Support using repo configuration from a branch #81
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ijames-gc
force-pushed
the
CI-2493-latest-atlantis-changes
branch
from
dffc270
to
8567a60
Compare
0x0013
approved these changes
Feb 9, 2024
Good idea - created one here: https://github.com/gocardless/atlantis/tree/main-backup-09-02-24 |
…mod (runatlantis#3640) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* feat: Omit repos from allowlist * Add quote in comment * Better comment * Remove test
Problem When `projects` are specified and `when_modified` is not specified via the config file, changing `.terraform.lock.hcl` file won't trigger auto plan. This is because the default `raw.WhenModified` does not include `.terraform.lock.hcl`. Note that when projects are auto detected, changing `.terraform.lock.hcl` triggers auto plan. This is because the `cmd.DefaultAutoplanFileList` includes `.terraform.lock.hcl`. Solution Include `.terraform.lock.hcl` to the default `raw.WhenModified`.
…antis#3636) * Update server/events/working_dir logging * Add e2e FileWorkspace logger * Fix github app working dir test logger * Update working_dir_test --------- Co-authored-by: Dylan Page <[email protected]>
While using a PR from a fork and the "Github allow mergeable bypass apply" flag, the mergeable checks were run with the wrong owner in the request, leading to 404. By choosing the owner from the head repo data it should work both, for fork PRs and in-repo PRs. Co-authored-by: Dylan Page <[email protected]>
runatlantis#3642) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…antis#3643) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
… Changes` (runatlantis#3378) * mod: rename updateCommitStatus func * feat: add PlannedNoChangesPlanStatus * Add skipApplyNoChanges option to PlanCommandRunner * Add skipApplyNoChanges option to ApplyCommandRunner * Add --skip-apply-no-changes flag * Fix typo Co-authored-by: nitrocode <[email protected]> * Rename --skip-apply-no-changes flag * Refactor updateCommitStatus functions * chore(docs): add detailed use case for the flag * test: add plan_command_runner set apply status * feat: set apply status to successful by default when result is 'No Changes' --------- Co-authored-by: chroju <[email protected]> Co-authored-by: nitrocode <[email protected]>
…ty (runatlantis#3428) In this particular example `mr.HeadPipeline.SHA` panics on a nil pointer dereference because HeadPipeline is empty. This seems to be caused by the lack of permission to update the commit status. ```go runtime.gopanic runtime/panic.go:1038 runtime.panicmem runtime/panic.go:221 runtime.sigpanic runtime/signal_unix.go:735 github.com/runatlantis/atlantis/server/events/vcs.(*GitlabClient).PullIsMergeable github.com/runatlantis/atlantis/server/events/vcs/gitlab_client.go:208 github.com/runatlantis/atlantis/server/events/vcs.(*ClientProxy).PullIsMergeable github.com/runatlantis/atlantis/server/events/vcs/proxy.go:72 github.com/runatlantis/atlantis/server/events/vcs.(*pullReqStatusFetcher).FetchPullStatus github.com/runatlantis/atlantis/server/events/vcs/pull_status_fetcher.go:28 github.com/runatlantis/atlantis/server/events.(*ApplyCommandRunner).Run github.com/runatlantis/atlantis/server/events/apply_command_runner.go:105 github.com/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunCommentCommand github.com/runatlantis/atlantis/server/events/command_runner.go:252 ``` The least invasive solution is to simply use the commit-hash from pull and guess that the pipeline was "skipped" unless the HeadPipeline is there. The outcome is: When mr.HeadPipeline is present: - use the commit hash and status from the HeadPipeline When mr.HeadPipeline is NOT present: - use the commit hash from pull request struct - assume the pipeline was "skipped" In cases where GitLab is configured to require a pipeline to pass, this results on a message saying the MR is not mergeable. More info: - runatlantis#1852
* Fix Go Static Checks * Fix working dir tests
…os/workspace-configured/main.tf (runatlantis#3655) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…lantis#3656) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Fix golang-ci * Update lint workflows * Removed required checks
* fix: gitlab client failing test * change HeadCommit to `67cb91d3f6198189f433c045154a885784ba6977` * remove test case for now
…t to f15f31b in go.mod (runatlantis#3658) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…tlantis#3650) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…0.15.0 in go.mod (runatlantis#3654) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…mod (runatlantis#3647) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…tlantis#3652) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
… in go.mod (runatlantis#3659) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…leci/config.yml (runatlantis#3660) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…atlantis#3661) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore: update to use go1.21 Signed-off-by: Rui Chen <[email protected]> * update go base image to 1.21.0 --------- Signed-off-by: Rui Chen <[email protected]>
…in go.mod (runatlantis#3662) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…os/workspace-configured/main.tf (runatlantis#3668) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ntis#4084) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#4086) * feat: Move gitlab client test data into testdata/ files * Cleanup
…itlab client (runatlantis#4082) Fix potential nil pointers. See runatlantis#4081 for context.
…mod (runatlantis#4028) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update server-side-repo-config.md Update document for Metric on repo config * docs(server-side-repo-config): fix case Co-authored-by: Luke Massa <[email protected]> --------- Co-authored-by: Rui Chen <[email protected]> Co-authored-by: Luke Massa <[email protected]>
* download conftest binary for correct arch Signed-off-by: Prajith P <[email protected]> * remove default constant Signed-off-by: Prajith P <[email protected]> --------- Signed-off-by: Prajith P <[email protected]>
…unatlantis#4047) * Remove settings for require approval, mergeable, undiverged * Fix
…c.0 in package.json (runatlantis#3970) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ed` (runatlantis#4105) * Update runatlantis.io/docs/server-configuration.md * runatlantis.io/docs/command-requirements.md * Update server-configuration.md
…us Plan Comments (runatlantis#4012) * Fix Hide Previous Plan Comments * Update GitLab client tests * Update GitLab client test * Update github client test * Add nolint: errcheck to test * format github_client.go
…in go.mod (runatlantis#4118) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…in testing/dockerfile (runatlantis#4120) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…o v2.9.0 in go.mod (runatlantis#4124) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…tlantis#4126) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
….mod (runatlantis#4127) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
runatlantis#4135) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…atlantis#4136) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ijames-gc
force-pushed
the
CI-2493-latest-atlantis-changes
branch
2 times, most recently
from
bfc4675
to
cb68e82
Compare
Instead of using the atlantis.yaml file present in the pull request
branch, allow users to specify a branch that contains an approved
version of atlantis.yaml. This allows enabling things like approval
requirement overrides for repo config, while ensuring a user can't
simply change the configuration to drop an approval requirement in the
branch they're currently working on.
An example would be creating a server-side configuration like this:
```yaml
---
repos:
- id: github.com/gocardless/app
apply_requirements: [approved, mergeable]
allowed_overrides: [apply_requirements, workflow]
allow_custom_workflows: false
config_source_branch: master
workflows:
lab:
plan:
steps:
- init
- plan:
extra_args: [-var-file, lab.tfvars]
prd:
plan:
steps:
- init
- plan:
extra_args: [-var-file, prd.tfvars]
```
Specifying a rigid workflows that become all that is available to run in
gocardless/app. Now the application (gocardless/app) would create an
atlantis.yaml at the root of the repo, like so:
```
---
version: 2
projects:
- dir: terraform/google/projects/apps
apply_requirements: []
workspace: lab
workflow: lab
- dir: terraform/google/projects/apps
apply_requirements: [approved]
workspace: prd
workflow: prd
```
Because config_source_branch is set to master, when someone creates a PR
against gocardless/apps, the atlantis.yaml that specifies whether a
project has an approved apply_requirement is from the master branch. As
is a common pattern, merging to master is protected by an authorised
code-review, allowing us to have two types of environment for this
project:
- lab, where you can plan and apply without approval
- prd, where you can only apply once the PR is approved
@ijames-gc:
- Added tests:
- Add TestClone_FetchAdditionalBranches
- Add TestDefaultProjectCommandBuilder_ConfigSourceBranch
- Refactor checkout logic
- Update docs
Co-authored-by: Lawrence Jones <[email protected]>
Co-authored-by: Dyson Simmons <[email protected]>
Co-authored-by: Dragos Dumitrache <[email protected]>
Atlantis server requires a default tf version, however, this setting here also has the side effect to have a default version in utopia terraform. This is not safe, as you might updating the tf state version by mistake. Move this setting to the atlantis runtime config, so we check and run only the relevant terraform version in case of manual intervention
This ensures we're not running our CI against the head of the repository branch Also enable workflow_dispatch
runatlantis#4216) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ijames-gc
force-pushed
the
CI-2493-latest-atlantis-changes
branch
from
cb68e82
to
cee61d4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Rebase our changes on the upstream Atlantis. The following changes were cherry picked on top of the upstream:
We also have a PR open for getting the branch repo configuration changes into upstream here.