"<http://github.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).doPolicyCheck|github.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).doPolicyCheck>\n\tgithub.com/runatlantis/atlantis/server/events/project_command_runner.go:529\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).PolicyCheck\n\tgithub.com/runatlantis/atlantis/server/events/project_command_runner.go:240\ngithub.com/runatlantis/atlantis/server/events.RunAndEmitStats\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:74\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandRunner).PolicyCheck\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:42\ngithub.com/runatlantis/atlantis/server/events.runProjectCmdsParallel.func1\n\tgithub.com/runatlantis/atlantis/server/events/project_command_pool_executor.go:29"}
{"level":"error","ts":"2024-04-22T14:36:31.966Z","caller":"events/instrumented_project_command_runner.go:84","msg":"Failure running policy_check operation: Some policy sets did not pass.","json":{"repo":"common/terraform/formation","pull":"15"},"stacktrace":"<http://github.com/runatlantis/atlantis/server/events.RunAndEmitStats|github.com/runatlantis/atlantis/server/events.RunAndEmitStats>\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:84\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandRunner).PolicyCheck\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:42\ngithub.com/runatlantis/atlantis/server/events.runProjectCmdsParallel.func1\n\tgithub.com/runatlantis/atlantis/server/events/project_command_pool_executor.go:29"}
Environment details
• Atlantis version: 0.27.2
• Deployment method: helm
• platform: Gitlab 16.8
Atlantis server-side config file:
---
repos:
- id: "/.*/"
delete_source_branch_on_merge: true
apply_requirements: [approved, mergeable]
repo_locking: false
policy_check: true
custom_policy_check: true
workflow: terragrunt
metrics:
prometheus:
endpoint: /metrics
workflows:
terragrunt:
plan:
steps:
- env:
# Reduce Terraform suggestion output
name: TF_IN_AUTOMATION
value: 'true'
- run: terragrunt hclfmt --terragrunt-check
- run:
command: terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\') -no-color -out $PLANFILE
output: hide
- run: terragrunt show $PLANFILE
policy_check:
steps:
- run:
command: terragrunt show -json $PLANFILE | awk '/^\{/ {print}' > "plan.json"
output: hide
- run:
command: |
cat <<-EOF > ./variables.json
{
"project_id": "project",
"identifier": "ops",
"entity": "sre",
"environment": "dev",
"mode": "FULL"
}
EOF
output: hide
- run: conftest test plan.json variables.json --combine --all-namespaces -p /atlantis-data/opa-rules/policy
apply:
steps:
- env:
name: TF_IN_AUTOMATION
value: 'true'
- run: terragrunt apply -input=false $PLANFILE
---
runatlantis/atlantisGitHub
04/22/2024, 9:15 PMproject
, dir
, and workspace
. This ability is currently very powerful, and could be vastly improved by allowing projects to be grouped by arbitrary tags.
Describe the solution you'd like
This configuration could look something like:
atlantis.yaml
...
projects:
- autoplan:
enabled: true
when_modified:
- file1
-file2
dir: /project/dir/path
name: projectname
execution_group_tags:
- <some-environment>
- <some-project-type>
- etc....
and would be used in this way:
atlantis plan -t "<some-project-type>"
Describe the drawbacks of your solution
N/A
Describe alternatives you've considered
N/A
runatlantis/atlantisGitHub
04/24/2024, 6:44 AMpolicy_sets
, perhaps filespec
? If that key is unset, then the policy set runs against the $SHOWFILE, as it does now. If the value is set, then it is passed to conftest as the input file(s). The rest of the mechanism would remain unchanged, with the PR comment populated in exactly the same way as it is now.
Describe the drawbacks of your solution
Adding another key adds additional complexity, and the extra files to be checked (at least in my circumstances) would need to be generated by a custom workflow, running the risk that the policy set may fail because of a related failure earlier in the process.
Describe alternatives you've considered
I have tried to do this with custom workflows, but it isn't as clean, for a number of reasons. Firstly, I have to override the default conftest mechanism, and although that is documented, it doesn't work as well as separate policy_sets
do. It also feels as though I am swimming against the tide, overriding default functionality that I would much rather use.
I have marked myself as willing to implement this feature, and I am prepared to try to pull together a PR, but this is by far the largest Go codebase I have worked on, so I can make no guarantees about the quality of the code!
runatlantis/atlantisGitHub
04/24/2024, 10:49 AMNOTE:
Starting with this release, we are including a copy of our license file in all packaged versions of our releases, such as the release .zip files. If you are consuming these files directly and would prefer to extract the one terraform file instead of extracting everything, you need to add an extra argument specifying the file to extract, like this:
Reproduction Stepsunzip terraform_1.8.2_linux_amd64.zip terraform
atlantis plan
or atlantis
apply with an unpinned terraform version
Logs
downloading terraform version 1.8.2 at "<https://releases.hashicorp.com/terraform/1.8.2/terraform_1.8.2_linux_amd64.zip?checksum=file:https://releases.hashicorp.com/terraform/1.8.2/terraform_1.8.2_SHA256SUMS>": expected a single file: /tmp/getter1796155136/archive
Environment details
Additional Context
See #4472 (comment)
👋🏻 TF Core maintainer here, who also happened to cut the release with the change that has impacted you. As mentioned above we did call this out in the changelog but broadly speaking did not anticipate this to be a breaking change that would warrant heads up.
go-getter, which is a library Atlantis appears to be using to install Terraform currently was not designed for this use case, or even broadly interacting withand we do not intend to make changes in that library to accommodate that use case.<http://releases.hashicorp.com|releases.hashicorp.com>
On a more positive note, we do maintain a library that can aid with installation of HashiCorp products, including Terraform - hc-install and we use it ourselves in a number of places. Atlantis would be welcomed to use it as well. That library does not make assumptions about the archive having just one file. Our enterprise packages (although not relevant for Terraform here specifically) already have multiple files and the API accounts for this too, where the consumers specify a path where the license should be placed.
For Terraform CE, the API would let you specify Dir as a path to the directory where the archive gets unpacked, including terraform binary and the license file. What consumers decide to do with those files after the installation would be up to them. The API does not currently make any further assumptions about those files for non-Enterprise versions.
I appreciate this may not be as simple as a drop-in replacement but I hope the API along with examples and documentation is self-explanatory. If you have any questions about it or if it doesn't work for you we'd certainly like to hear it in our issue tracker and be more open to making some changes there (as opposed in go-getter).runatlantis/atlantis
GitHub
04/24/2024, 10:52 AM{
"level": "error",
"ts": "2024-04-24T10:39:52.030Z",
"caller": "events/instrumented_project_command_runner.go:78",
"msg": "Error running plan operation: downloading terraform version 1.8.2 at \"<https://releases.hashicorp.com/terraform/1.8.2/terraform_1.8.2_linux_amd64.zip?checksum=file:https://releases.hashicorp.com/terraform/1.8.2/terraform_1.8.2_SHA256SUMS\>": expected a single file: /tmp/getter168290612/archive: Downloading terraform Version 1.8.2",
"json": {
"repo": "foo/bar",
"pull": "5026"
},
"stacktrace": "<http://github.com/runatlantis/atlantis/server/events.RunAndEmitStats|github.com/runatlantis/atlantis/server/events.RunAndEmitStats>
<http://github.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:78|github.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:78>
<http://github.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandRunner).Plan|github.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandRunner).Plan>
<http://github.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:38|github.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:38>
<http://github.com/runatlantis/atlantis/server/events.runProjectCmds|github.com/runatlantis/atlantis/server/events.runProjectCmds>
<http://github.com/runatlantis/atlantis/server/events/project_command_pool_executor.go:48|github.com/runatlantis/atlantis/server/events/project_command_pool_executor.go:48>
<http://github.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).run|github.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).run>
<http://github.com/runatlantis/atlantis/server/events/plan_command_runner.go:262|github.com/runatlantis/atlantis/server/events/plan_command_runner.go:262>
<http://github.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).Run|github.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).Run>
<http://github.com/runatlantis/atlantis/server/events/plan_command_runner.go:306|github.com/runatlantis/atlantis/server/events/plan_command_runner.go:306>
<http://github.com/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunCommentCommand|github.com/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunCommentCommand>
<http://github.com/runatlantis/atlantis/server/events/command_runner.go:365|github.com/runatlantis/atlantis/server/events/command_runner.go:365>"
}
Environment details
• Atlantis version: helm.sh/chart: atlantis-4.25.0
• Deployment method: eks/helm
• If not running the latest Atlantis version have you tried to reproduce this issue on the latest version:
• Atlantis flags:
runatlantis/atlantisNwokolo Bueze
04/24/2024, 1:44 PMGitHub
04/24/2024, 2:26 PMatlantis/apply
check to successful
if all plans are No Changes
by @chroju in #3378
• fix(gitlab): Prevent nil pointer dereference when HeadPipeline is empty by @marceloboeira in #3428
• chore: Fix Go Static Check Errors by @X-Guardian in #3637
• chore(deps): lock file maintenance in server/events/testdata/test-repos/workspace-configured/main.tf by @renovate in #3655
• chore(deps): update alpine docker tag to v3.18.3 in dockerfile by @renovate in #3656
• fix: gitlab client failing test by @ghaiszaher in #3653
• fix(deps): update github.com/hashicorp/terraform-config-inspect digest to f15f31b in go.mod by @renovate in #3658
• fix(deps): update module golang.org/x/term to v0.11.0 in go.mod by @renovate in #3650
• fix(deps): update module github.com/go-playground/validator/v10 to v10.15.0 in go.mod by @renovate in #3654
• fix(deps): update module github.com/xanzy/go-gitlab to v0.90.0 in go.mod by @renovate in #3647
• fix(deps): update module golang.org/x/text to v0.12.0 in go.mod by @renovate in #3652
• fix(deps): update module github.com/hashicorp/golang-lru/v2 to v2.0.5 in go.mod by @renovate in #3659
• chore(deps): update dependency hashicorp/terraform to v1.5.5 in .circleci/config.yml by @renovate in #3660
• chore(deps): update dependency node to v18.17.1 in .node-version by @renovate in #3661
• chore: update to use go1.21 by @chenrui333 in #3657
• fix(deps): update module github.com/alicebob/miniredis/v2 to v2.30.5 in go.mod by @renovate in #3662
New Contributors
• @tobaker made their first contribution in #3597
• @william-richard made their first contribution in #3621
• @ttretau made their first contribution in #3620
• @ghaiszaher made their first contribution in #3653
Full Changelog: v0.24.4...v0.25.0
* * *
This discussion was created from the release v0.25.0.
runatlantis/atlantisGitHub
04/25/2024, 4:04 PM--tf-download
functionality. We worked around this by explicitly ignoring version 1.8.2 (#4474). More information here: #35075.
The recommendation from the TF Core maintainer was to use a hashicorp tool called hc-install: hashicorp/terraform#35075 (comment). This seems in general more robust than what Atlantis is currently doing, and is worth investigating.
Describe the solution you'd like
Investigate the possibility of using hc-install to download and install terraform.
Describe the drawbacks of your solution
I haven't thought about this too much yet, just wanted to open this up for discussion.
Describe alternatives you've considered
We could continue to manually download and install, including extracting the binary more explicitly (#4478).
runatlantis/atlantisGitHub
04/25/2024, 4:08 PMGitHub
04/25/2024, 7:21 PMWEB-123
to turn this into a markdown hyperlink of [WEB-123](<https://someorg.atlassian.net/browse/WEB-123>
.
If this string happens to be in a resource address, then atlantis will throw an error because it does not strip the markdown from the comment.
i.e.
atlantis plan -- -target 'aws_route53_record["web-123"]'
will throw an error
Reproduction Steps
1. create an autolink in github repo for web-123
2. create a resource with an address containing the ticket
3. attempt a targeted plan
4. observe the error
Logs
Environment details
Additional Context
runatlantis/atlantisGitHub
04/25/2024, 8:18 PMexecution_order_group
enforces a defined progression for both plan and apply operations. While this is critical for failing on apply errors in an environment-progressive deployment during apply, it is not always needed for plans. In setups which have a lot of different execution order groups, plans may end up taking quite some time.
Describe the solution you'd like
Specific workflow steps should be able to be configure to adhere to or opt out of respecting the execution_order_group parameter on projects.
Describe the drawbacks of your solution
N/A
Describe alternatives you've considered
N/A
runatlantis/atlantisGitHub
04/26/2024, 10:17 PMthe default workspace at path . is currently locked by another command that is running for this pull request.
Wait until the previous command is complete and try again
This appears to occur If two PRs come in within sufficiently little time, and two webhooks are generated, then one of those webhooks will cause this failed plan. In our case, we noticed because our team uses Graphite, and their stack
primitive frequently updates 2 or more PRs simultaneously, constantly triggering Atlantis comment spam.
Reproduction Steps
1. Create a mono-repo with structure like
software/file1.py
software/file2.py
infrastructure/atlantis.yaml
infrastructure/project1/main.tf
2. create a `atlantis.yaml`:
version: 3
projects:
- name: accounts
dir: infrastructure/project1
autoplan:
enabled: true
3. Start atlantis: sudo docker run --restart unless-stopped -d --name atlantis -p 4141:4141 -e ATLANTIS_REPO_CONFIG_JSON='{"repos":[{"id":"/.*/", "repo_config_file":"infrastructure/atlantis.yaml"}]}' ghcr.io/runatlantis/atlantis:v0.27.2
4. Make changes to software/file1.py, and in a separate file make changes to software/file2.py. Create two new PRs at nearly the same time. watch as Atlantis responds with aforementioned comment.
Logs
Example log when Atlantis does not comment:
{"level":"info","ts":"2024-04-26T014130.620Z","caller":"events/working_dir.go:239","msg":"creating dir "/home/atlantis/.atlantis/repos/ReflexTechnologies/codebase/381/default"","json":{}}
{"level":"info","ts":"2024-04-26T014134.611Z","caller":"events/project_command_builder.go:427","msg":"successfully parsed infrastructure/atlantis.yaml file","json":{"repo":"ReflexTechnologies/codebase","pull":"381"}}
{"level":"info","ts":"2024-04-26T014134.612Z","caller":"events/project_command_builder.go:467","msg":"0 projects are to be planned based on their when_modified config","json":{"repo":"ReflexTechnologies/codebase","pull":"381"}}
{"level":"info","ts":"2024-04-26T014134.612Z","caller":"events/plan_command_runner.go:97","msg":"determined there was no project to run plan in","json":{"repo":"ReflexTechnologies/codebase","pull":"381"}}
{"level":"info","ts":"2024-04-26T014134.612Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"ReflexTechnologies/codebase","pull-num":"381","src":"atlantis/plan","description":"0/0 projects planned successfully.","state":"success","url":""}}
{"level":"info","ts":"2024-04-26T014134.920Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"ReflexTechnologies/codebase","pull-num":"381","src":"atlantis/policy_check","description":"0/0 projects policies checked successfully.","state":"success","url":""}}
{"level":"info","ts":"2024-04-26T014135.211Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"ReflexTechnologies/codebase","pull-num":"381","src":"atlantis/apply","description":"0/0 projects applied successfully.","state":"success","url":""}}
{"level":"info","ts":"2024-04-26T014255.244Z","caller":"events/working_dir.go:239","msg":"creating dir "/home/atlantis/.atlantis/repos/ReflexTechnologies/codebase/381/default"","json":{}}
{"level":"info","ts":"2024-04-26T014259.214Z","caller":"events/project_command_builder.go:427","msg":"successfully parsed infrastructure/atlantis.yaml file","json":{"repo":"ReflexTechnologies/codebase","pull":"381"}}
{"level":"info","ts":"2024-04-26T014259.215Z","caller":"events/project_command_builder.go:467","msg":"0 projects are to be planned based on their when_modified config","json":{"repo":"ReflexTechnologies/codebase","pull":"381"}}
{"level":"info","ts":"2024-04-26T014259.215Z","caller":"events/plan_command_runner.go:97","msg":"determined there was no project to run plan in","json":{"repo":"ReflexTechnologies/codebase","pull":"381"}}
{"level":"info","ts":"2024-04-26T014259.215Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"ReflexTechnologies/codebase","pull-num":"381","src":"atlantis/plan","description":"0/0 projects planned successfully.","state":"success","url":""}}
{"level":"info","ts":"2024-04-26T014259.494Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"ReflexTechnologies/codebase","pull-num":"381","src":"atlantis/policy_check","description":"0/0 projects policies checked successfully.","state":"success","url":""}}
{"level":"info","ts":"2024-04-26T014259.801Z","caller":"vcs/instrumented_client.go:236","msg":"updating vcs status","json":{"repository":"ReflexTechnologies/codebase","pull-num":"381","src":"atlantis/apply","description":"0/0 projects applied successfully.","state":"success","url":""}}
Example log when the undesired comment is triggered
{"level":"info","ts":"2024-04-26T015158.754Z","caller":"events/working_dir.go:239","msg":"creating dir "/home/atlantis/.atlantis/repos/ReflexTechnologies/codebase/373/default"","json":{}}
{"level":"warn","ts":"2024-04-26T015158.940Z","caller":"events/project_command_builder.go:399","msg":"workspace was locked","json":{"repo":"ReflexTechnologies/codebase","pull":"373"},"stacktrace":"github.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandBuilder).buildAllCommandsByCfg\n\tgithub.com/runatlantis/atlantis/server/events/project_command_builder.go:399\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandBuilder).BuildAutoplanCommands\n\tgithub.com/runatlantis/atlantis/server/events/project_command_builder.go:258\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandBuilder).BuildAutoplanCommands.func1\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_builder.go:29\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandBuilder).buildAndEmitStats\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_builder.go:71\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandBuilder).BuildAutoplanCommands\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_builder.go:26\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).runAutoplan\n\tgithub.com/runatlantis/atlantis/server/events/plan_command_runner.go:85\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).Run\n\tgithub.com/runatlantis/atlantis/server/events/plan_command_runner.go:304\ngithub.com/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunAutoplanCommand\n\tgithub.com/runatlantis/atlantis/server/events/command_runner.go:221"}
{"level":"error","ts":"2024-04-26T015158.940Z","caller":"events/instrumented_project_command_builder.go:75","msg":"Error building auto plan commands: the default workspace at path . is currently locked by another command that is running for this pull request.\nWait until the previous command is complete and try again","json":{},"stacktrace":"github.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandBuilder).buildAndEmitStats\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_builder.go:75\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandBuilder).BuildAutoplanCommands\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_builder.go:26\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).runAutoplan\n\tgithub.com/runatlantis/atlantis/server/events/plan_command_runner.go:85\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRun…
runatlantis/atlantisGitHub
05/05/2024, 10:14 PMatlantis testdrive
fails to install terraform on the windows host if /tmp directory is not present.
Reproduction Steps
run atlantis testdrive on any Winddows host where Terraform is not installed already.
in terraform install section all the paths are hardcoded for Linux.
first it would complain for /tmp missing when downloading. if you create this directory manual then it will complain for /usr/local/bin missing as it tries to move the binary to this location.
Environment details
• Atlantis version: atlantis 0.27.3 (commit: 565fd9d) (build date: 2024-04-25T164415Z)
run on any windows version where no Linux-like directory structure is created.
image
runatlantis/atlantisGitHub
05/06/2024, 8:05 PMGitHub
05/07/2024, 4:44 PMError: Failed to download module
Could not download module "eks_ingress" (<http://main.tf:109|main.tf:109>) source code from
"git::<https://git.mycompany.com/high-five/tf-modules/eks-ingress.git?ref=v2.0.0>":
error downloading
'<https://git.mycompany.com/high-five/tf-modules/eks-ingress.git?ref=v2.0.0>':
/usr/bin/git exited with 128: Cloning into '.terraform/modules/eks_ingress'...
remote: Not Found
fatal: repository '<https://github.com/high-five/tf-modules/eks-ingress.git/>'
not found
File contents:
/etc/secret-gitconfig/gitconfig
[url "<https://username:password@git.mycompany.com/>"]
insteadOf = <https://git.mycompany.com/>
Helm Chart:
gitconfig: |
[url "<https://username:password@git.mycompany.com/>""]
insteadOf = <https://git.mycompany.com/>
Atlantis version:
- name: atlantis
repository: <https://runatlantis.github.io/helm-charts>
version: "3.12.4"
image:
repository: runatlantis/atlantis
tag: v0.15.1
runatlantis/atlantisGitHub
05/08/2024, 9:19 AMATLANTIS_DISABLE_MARKDOWN_FOLDER
and this is automatically generated by Viper from the following codes.
atlantis/cmd/server.go
Lines 697 to 700 in </runatlantis/atlantis/commit/49f31ebc08f4f28cb27a47d71497945f020ce39b|49f31eb>
Action Item
☐ Fix markdown to get input using ATLANTIS_DISABLE_MARKDOWN_FOLDING
not ATLANTIS_DISABLE_MARKDOWN_FOLDER
.
atlantis/runatlantis.io/docs/server-configuration.md
Line 388 in </runatlantis/atlantis/commit/49f31ebc08f4f28cb27a47d71497945f020ce39b|49f31eb>
runatlantis/atlantisGitHub
05/08/2024, 9:36 AMError: This repo is not allowlisted for Atlantis.Interestingly all the instances use the same
repo.yaml
(deployed automatically from the same repo).
Reproduction Steps
1. add this config
- id: /.*/
apply_requirements: [approved, mergeable, undiverged]
workflow: default
allowed_overrides: [workflow]
allow_custom_workflows: false
delete_source_branch_on_merge: true
- id: /.*/Platform/.*/
apply_requirements: [approved, mergeable, undiverged]
workflow: default-lego
allowed_overrides: [workflow]
allow_custom_workflows: false
delete_source_branch_on_merge: true
...
2. Run atlantis plan
Logs
{"level":"info","ts":"2024-05-08T09:27:32.103Z","caller":"server/server.go:443","msg":"Utilizing BoltDB","json":{}}
2024-05-08T09:27:32.108609319Z {"level":"info","ts":"2024-05-08T09:27:32.108Z","caller":"policy/conftest_client.go:151","msg":"failed to get default conftest version. Will attempt request scoped lazy loads DEFAULT_CONFTEST_VERSION not set","json":{}}
2024-05-08T09:27:32.109053774Z {"level":"info","ts":"2024-05-08T09:27:32.108Z","caller":"server/server.go:974","msg":"Atlantis started - listening on port 4141","json":{}}
2024-05-08T09:27:32.109071327Z {"level":"info","ts":"2024-05-08T09:27:32.108Z","caller":"scheduled/executor_service.go:51","msg":"Scheduled Executor Service started","json":{}}
{"level":"info","ts":"2024-05-08T09:28:42.274Z","caller":"events/events_controller.go:550","msg":"parsed comment as command=\"plan\" verbose=false dir=\"\" workspace=\"\" project=\"\" policyset=\"\", clear-policy-approval=false, flags=\"\"","json":{}}
{"level":"error","ts":"2024-05-08T09:28:42.426Z","caller":"events/events_controller.go:747","msg":"Repo not allowlisted","json":{},"stacktrace":"<http://github.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).respond|github.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).respond>\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:747\ngithub.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).HandleBitbucketServerCommentEvent\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:360\ngithub.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).handleBitbucketServerPost\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:257\ngithub.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).Post\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:131\nnet/http.HandlerFunc.ServeHTTP\n\tnet/http/server.go:2136\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\tgithub.com/gorilla/mux@v1.8.0/mux.go:210\ngithub.com/urfave/negroni/v3.(*Negroni).UseHandler.Wrap.func1\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:59\ngithub.com/urfave/negroni/v3.HandlerFunc.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:33\ngithub.com/urfave/negroni/v3.middleware.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:51\ngithub.com/runatlantis/atlantis/server.(*RequestLogger).ServeHTTP\n\tgithub.com/runatlantis/atlantis/server/middleware.go:70\ngithub.com/urfave/negroni/v3.middleware.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:51\ngithub.com/urfave/negroni/v3.(*Recovery).ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/recovery.go:210\ngithub.com/urfave/negroni/v3.middleware.ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:51\ngithub.com/urfave/negroni/v3.(*Negroni).ServeHTTP\n\tgithub.com/urfave/negroni/v3@v3.0.0/negroni.go:111\nnet/http.serverHandler.ServeHTTP\n\tnet/http/server.go:2938\nnet/http.(*conn).serve\n\tnet/http/server.go:200
9"}
Environment details
• Atlantis version: 0.25.0
• Deployment method: helm
• If not running the latest Atlantis version have you tried to reproduce this issue on the latest version: NO
• Atlantis flags: -
Atlantis server-side config file:
- id: /.*/
apply_requirements: [approved, mergeable, undiverged]
workflow: default
allowed_overrides: [workflow]
allow_custom_workflows: false
delete_source_branch_on_merge: true
- id: /.*/Platform/.*/
apply_requirements: [approved, mergeable, undiverged]
workflow: default-lego
allowed_overrides: [workflow]
allow_custom_workflows: false
delete_source_branch_on_merge: true
...
Repo atlantis.yaml
file:
version: 3
automerge: true
parallel_plan: false
delete_source_branch_on_merge: true
projects:
- name: local
dir: local
workflow: default
autoplan:
enabled: true
when_modified: ["*.tf*", "*.yaml"]
...
Additional Context
runatlantis/atlantisGitHub
05/08/2024, 11:33 AM