From 20916e8f90f295b5824b530ade98e9a6abf6094e Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Thu, 12 Dec 2024 15:55:14 -0500 Subject: [PATCH 01/20] add image attestation workflow step Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 011050dbc4..02747bfb6a 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -146,6 +146,10 @@ jobs: target: ${{ matrix.image_type }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} + - name: "Attest Image" + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + with: + subject-path: ${{ steps.meta.outputs.tags }} test: needs: [changes] From 104ae931c0df102c01bdd9a6e00fdf611c92c741 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Thu, 19 Dec 2024 14:49:21 -0500 Subject: [PATCH 02/20] feat: add image signing and attestation workflow Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 02747bfb6a..02f0f2dcec 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -45,6 +45,11 @@ jobs: needs: [changes] if: needs.changes.outputs.should-run-build == 'true' name: Build Image + permissions: + contents: read + id-token: write + packages: write + attestations: write strategy: matrix: image_type: [alpine, debian] @@ -71,7 +76,7 @@ jobs: platforms: arm64,arm - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515 with: driver-opts: | @@ -129,6 +134,7 @@ jobs: run: echo "RELEASE_VERSION=${{ startsWith(github.ref, 'refs/tags/') && '${GITHUB_REF#refs/*/}' || 'dev' }}" >> $GITHUB_ENV - name: "Build ${{ env.PUSH == 'true' && 'and push' || '' }} ${{ env.DOCKER_REPO }} image" + id: build if: contains(fromJson('["push", "pull_request"]'), github.event_name) uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 with: @@ -146,10 +152,14 @@ jobs: target: ${{ matrix.image_type }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} - - name: "Attest Image" + + - name: "Sign and Attest Image" + if: env.PUSH == 'true' uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: - subject-path: ${{ steps.meta.outputs.tags }} + subject-digest: ${{ steps.build.outputs.digest }} + subject-name: ghcr.io/${{ github.repository }} + push-to-registry: true test: needs: [changes] @@ -167,7 +177,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515 with: driver-opts: | @@ -205,4 +215,4 @@ jobs: image_type: [alpine, debian] runs-on: ubuntu-24.04 steps: - - run: 'echo "No build required"' + - run: 'echo "No build required"' \ No newline at end of file From 77575079833e0b704c872c244e0a5f1573dc8eb4 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Fri, 27 Dec 2024 14:31:28 -0500 Subject: [PATCH 03/20] add step to install cosign Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 02f0f2dcec..a540f04dcb 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -82,6 +82,10 @@ jobs: driver-opts: | image=moby/buildkit:v0.14.0 + - name: "Install cosign" + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + if: env.PUSH == 'true' && github.event_name != 'pull_request' + # release version is the name of the tag i.e. v0.10.0 # release version also has the image type appended i.e. v0.10.0-alpine # release tag is either pre-release or latest i.e. latest From 4664940d664bd7f5587a11572aa1c729c4ce239f Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Fri, 27 Dec 2024 14:31:54 -0500 Subject: [PATCH 04/20] rename attestation step Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index a540f04dcb..cac51f82ee 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -157,8 +157,8 @@ jobs: labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} - - name: "Sign and Attest Image" - if: env.PUSH == 'true' + - name: "Create Image Attestation" + if: env.PUSH == 'true' && github.event_name != 'pull_request' uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: subject-digest: ${{ steps.build.outputs.digest }} From 827a51c4e861e877dc4f657e8ef1ebb97a672a5a Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Fri, 27 Dec 2024 14:33:10 -0500 Subject: [PATCH 05/20] add step to sign images with cosign uses github OIDC auth flow to get a cert from Sigstore instead of a static key Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index cac51f82ee..049aade75b 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -165,6 +165,20 @@ jobs: subject-name: ghcr.io/${{ github.repository }} push-to-registry: true + - name: "Sign images with environment annotations" + # no key needed, we're using the GitHub OIDC flow + if: env.PUSH == 'true' && github.event_name != 'pull_request' + run: | + echo "${TAGS}" | xargs -I {} cosign sign \ + --yes \ + -a actor=${{ github.actor}} \ + -a ref_name=${{ github.ref_name}} \ + -a ref=${{ github.sha }} \ + {}@${DIGEST} + env: + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build.outputs.digest }} + test: needs: [changes] if: needs.changes.outputs.should-run-build == 'true' From f7b020df47e8f3fb8f498ff8232bc8f22da56747 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Fri, 27 Dec 2024 15:50:03 -0500 Subject: [PATCH 06/20] add -r to recursively sign images Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 049aade75b..5c89d2ae8d 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -171,6 +171,7 @@ jobs: run: | echo "${TAGS}" | xargs -I {} cosign sign \ --yes \ + -r \ # recursively sign each image in an architecture -a actor=${{ github.actor}} \ -a ref_name=${{ github.ref_name}} \ -a ref=${{ github.sha }} \ From 1c1a119dfa1d7efc0738ade968146ebc07afdfe3 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Fri, 27 Dec 2024 16:13:36 -0500 Subject: [PATCH 07/20] Update cosign command to use --recursive=true for signing images Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 5c89d2ae8d..1786200659 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -171,7 +171,7 @@ jobs: run: | echo "${TAGS}" | xargs -I {} cosign sign \ --yes \ - -r \ # recursively sign each image in an architecture + --recursive=true \ -a actor=${{ github.actor}} \ -a ref_name=${{ github.ref_name}} \ -a ref=${{ github.sha }} \ From 221310388e1c38114ec9b4cdb4ec968ecf063507 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Sun, 29 Dec 2024 20:17:29 -0500 Subject: [PATCH 08/20] update matrix strategy to execute parallel builds Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 1786200659..cca265f326 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -53,6 +53,7 @@ jobs: strategy: matrix: image_type: [alpine, debian] + platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] runs-on: ubuntu-24.04 env: # Set docker repo to either the fork or the main repo where the branch exists @@ -150,7 +151,7 @@ jobs: ATLANTIS_VERSION=${{ env.RELEASE_VERSION }} ATLANTIS_COMMIT=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} ATLANTIS_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - platforms: linux/arm64/v8,linux/amd64,linux/arm/v7 + platforms: ${{ matrix.platform }} push: ${{ env.PUSH }} tags: ${{ steps.meta.outputs.tags }} target: ${{ matrix.image_type }} @@ -188,6 +189,7 @@ jobs: strategy: matrix: image_type: [alpine, debian] + platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] env: # Set docker repo to either the fork or the main repo where the branch exists DOCKER_REPO: ghcr.io/${{ github.repository }} @@ -232,6 +234,7 @@ jobs: strategy: matrix: image_type: [alpine, debian] + platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] runs-on: ubuntu-24.04 steps: - run: 'echo "No build required"' \ No newline at end of file From f3d126032097ed05ab1cd3e394981a9c63aba516 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Sun, 29 Dec 2024 22:02:39 -0500 Subject: [PATCH 09/20] only sign alpine/amd64 recursion will take care of the others. Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 36 +++++++++++++++++++++------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index cca265f326..7ab0d8b586 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -52,9 +52,29 @@ jobs: attestations: write strategy: matrix: - image_type: [alpine, debian] - platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] - runs-on: ubuntu-24.04 + include: + # ARM64 builds + - image_type: alpine + platform: linux/arm64/v8 + runs_on: buildjet-8vcpu-ubuntu-2204-arm + - image_type: debian + platform: linux/arm64/v8 + runs_on: buildjet-8vcpu-ubuntu-2204-arm + # ARMv7 builds + - image_type: alpine + platform: linux/arm/v7 + runs_on: buildjet-8vcpu-ubuntu-2204-arm + - image_type: debian + platform: linux/arm/v7 + runs_on: buildjet-8vcpu-ubuntu-2204-arm + # AMD64 builds + - image_type: alpine + platform: linux/amd64 + runs_on: ubuntu-24.04 + - image_type: debian + platform: linux/amd64 + runs_on: ubuntu-24.04 + runs-on: ${{ matrix.runs_on }} env: # Set docker repo to either the fork or the main repo where the branch exists DOCKER_REPO: ghcr.io/${{ github.repository }} @@ -151,7 +171,7 @@ jobs: ATLANTIS_VERSION=${{ env.RELEASE_VERSION }} ATLANTIS_COMMIT=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} ATLANTIS_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - platforms: ${{ matrix.platform }} + platforms: linux/arm64/v8,linux/amd64,linux/arm/v7 push: ${{ env.PUSH }} tags: ${{ steps.meta.outputs.tags }} target: ${{ matrix.image_type }} @@ -168,7 +188,8 @@ jobs: - name: "Sign images with environment annotations" # no key needed, we're using the GitHub OIDC flow - if: env.PUSH == 'true' && github.event_name != 'pull_request' + # Only run on alpine/amd64 build to avoid signing multiple times + if: env.PUSH == 'true' && github.event_name != 'pull_request' && matrix.image_type == 'alpine' && matrix.platform == 'linux/amd64' run: | echo "${TAGS}" | xargs -I {} cosign sign \ --yes \ @@ -189,7 +210,6 @@ jobs: strategy: matrix: image_type: [alpine, debian] - platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] env: # Set docker repo to either the fork or the main repo where the branch exists DOCKER_REPO: ghcr.io/${{ github.repository }} @@ -234,7 +254,7 @@ jobs: strategy: matrix: image_type: [alpine, debian] - platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] runs-on: ubuntu-24.04 steps: - - run: 'echo "No build required"' \ No newline at end of file + - run: 'echo "No build required"' + From 594b7b68d3ccd0f5e1902c86e948347d297d47cb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 28 Dec 2024 00:38:08 +0000 Subject: [PATCH 10/20] chore(deps): update ghcr.io/runatlantis/testing-env:latest docker digest to 7999141 in .github/workflows/test.yml (main) (#5201) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f0454a8f2f..4c151d134e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -48,7 +48,7 @@ jobs: if: needs.changes.outputs.should-run-tests == 'true' name: Tests runs-on: ubuntu-24.04 - container: ghcr.io/runatlantis/testing-env:latest@sha256:193032075415cf48ca11557fa768704e8e218b45b30ffd7b4ba686e4653974fd + container: ghcr.io/runatlantis/testing-env:latest@sha256:79991418aec4e5dcb1f18dc7b7bdf6ee37302a30a1e374c7bcf3eba9aadef68d steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 From f3a49c543bf337e1827a2ab3cc9dd44aa8ab7a89 Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Sat, 28 Dec 2024 17:50:53 -0500 Subject: [PATCH 11/20] chore: fix typos (#5202) Signed-off-by: Rui Chen --- CHANGELOG.md | 4 ++-- ...-over-ssl-with-s3-acm-cloudfront-and-terraform.md | 2 +- runatlantis.io/docs/custom-workflows.md | 4 ++-- runatlantis.io/docs/post-workflow-hooks.md | 2 +- runatlantis.io/docs/pre-workflow-hooks.md | 2 +- runatlantis.io/docs/repo-and-project-permissions.md | 2 +- runatlantis.io/docs/repo-level-atlantis-yaml.md | 2 +- runatlantis.io/docs/server-configuration.md | 6 +++--- .../controllers/events/events_controller_e2e_test.go | 4 ++-- server/core/config/raw/global_cfg.go | 4 ++-- server/core/config/raw/repo_cfg.go | 2 +- server/core/config/raw/step_test.go | 2 +- server/core/config/raw/workflow_step_test.go | 2 +- server/core/config/valid/global_cfg.go | 4 ++-- server/core/locking/apply_locking.go | 4 ++-- server/core/runtime/plan_step_runner.go | 2 +- .../core/runtime/post_workflow_hook_runner_test.go | 4 ++-- server/core/runtime/pre_workflow_hook_runner_test.go | 4 ++-- server/core/terraform/terraform_client_test.go | 8 ++++---- server/events/markdown_renderer.go | 2 +- server/events/models/models.go | 2 +- server/events/project_command_builder.go | 4 ++-- server/events/project_command_runner.go | 2 +- server/events/project_command_runner_test.go | 2 +- server/events/vcs/git_cred_writer_test.go | 12 ++++++------ server/events/vcs/github_client_test.go | 6 +++--- 26 files changed, 47 insertions(+), 47 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59a28de5f6..8a5e761104 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -200,7 +200,7 @@ Maintenance release for security patches with atlantis-base image * docker: bump git-lfs and gosu dependencies by @hi-artem in https://github.com/runatlantis/atlantis/pull/2096 * fix(docker): fix base image for multi-platform build by @Tenzer in https://github.com/runatlantis/atlantis/pull/2099 * fix(docker): fix installation of git-lfs in armv7 image by @Tenzer in https://github.com/runatlantis/atlantis/pull/2100 -* fix(docker): download Terraform and conftest versions maching image architecture by @Tenzer in https://github.com/runatlantis/atlantis/pull/2101 +* fix(docker): download Terraform and conftest versions matching image architecture by @Tenzer in https://github.com/runatlantis/atlantis/pull/2101 # v0.18.3 @@ -237,7 +237,7 @@ Maintenance release for security patches with atlantis-base image * build(deps): bump github.com/hashicorp/go-version from 1.3.0 to 1.4.0 by @dependabot in https://github.com/runatlantis/atlantis/pull/1987 * build(deps): bump go.uber.org/zap from 1.19.1 to 1.20.0 by @dependabot in https://github.com/runatlantis/atlantis/pull/1988 * docs: document `undiverged` apply requirement in more places by @fishpen0 in https://github.com/runatlantis/atlantis/pull/1992 -* fix: fix autoplan when .terraform.lock.hcl is modifed by @gezb in https://github.com/runatlantis/atlantis/pull/1991 +* fix: fix autoplan when .terraform.lock.hcl is modified by @gezb in https://github.com/runatlantis/atlantis/pull/1991 * feat: add XTerm JS to the server static files by @Ka1wa in https://github.com/runatlantis/atlantis/pull/1985 * feat: post workflow hooks by @tim775 in https://github.com/runatlantis/atlantis/pull/1990 * docs: add colon to policy checking yaml by @williamlord-wise in https://github.com/runatlantis/atlantis/pull/1996 diff --git a/runatlantis.io/blog/2018/hosting-our-static-site-over-ssl-with-s3-acm-cloudfront-and-terraform.md b/runatlantis.io/blog/2018/hosting-our-static-site-over-ssl-with-s3-acm-cloudfront-and-terraform.md index a9506073f3..3e52f7e075 100644 --- a/runatlantis.io/blog/2018/hosting-our-static-site-over-ssl-with-s3-acm-cloudfront-and-terraform.md +++ b/runatlantis.io/blog/2018/hosting-our-static-site-over-ssl-with-s3-acm-cloudfront-and-terraform.md @@ -52,7 +52,7 @@ Because I'm going to host the site on AWS services, I need requests to and our website is available on the internet via its S3 url so can't we just CNAME to the S3 bucket and call it a day? Unfortunately not. -Since we generated our own certificate, we would need S3 to sign its responses using our certificiate. S3 doesn't support this and thus we need CloudFront. CloudFront supports using our own SSL cert and will just pull its data from the S3 bucket. +Since we generated our own certificate, we would need S3 to sign its responses using our certificate. S3 doesn't support this and thus we need CloudFront. CloudFront supports using our own SSL cert and will just pull its data from the S3 bucket. # Terraform Time diff --git a/runatlantis.io/docs/custom-workflows.md b/runatlantis.io/docs/custom-workflows.md index af655abf26..0a3ca5de89 100644 --- a/runatlantis.io/docs/custom-workflows.md +++ b/runatlantis.io/docs/custom-workflows.md @@ -298,7 +298,7 @@ workflows: name: TF_IN_AUTOMATION value: 'true' - run: - # Allow for targetted plans/applies as not supported for Terraform wrappers by default + # Allow for targeted plans/applies as not supported for Terraform wrappers by default command: terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\') -no-color -out $PLANFILE output: hide - run: | @@ -727,7 +727,7 @@ Full: | multienv.command | string | none | yes | Name of the custom script to run | | multienv.shell | string | "sh" | no | Name of the shell to use for command execution | | multienv.shellArgs | string or []string | "-c" | no | Command line arguments to be passed to the shell. Cannot be set without `shell` | -| multienv.output | string | "show" | no | Setting output to "hide" will supress the message obout added environment variables | +| multienv.output | string | "show" | no | Setting output to "hide" will suppress the message obout added environment variables | The output of the command execution must have the following format: `EnvVar1Name=value1,EnvVar2Name=value2,EnvVar3Name=value3` diff --git a/runatlantis.io/docs/post-workflow-hooks.md b/runatlantis.io/docs/post-workflow-hooks.md index 91ba0b7aa7..c0361175e0 100644 --- a/runatlantis.io/docs/post-workflow-hooks.md +++ b/runatlantis.io/docs/post-workflow-hooks.md @@ -11,7 +11,7 @@ back to the PR as a comment. Post workflow hooks can only be specified in the Server-Side Repo Config under the `repos` key. -## Atlantis Command Targetting +## Atlantis Command Targeting By default, the workflow hook will run when any command is processed by Atlantis. This can be modified by specifying the `commands` key in the workflow hook containing a comma delimited list diff --git a/runatlantis.io/docs/pre-workflow-hooks.md b/runatlantis.io/docs/pre-workflow-hooks.md index dce3f2fe7d..9c1166bb58 100644 --- a/runatlantis.io/docs/pre-workflow-hooks.md +++ b/runatlantis.io/docs/pre-workflow-hooks.md @@ -21,7 +21,7 @@ behavior can be changed by setting the [fail-on-pre-workflow-hook-error](server- flag in the Atlantis server configuration. ::: -## Atlantis Command Targetting +## Atlantis Command Targeting By default, the workflow hook will run when any command is processed by Atlantis. This can be modified by specifying the `commands` key in the workflow hook containing a comma delimited list diff --git a/runatlantis.io/docs/repo-and-project-permissions.md b/runatlantis.io/docs/repo-and-project-permissions.md index 5999b3a5b3..cd56d8ee7e 100644 --- a/runatlantis.io/docs/repo-and-project-permissions.md +++ b/runatlantis.io/docs/repo-and-project-permissions.md @@ -157,7 +157,7 @@ checking if the external command exited with code `0` and if the last line of output is `pass`. ```text -# Psuedo-code of Atlantis evaluation of external commands +# Pseudo-code of Atlantis evaluation of external commands user_authorized = external_command.exit_code == 0 diff --git a/runatlantis.io/docs/repo-level-atlantis-yaml.md b/runatlantis.io/docs/repo-level-atlantis-yaml.md index 11feb31224..a5e89d20a4 100644 --- a/runatlantis.io/docs/repo-level-atlantis-yaml.md +++ b/runatlantis.io/docs/repo-level-atlantis-yaml.md @@ -44,7 +44,7 @@ in your repo. If you have many directories with Terraform configuration, each directory will need to be defined. -This behavior can be overriden by setting `autodiscover.mode` to +This behavior can be overridden by setting `autodiscover.mode` to `enabled` in which case Atlantis will still try to discover projects which were not explicitly configured. If the directory of any discovered project conflicts with a manually configured project, the manually configured project will take precedence. diff --git a/runatlantis.io/docs/server-configuration.md b/runatlantis.io/docs/server-configuration.md index 303e9df067..54d53f0d60 100644 --- a/runatlantis.io/docs/server-configuration.md +++ b/runatlantis.io/docs/server-configuration.md @@ -509,7 +509,7 @@ and set `--autoplan-modules` to `false`. This will not work with `-d` yet and to use `-p` the repo projects must be defined in the repo `atlantis.yaml` file. - This will bypass `--restrict-file-list` if regex is used, normal commands will stil be blocked if necessary. + This will bypass `--restrict-file-list` if regex is used, normal commands will still be blocked if necessary. ::: warning SECURITY WARNING It's not supposed to be used with `--disable-apply-all`. @@ -1140,7 +1140,7 @@ This is useful when you have many projects and want to keep the pull request cle `--restrict-file-list` will block plan requests from projects outside the files modified in the pull request. This will not block plan requests with regex if using the `--enable-regexp-cmd` flag, in these cases commands - like `atlantis plan -p .*` will still work if used. normal commands will stil be blocked if necessary. + like `atlantis plan -p .*` will still work if used. normal commands will still be blocked if necessary. Defaults to `false`. ### `--silence-allowlist-errors` @@ -1342,7 +1342,7 @@ This flag is useful when having multiple projects that need to run a plan and ap * [plugin_cache_dir concurrently discussion](https://github.com/hashicorp/terraform/issues/31964) * [PR to improve the situation](https://github.com/hashicorp/terraform/pull/33479) -The effect of the race condition is more evident when using parallel configuration to run plan and apply, by disabling the use of plugin cache will impact in the performance when starting a new plan or apply, but in large atlantis deployments with multiple projects and shared modules the use of `--parallel_plan` and `--parallel_apply` is mandatory for an efficient managment of the PRs. +The effect of the race condition is more evident when using parallel configuration to run plan and apply, by disabling the use of plugin cache will impact in the performance when starting a new plan or apply, but in large atlantis deployments with multiple projects and shared modules the use of `--parallel_plan` and `--parallel_apply` is mandatory for an efficient management of the PRs. ### `--var-file-allowlist` diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go index 4f456b8a2f..a9d4fe70a1 100644 --- a/server/controllers/events/events_controller_e2e_test.go +++ b/server/controllers/events/events_controller_e2e_test.go @@ -465,7 +465,7 @@ func TestGitHubWorkflow(t *testing.T) { }, }, { - Description: "omitting apply from allow commands always takes presedence", + Description: "omitting apply from allow commands always takes precedence", RepoDir: "simple-yaml", ModifiedFiles: []string{"main.tf"}, AllowCommands: []command.Name{command.Plan}, @@ -845,7 +845,7 @@ func TestSimpleWorkflow_terraformLockFile(t *testing.T) { if !c.LockFileTracked { // replace the lock file generated by the previous init to simulate - // dependcies needing updating in a latter plan + // dependencies needing updating in a latter plan runCmd(t, "", "cp", oldLockFilePath, fmt.Sprintf("%s/repos/runatlantis/atlantis-tests/2/default/.terraform.lock.hcl", atlantisWorkspace.DataDir)) } diff --git a/server/core/config/raw/global_cfg.go b/server/core/config/raw/global_cfg.go index 275c79be71..bdc1f6697d 100644 --- a/server/core/config/raw/global_cfg.go +++ b/server/core/config/raw/global_cfg.go @@ -126,8 +126,8 @@ func (g GlobalCfg) ToValid(defaultCfg valid.GlobalCfg) valid.GlobalCfg { applyReqs := defaultCfg.Repos[0].ApplyRequirements var globalApplyReqs []string for _, req := range applyReqs { - for _, nonOverrideableReq := range valid.NonOverrideableApplyReqs { - if req == nonOverrideableReq { + for _, nonOverridableReq := range valid.NonOverridableApplyReqs { + if req == nonOverridableReq { globalApplyReqs = append(globalApplyReqs, req) } } diff --git a/server/core/config/raw/repo_cfg.go b/server/core/config/raw/repo_cfg.go index 9aa18c7733..f613f320ab 100644 --- a/server/core/config/raw/repo_cfg.go +++ b/server/core/config/raw/repo_cfg.go @@ -10,7 +10,7 @@ import ( // DefaultEmojiReaction is the default emoji reaction for repos const DefaultEmojiReaction = "" -// DefaultAbortOnExcecutionOrderFail being false is the default setting for abort on execution group failiures +// DefaultAbortOnExcecutionOrderFail being false is the default setting for abort on execution group failures const DefaultAbortOnExcecutionOrderFail = false // RepoCfg is the raw schema for repo-level atlantis.yaml config. diff --git a/server/core/config/raw/step_test.go b/server/core/config/raw/step_test.go index f8b9ae8b11..c7373ad142 100644 --- a/server/core/config/raw/step_test.go +++ b/server/core/config/raw/step_test.go @@ -482,7 +482,7 @@ func TestStep_Validate(t *testing.T) { { // For atlantis.yaml v2, this wouldn't parse, but now there should // be no error. - description: "unparseable shell command", + description: "unparsable shell command", input: raw.Step{ StringVal: map[string]string{ "run": "my 'c", diff --git a/server/core/config/raw/workflow_step_test.go b/server/core/config/raw/workflow_step_test.go index 301e141e65..60b6f1552b 100644 --- a/server/core/config/raw/workflow_step_test.go +++ b/server/core/config/raw/workflow_step_test.go @@ -100,7 +100,7 @@ func TestGlobalConfigStep_Validate(t *testing.T) { { // For atlantis.yaml v2, this wouldn't parse, but now there should // be no error. - description: "unparseable shell command", + description: "unparsable shell command", input: raw.WorkflowHook{ StringVal: map[string]string{ "run": "my 'c", diff --git a/server/core/config/valid/global_cfg.go b/server/core/config/valid/global_cfg.go index a930ef22bc..5cf6f2795e 100644 --- a/server/core/config/valid/global_cfg.go +++ b/server/core/config/valid/global_cfg.go @@ -34,12 +34,12 @@ var AllowedSilencePRComments = []string{"plan", "apply"} // DefaultAtlantisFile is the default name of the config file for each repo. const DefaultAtlantisFile = "atlantis.yaml" -// NonOverrideableApplyReqs will get applied across all "repos" in the server side config. +// NonOverridableApplyReqs will get applied across all "repos" in the server side config. // If repo config is allowed overrides, they can override this. // TODO: Make this more customizable, not everyone wants this rigid workflow // maybe something along the lines of defining overridable/non-overrideable apply // requirements in the config and removing the flag to enable policy checking. -var NonOverrideableApplyReqs = []string{PoliciesPassedCommandReq} +var NonOverridableApplyReqs = []string{PoliciesPassedCommandReq} // GlobalCfg is the final parsed version of server-side repo config. type GlobalCfg struct { diff --git a/server/core/locking/apply_locking.go b/server/core/locking/apply_locking.go index bdb8546308..54591b13f6 100644 --- a/server/core/locking/apply_locking.go +++ b/server/core/locking/apply_locking.go @@ -54,7 +54,7 @@ func NewApplyClient(backend Backend, disableApply bool, disableGlobalApplyLock b } // LockApply acquires global apply lock. -// DisableApply takes presedence to any existing locks, if it is set to true +// DisableApply takes precedence to any existing locks, if it is set to true // this function returns an error func (c *ApplyClient) LockApply() (ApplyCommandLock, error) { response := ApplyCommandLock{} @@ -76,7 +76,7 @@ func (c *ApplyClient) LockApply() (ApplyCommandLock, error) { } // UnlockApply releases a global apply lock. -// DisableApply takes presedence to any existing locks, if it is set to true +// DisableApply takes precedence to any existing locks, if it is set to true // this function returns an error func (c *ApplyClient) UnlockApply() error { if c.disableApply { diff --git a/server/core/runtime/plan_step_runner.go b/server/core/runtime/plan_step_runner.go index b1cb66c1e4..7d99dc26bf 100644 --- a/server/core/runtime/plan_step_runner.go +++ b/server/core/runtime/plan_step_runner.go @@ -284,7 +284,7 @@ locally at this time. ` -// remoteOpsErr100 is the error terraform plan will retrun if this project is +// remoteOpsErr100 is the error terraform plan will return if this project is // using TFE remote operations in TF 1.0.{0,1}. var remoteOpsErr100 = `Error: Saving a generated plan is currently not supported diff --git a/server/core/runtime/post_workflow_hook_runner_test.go b/server/core/runtime/post_workflow_hook_runner_test.go index bbf22b4394..8bab373502 100644 --- a/server/core/runtime/post_workflow_hook_runner_test.go +++ b/server/core/runtime/post_workflow_hook_runner_test.go @@ -19,7 +19,7 @@ func TestPostWorkflowHookRunner_Run(t *testing.T) { defaultShell := "sh" defaultShellArgs := "-c" - defautShellCommandNotFoundErrorFormat := commandNotFoundErrorFormat(defaultShell) + defaultShellCommandNotFoundErrorFormat := commandNotFoundErrorFormat(defaultShell) defaultUnterminatedStringError := unterminatedStringError(defaultShell, defaultShellArgs) cases := []struct { @@ -82,7 +82,7 @@ func TestPostWorkflowHookRunner_Run(t *testing.T) { Command: "lkjlkj", Shell: defaultShell, ShellArgs: defaultShellArgs, - ExpOut: fmt.Sprintf(defautShellCommandNotFoundErrorFormat, "lkjlkj"), + ExpOut: fmt.Sprintf(defaultShellCommandNotFoundErrorFormat, "lkjlkj"), ExpErr: "exit status 127: running \"sh -c lkjlkj\" in", ExpDescription: "", }, diff --git a/server/core/runtime/pre_workflow_hook_runner_test.go b/server/core/runtime/pre_workflow_hook_runner_test.go index ad8659cfa2..40133c10a5 100644 --- a/server/core/runtime/pre_workflow_hook_runner_test.go +++ b/server/core/runtime/pre_workflow_hook_runner_test.go @@ -39,7 +39,7 @@ func TestPreWorkflowHookRunner_Run(t *testing.T) { defaultShell := "sh" defaultShellArgs := "-c" - defautShellCommandNotFoundErrorFormat := commandNotFoundErrorFormat(defaultShell) + defaultShellCommandNotFoundErrorFormat := commandNotFoundErrorFormat(defaultShell) defaultUnterminatedStringError := unterminatedStringError(defaultShell, defaultShellArgs) cases := []struct { @@ -102,7 +102,7 @@ func TestPreWorkflowHookRunner_Run(t *testing.T) { Command: "lkjlkj", Shell: defaultShell, ShellArgs: defaultShellArgs, - ExpOut: fmt.Sprintf(defautShellCommandNotFoundErrorFormat, "lkjlkj"), + ExpOut: fmt.Sprintf(defaultShellCommandNotFoundErrorFormat, "lkjlkj"), ExpErr: "exit status 127: running \"sh -c lkjlkj\" in", ExpDescription: "", }, diff --git a/server/core/terraform/terraform_client_test.go b/server/core/terraform/terraform_client_test.go index c60a5fb085..1c2c654495 100644 --- a/server/core/terraform/terraform_client_test.go +++ b/server/core/terraform/terraform_client_test.go @@ -78,9 +78,9 @@ is 0.11.13. You can update by downloading from developer.hashicorp.com/terraform defer tempSetEnv(t, "PATH", fmt.Sprintf("%s:%s", tmp, os.Getenv("PATH")))() mockDownloader := mocks.NewMockDownloader() - distibution := terraform.NewDistributionTerraformWithDownloader(mockDownloader) + distribution := terraform.NewDistributionTerraformWithDownloader(mockDownloader) - c, err := terraform.NewClient(logger, distibution, binDir, cacheDir, "", "", "", cmd.DefaultTFVersionFlag, cmd.DefaultTFDownloadURL, true, true, projectCmdOutputHandler) + c, err := terraform.NewClient(logger, distribution, binDir, cacheDir, "", "", "", cmd.DefaultTFVersionFlag, cmd.DefaultTFDownloadURL, true, true, projectCmdOutputHandler) Ok(t, err) Ok(t, err) @@ -301,10 +301,10 @@ func TestEnsureVersion_downloaded(t *testing.T) { projectCmdOutputHandler := jobmocks.NewMockProjectCommandOutputHandler() mockDownloader := mocks.NewMockDownloader() - distibution := terraform.NewDistributionTerraformWithDownloader(mockDownloader) + distribution := terraform.NewDistributionTerraformWithDownloader(mockDownloader) downloadsAllowed := true - c, err := terraform.NewTestClient(logger, distibution, binDir, cacheDir, "", "", "0.11.10", cmd.DefaultTFVersionFlag, cmd.DefaultTFDownloadURL, downloadsAllowed, true, projectCmdOutputHandler) + c, err := terraform.NewTestClient(logger, distribution, binDir, cacheDir, "", "", "0.11.10", cmd.DefaultTFVersionFlag, cmd.DefaultTFDownloadURL, downloadsAllowed, true, projectCmdOutputHandler) Ok(t, err) Equals(t, "0.11.10", c.DefaultVersion().String()) diff --git a/server/events/markdown_renderer.go b/server/events/markdown_renderer.go index 5bbfc8a47e..4ce268c239 100644 --- a/server/events/markdown_renderer.go +++ b/server/events/markdown_renderer.go @@ -316,7 +316,7 @@ func (m *MarkdownRenderer) renderProjectResults(ctx *command.Context, results [] resultData.Rendered = m.renderTemplateTrimSpace(templates.Lookup("stateRmSuccessUnwrapped"), result.StateRmSuccess) } // Error out if no template was found, only if there are no errors or failures. - // This is because some errors and failures rely on additional context rendered by templtes, but not all errors or failures. + // This is because some errors and failures rely on additional context rendered by templates, but not all errors or failures. } else if !(result.Error != nil || result.Failure != "") { resultData.Rendered = "Found no template. This is a bug!" } diff --git a/server/events/models/models.go b/server/events/models/models.go index f7bd4790db..66a102fc81 100644 --- a/server/events/models/models.go +++ b/server/events/models/models.go @@ -669,7 +669,7 @@ type TeamAllowlistCheckerContext struct { API bool } -// WorkflowHookCommandContext defines the context for a pre and post worklfow_hooks that will +// WorkflowHookCommandContext defines the context for a pre and post workflow_hooks that will // be executed before workflows. type WorkflowHookCommandContext struct { // BaseRepo is the repository that the pull request will be merged into. diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go index 5870bf22e0..0ffec157f8 100644 --- a/server/events/project_command_builder.go +++ b/server/events/project_command_builder.go @@ -32,7 +32,7 @@ const ( DefaultWorkspace = "default" // DefaultDeleteSourceBranchOnMerge being false is the default setting whether or not to remove a source branch on merge DefaultDeleteSourceBranchOnMerge = false - // DefaultAbortOnExcecutionOrderFail being false is the default setting for abort on execution group failiures + // DefaultAbortOnExcecutionOrderFail being false is the default setting for abort on execution group failures DefaultAbortOnExcecutionOrderFail = false ) @@ -238,7 +238,7 @@ type DefaultProjectCommandBuilder struct { AutoDetectModuleFiles string // User config option: List of file patterns to to to check if a directory contains modified files. AutoplanFileList string - // User config option: Format Terraform plan output into a markdown-diff friendy format for color-coding purposes. + // User config option: Format Terraform plan output into a markdown-diff friendly format for color-coding purposes. EnableDiffMarkdownFormat bool // User config option: Block plan requests from projects outside the files modified in the pull request. RestrictFileList bool diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go index 8c5d810cca..76f9ba9202 100644 --- a/server/events/project_command_runner.go +++ b/server/events/project_command_runner.go @@ -124,7 +124,7 @@ type ProjectApplyCommandRunner interface { } type ProjectPolicyCheckCommandRunner interface { - // PolicyCheck runs OPA defined policies for the project desribed by ctx. + // PolicyCheck runs OPA defined policies for the project described by ctx. PolicyCheck(ctx command.ProjectContext) command.ProjectResult } diff --git a/server/events/project_command_runner_test.go b/server/events/project_command_runner_test.go index 68548efdd0..13a75a1658 100644 --- a/server/events/project_command_runner_test.go +++ b/server/events/project_command_runner_test.go @@ -845,7 +845,7 @@ func TestDefaultProjectCommandRunner_ApprovePolicies(t *testing.T) { expFailure: "One or more policy sets require additional approval.", }, { - description: "When user is a top-level ownner through membership, increment approval on all policies.", + description: "When user is a top-level owner through membership, increment approval on all policies.", userTeams: []string{"someuserteam"}, policySetCfg: valid.PolicySets{ Owners: valid.PolicyOwners{ diff --git a/server/events/vcs/git_cred_writer_test.go b/server/events/vcs/git_cred_writer_test.go index 64e7588672..b8692bf25d 100644 --- a/server/events/vcs/git_cred_writer_test.go +++ b/server/events/vcs/git_cred_writer_test.go @@ -80,10 +80,10 @@ func TestWriteGitCreds_ReplaceApp(t *testing.T) { err = vcs.WriteGitCreds("x-access-token", "token", "github.com", tmp, logger, true) Ok(t, err) - expContets := "line1\nhttps://x-access-token:token@github.com\nline2" + expContents := "line1\nhttps://x-access-token:token@github.com\nline2" actContents, err := os.ReadFile(filepath.Join(tmp, ".git-credentials")) Ok(t, err) - Equals(t, expContets, string(actContents)) + Equals(t, expContents, string(actContents)) } // Test that the github app credential gets added even if there are other credentials. @@ -99,10 +99,10 @@ func TestWriteGitCreds_AppendAppWhenFileNotEmpty(t *testing.T) { err = vcs.WriteGitCreds("x-access-token", "token", "github.com", tmp, logger, true) Ok(t, err) - expContets := "line1\nhttps://user:token@host.com\nline2\nhttps://x-access-token:token@github.com" + expContents := "line1\nhttps://user:token@host.com\nline2\nhttps://x-access-token:token@github.com" actContents, err := os.ReadFile(filepath.Join(tmp, ".git-credentials")) Ok(t, err) - Equals(t, expContets, string(actContents)) + Equals(t, expContents, string(actContents)) } // Test that the github app credentials get updated when cred file is empty. @@ -118,10 +118,10 @@ func TestWriteGitCreds_AppendApp(t *testing.T) { err = vcs.WriteGitCreds("x-access-token", "token", "github.com", tmp, logger, true) Ok(t, err) - expContets := "https://x-access-token:token@github.com" + expContents := "https://x-access-token:token@github.com" actContents, err := os.ReadFile(filepath.Join(tmp, ".git-credentials")) Ok(t, err) - Equals(t, expContets, string(actContents)) + Equals(t, expContents, string(actContents)) } // Test that if we can't read the existing file to see if the contents will be diff --git a/server/events/vcs/github_client_test.go b/server/events/vcs/github_client_test.go index ffd0e02e59..8d4912616d 100644 --- a/server/events/vcs/github_client_test.go +++ b/server/events/vcs/github_client_test.go @@ -1039,21 +1039,21 @@ func TestGithubClient_MergePullCorrectMethod(t *testing.T) { allowSquash: false, expMethod: "rebase", }, - "all true: merge with merge: overrided by command": { + "all true: merge with merge: overridden by command": { allowMerge: true, allowRebase: true, allowSquash: true, mergeMethodOption: "merge", expMethod: "merge", }, - "all true: merge with rebase: overrided by command": { + "all true: merge with rebase: overridden by command": { allowMerge: true, allowRebase: true, allowSquash: true, mergeMethodOption: "rebase", expMethod: "rebase", }, - "all true: merge with squash: overrided by command": { + "all true: merge with squash: overridden by command": { allowMerge: true, allowRebase: true, allowSquash: true, From 356c13a0f491f30a938ef8c4df5cb93227a7b24c Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Sat, 28 Dec 2024 18:20:38 -0500 Subject: [PATCH 12/20] chore: fix typo pt2 (#5203) Signed-off-by: Rui Chen --- server/core/config/raw/repo_cfg.go | 66 ++++---- server/core/config/raw/repo_cfg_test.go | 46 +++--- server/core/config/valid/global_cfg.go | 2 +- server/core/config/valid/global_cfg_test.go | 4 +- server/core/config/valid/repo_cfg.go | 32 ++-- server/events/apply_command_runner_test.go | 98 +++++------ server/events/command/project_context.go | 2 +- server/events/plan_command_runner_test.go | 154 +++++++++--------- server/events/project_command_builder.go | 20 +-- .../events/project_command_context_builder.go | 20 +-- .../project_command_context_builder_test.go | 4 +- .../events/project_command_pool_executor.go | 2 +- 12 files changed, 225 insertions(+), 225 deletions(-) diff --git a/server/core/config/raw/repo_cfg.go b/server/core/config/raw/repo_cfg.go index f613f320ab..7d5592a5b9 100644 --- a/server/core/config/raw/repo_cfg.go +++ b/server/core/config/raw/repo_cfg.go @@ -10,25 +10,25 @@ import ( // DefaultEmojiReaction is the default emoji reaction for repos const DefaultEmojiReaction = "" -// DefaultAbortOnExcecutionOrderFail being false is the default setting for abort on execution group failures -const DefaultAbortOnExcecutionOrderFail = false +// DefaultAbortOnExecutionOrderFail being false is the default setting for abort on execution group failures +const DefaultAbortOnExecutionOrderFail = false // RepoCfg is the raw schema for repo-level atlantis.yaml config. type RepoCfg struct { - Version *int `yaml:"version,omitempty"` - Projects []Project `yaml:"projects,omitempty"` - Workflows map[string]Workflow `yaml:"workflows,omitempty"` - PolicySets PolicySets `yaml:"policies,omitempty"` - AutoDiscover *AutoDiscover `yaml:"autodiscover,omitempty"` - Automerge *bool `yaml:"automerge,omitempty"` - ParallelApply *bool `yaml:"parallel_apply,omitempty"` - ParallelPlan *bool `yaml:"parallel_plan,omitempty"` - DeleteSourceBranchOnMerge *bool `yaml:"delete_source_branch_on_merge,omitempty"` - EmojiReaction *string `yaml:"emoji_reaction,omitempty"` - AllowedRegexpPrefixes []string `yaml:"allowed_regexp_prefixes,omitempty"` - AbortOnExcecutionOrderFail *bool `yaml:"abort_on_execution_order_fail,omitempty"` - RepoLocks *RepoLocks `yaml:"repo_locks,omitempty"` - SilencePRComments []string `yaml:"silence_pr_comments,omitempty"` + Version *int `yaml:"version,omitempty"` + Projects []Project `yaml:"projects,omitempty"` + Workflows map[string]Workflow `yaml:"workflows,omitempty"` + PolicySets PolicySets `yaml:"policies,omitempty"` + AutoDiscover *AutoDiscover `yaml:"autodiscover,omitempty"` + Automerge *bool `yaml:"automerge,omitempty"` + ParallelApply *bool `yaml:"parallel_apply,omitempty"` + ParallelPlan *bool `yaml:"parallel_plan,omitempty"` + DeleteSourceBranchOnMerge *bool `yaml:"delete_source_branch_on_merge,omitempty"` + EmojiReaction *string `yaml:"emoji_reaction,omitempty"` + AllowedRegexpPrefixes []string `yaml:"allowed_regexp_prefixes,omitempty"` + AbortOnExecutionOrderFail *bool `yaml:"abort_on_execution_order_fail,omitempty"` + RepoLocks *RepoLocks `yaml:"repo_locks,omitempty"` + SilencePRComments []string `yaml:"silence_pr_comments,omitempty"` } func (r RepoCfg) Validate() error { @@ -69,9 +69,9 @@ func (r RepoCfg) ToValid() valid.RepoCfg { emojiReaction = *r.EmojiReaction } - abortOnExcecutionOrderFail := DefaultAbortOnExcecutionOrderFail - if r.AbortOnExcecutionOrderFail != nil { - abortOnExcecutionOrderFail = *r.AbortOnExcecutionOrderFail + abortOnExecutionOrderFail := DefaultAbortOnExecutionOrderFail + if r.AbortOnExecutionOrderFail != nil { + abortOnExecutionOrderFail = *r.AbortOnExecutionOrderFail } var autoDiscover *valid.AutoDiscover @@ -84,19 +84,19 @@ func (r RepoCfg) ToValid() valid.RepoCfg { repoLocks = r.RepoLocks.ToValid() } return valid.RepoCfg{ - Version: *r.Version, - Projects: validProjects, - Workflows: validWorkflows, - AutoDiscover: autoDiscover, - Automerge: automerge, - ParallelApply: parallelApply, - ParallelPlan: parallelPlan, - ParallelPolicyCheck: parallelPlan, - DeleteSourceBranchOnMerge: r.DeleteSourceBranchOnMerge, - AllowedRegexpPrefixes: r.AllowedRegexpPrefixes, - EmojiReaction: emojiReaction, - AbortOnExcecutionOrderFail: abortOnExcecutionOrderFail, - RepoLocks: repoLocks, - SilencePRComments: r.SilencePRComments, + Version: *r.Version, + Projects: validProjects, + Workflows: validWorkflows, + AutoDiscover: autoDiscover, + Automerge: automerge, + ParallelApply: parallelApply, + ParallelPlan: parallelPlan, + ParallelPolicyCheck: parallelPlan, + DeleteSourceBranchOnMerge: r.DeleteSourceBranchOnMerge, + AllowedRegexpPrefixes: r.AllowedRegexpPrefixes, + EmojiReaction: emojiReaction, + AbortOnExecutionOrderFail: abortOnExecutionOrderFail, + RepoLocks: repoLocks, + SilencePRComments: r.SilencePRComments, } } diff --git a/server/core/config/raw/repo_cfg_test.go b/server/core/config/raw/repo_cfg_test.go index b3844ee68c..245f2d56d2 100644 --- a/server/core/config/raw/repo_cfg_test.go +++ b/server/core/config/raw/repo_cfg_test.go @@ -281,43 +281,43 @@ func TestConfig_ToValid(t *testing.T) { Version: Int(2), }, exp: valid.RepoCfg{ - Version: 2, - Automerge: nil, - ParallelApply: nil, - AbortOnExcecutionOrderFail: false, - Workflows: map[string]valid.Workflow{}, + Version: 2, + Automerge: nil, + ParallelApply: nil, + AbortOnExecutionOrderFail: false, + Workflows: map[string]valid.Workflow{}, }, }, { description: "automerge, parallel_apply, abort_on_execution_order_fail true", input: raw.RepoCfg{ - Version: Int(2), - Automerge: Bool(true), - ParallelApply: Bool(true), - AbortOnExcecutionOrderFail: Bool(true), + Version: Int(2), + Automerge: Bool(true), + ParallelApply: Bool(true), + AbortOnExecutionOrderFail: Bool(true), }, exp: valid.RepoCfg{ - Version: 2, - Automerge: Bool(true), - ParallelApply: Bool(true), - AbortOnExcecutionOrderFail: true, - Workflows: map[string]valid.Workflow{}, + Version: 2, + Automerge: Bool(true), + ParallelApply: Bool(true), + AbortOnExecutionOrderFail: true, + Workflows: map[string]valid.Workflow{}, }, }, { description: "automerge, parallel_apply, abort_on_execution_order_fail false", input: raw.RepoCfg{ - Version: Int(2), - Automerge: Bool(false), - ParallelApply: Bool(false), - AbortOnExcecutionOrderFail: Bool(false), + Version: Int(2), + Automerge: Bool(false), + ParallelApply: Bool(false), + AbortOnExecutionOrderFail: Bool(false), }, exp: valid.RepoCfg{ - Version: 2, - Automerge: Bool(false), - ParallelApply: Bool(false), - AbortOnExcecutionOrderFail: false, - Workflows: map[string]valid.Workflow{}, + Version: 2, + Automerge: Bool(false), + ParallelApply: Bool(false), + AbortOnExecutionOrderFail: false, + Workflows: map[string]valid.Workflow{}, }, }, { diff --git a/server/core/config/valid/global_cfg.go b/server/core/config/valid/global_cfg.go index 5cf6f2795e..b0bdc86822 100644 --- a/server/core/config/valid/global_cfg.go +++ b/server/core/config/valid/global_cfg.go @@ -37,7 +37,7 @@ const DefaultAtlantisFile = "atlantis.yaml" // NonOverridableApplyReqs will get applied across all "repos" in the server side config. // If repo config is allowed overrides, they can override this. // TODO: Make this more customizable, not everyone wants this rigid workflow -// maybe something along the lines of defining overridable/non-overrideable apply +// maybe something along the lines of defining overridable/non-overridable apply // requirements in the config and removing the flag to enable policy checking. var NonOverridableApplyReqs = []string{PoliciesPassedCommandReq} diff --git a/server/core/config/valid/global_cfg_test.go b/server/core/config/valid/global_cfg_test.go index f247723a3e..05fbc462f0 100644 --- a/server/core/config/valid/global_cfg_test.go +++ b/server/core/config/valid/global_cfg_test.go @@ -774,7 +774,7 @@ repos: CustomPolicyCheck: false, }, }, - "repo-side apply reqs should include non-overrideable 'policies_passed' req when overridden and policies enabled": { + "repo-side apply reqs should include non-overridable 'policies_passed' req when overridden and policies enabled": { gCfg: ` repos: - id: /.*/ @@ -806,7 +806,7 @@ repos: PolicyCheck: true, }, }, - "repo-side apply reqs should not include non-overrideable 'policies_passed' req when overridden and policies disabled": { + "repo-side apply reqs should not include non-overridable 'policies_passed' req when overridden and policies disabled": { gCfg: ` repos: - id: /.*/ diff --git a/server/core/config/valid/repo_cfg.go b/server/core/config/valid/repo_cfg.go index e42e60158b..4612f72cec 100644 --- a/server/core/config/valid/repo_cfg.go +++ b/server/core/config/valid/repo_cfg.go @@ -14,22 +14,22 @@ import ( // RepoCfg is the atlantis.yaml config after it's been parsed and validated. type RepoCfg struct { // Version is the version of the atlantis YAML file. - Version int - Projects []Project - Workflows map[string]Workflow - PolicySets PolicySets - Automerge *bool - AutoDiscover *AutoDiscover - ParallelApply *bool - ParallelPlan *bool - ParallelPolicyCheck *bool - DeleteSourceBranchOnMerge *bool - RepoLocks *RepoLocks - CustomPolicyCheck *bool - EmojiReaction string - AllowedRegexpPrefixes []string - AbortOnExcecutionOrderFail bool - SilencePRComments []string + Version int + Projects []Project + Workflows map[string]Workflow + PolicySets PolicySets + Automerge *bool + AutoDiscover *AutoDiscover + ParallelApply *bool + ParallelPlan *bool + ParallelPolicyCheck *bool + DeleteSourceBranchOnMerge *bool + RepoLocks *RepoLocks + CustomPolicyCheck *bool + EmojiReaction string + AllowedRegexpPrefixes []string + AbortOnExecutionOrderFail bool + SilencePRComments []string } func (r RepoCfg) FindProjectsByDirWorkspace(repoRelDir string, workspace string) []Project { diff --git a/server/events/apply_command_runner_test.go b/server/events/apply_command_runner_test.go index 7dcc0a574d..6f713710f6 100644 --- a/server/events/apply_command_runner_test.go +++ b/server/events/apply_command_runner_test.go @@ -234,16 +234,16 @@ func TestApplyCommandRunner_ExecutionOrder(t *testing.T) { Description: "When first apply fails, the second don't run", ProjectContexts: []command.ProjectContext{ { - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelApplyEnabled: true, - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelApplyEnabled: true, + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 1, - ProjectName: "Second", - ParallelApplyEnabled: true, - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 1, + ProjectName: "Second", + ParallelApplyEnabled: true, + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -268,16 +268,16 @@ func TestApplyCommandRunner_ExecutionOrder(t *testing.T) { Description: "When first apply fails, the second not will run", ProjectContexts: []command.ProjectContext{ { - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelApplyEnabled: true, - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelApplyEnabled: true, + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 1, - ProjectName: "Second", - ParallelApplyEnabled: true, - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 1, + ProjectName: "Second", + ParallelApplyEnabled: true, + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -300,25 +300,25 @@ func TestApplyCommandRunner_ExecutionOrder(t *testing.T) { Description: "When both in a group of two succeeds, the following two will run", ProjectContexts: []command.ProjectContext{ { - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelApplyEnabled: true, - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelApplyEnabled: true, + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 0, - ProjectName: "Second", - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 0, + ProjectName: "Second", + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 1, - ProjectName: "Third", - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 1, + ProjectName: "Third", + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 1, - ProjectName: "Fourth", - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 1, + ProjectName: "Fourth", + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -353,25 +353,25 @@ func TestApplyCommandRunner_ExecutionOrder(t *testing.T) { Description: "When one out of two fails, the following two will not run", ProjectContexts: []command.ProjectContext{ { - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelApplyEnabled: true, - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelApplyEnabled: true, + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 0, - ProjectName: "Second", - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 0, + ProjectName: "Second", + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 1, - ProjectName: "Third", - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 1, + ProjectName: "Third", + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 1, - AbortOnExcecutionOrderFail: true, - ProjectName: "Fourth", + ExecutionOrderGroup: 1, + AbortOnExecutionOrderFail: true, + ProjectName: "Fourth", }, }, ProjectResults: []command.ProjectResult{ @@ -408,14 +408,14 @@ func TestApplyCommandRunner_ExecutionOrder(t *testing.T) { Description: "Don't block when parallel is not set", ProjectContexts: []command.ProjectContext{ { - ExecutionOrderGroup: 0, - ProjectName: "First", - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 0, + ProjectName: "First", + AbortOnExecutionOrderFail: true, }, { - ExecutionOrderGroup: 1, - ProjectName: "Second", - AbortOnExcecutionOrderFail: true, + ExecutionOrderGroup: 1, + ProjectName: "Second", + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -437,7 +437,7 @@ func TestApplyCommandRunner_ExecutionOrder(t *testing.T) { "2. dir: `` workspace: ``\n```diff\nGreat success!\n```\n\n---\n### Apply Summary\n\n2 projects, 1 successful, 0 failed, 1 errored", }, { - Description: "Don't block when abortOnExcecutionOrderFail is not set", + Description: "Don't block when abortOnExecutionOrderFail is not set", ProjectContexts: []command.ProjectContext{ { ExecutionOrderGroup: 0, diff --git a/server/events/command/project_context.go b/server/events/command/project_context.go index 5490b4a41e..8fff2831d6 100644 --- a/server/events/command/project_context.go +++ b/server/events/command/project_context.go @@ -122,7 +122,7 @@ type ProjectContext struct { // The index of order group. Before planning/applying it will use to sort projects. Default is 0. ExecutionOrderGroup int // If plans/applies should be aborted if any prior plan/apply fails - AbortOnExcecutionOrderFail bool + AbortOnExecutionOrderFail bool // Allows custom policy check tools outside of Conftest to run in checks CustomPolicyCheck bool SilencePRComments []string diff --git a/server/events/plan_command_runner_test.go b/server/events/plan_command_runner_test.go index 79e08ab2df..c0085dc963 100644 --- a/server/events/plan_command_runner_test.go +++ b/server/events/plan_command_runner_test.go @@ -170,20 +170,20 @@ func TestPlanCommandRunner_ExecutionOrder(t *testing.T) { Description: "When first plan fails, the second don't run", ProjectContexts: []command.ProjectContext{ { - CommandName: command.Plan, - ExecutionOrderGroup: 0, - Workspace: "first", - ProjectName: "First", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 0, + Workspace: "first", + ProjectName: "First", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 1, - Workspace: "second", - ProjectName: "Second", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 1, + Workspace: "second", + ProjectName: "Second", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -207,18 +207,18 @@ func TestPlanCommandRunner_ExecutionOrder(t *testing.T) { Description: "When first fails, the second will not run", ProjectContexts: []command.ProjectContext{ { - CommandName: command.Plan, - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 1, - ProjectName: "Second", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 1, + ProjectName: "Second", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -240,20 +240,20 @@ func TestPlanCommandRunner_ExecutionOrder(t *testing.T) { Description: "When first fails by autorun, the second will not run", ProjectContexts: []command.ProjectContext{ { - CommandName: command.Plan, - AutoplanEnabled: true, - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + AutoplanEnabled: true, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - AutoplanEnabled: true, - ExecutionOrderGroup: 1, - ProjectName: "Second", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + AutoplanEnabled: true, + ExecutionOrderGroup: 1, + ProjectName: "Second", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -275,29 +275,29 @@ func TestPlanCommandRunner_ExecutionOrder(t *testing.T) { Description: "When both in a group of two succeeds, the following two will run", ProjectContexts: []command.ProjectContext{ { - CommandName: command.Plan, - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 0, - ProjectName: "Second", - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 0, + ProjectName: "Second", + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 1, - ProjectName: "Third", - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 1, + ProjectName: "Third", + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 1, - ProjectName: "Fourth", - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 1, + ProjectName: "Fourth", + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -335,29 +335,29 @@ func TestPlanCommandRunner_ExecutionOrder(t *testing.T) { Description: "When one out of two fails, the following two will not run", ProjectContexts: []command.ProjectContext{ { - CommandName: command.Plan, - ExecutionOrderGroup: 0, - ProjectName: "First", - ParallelPlanEnabled: true, - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 0, + ProjectName: "First", + ParallelPlanEnabled: true, + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 0, - ProjectName: "Second", - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 0, + ProjectName: "Second", + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 1, - ProjectName: "Third", - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 1, + ProjectName: "Third", + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 1, - AbortOnExcecutionOrderFail: true, - ProjectName: "Fourth", + CommandName: command.Plan, + ExecutionOrderGroup: 1, + AbortOnExecutionOrderFail: true, + ProjectName: "Fourth", }, }, ProjectResults: []command.ProjectResult{ @@ -395,16 +395,16 @@ func TestPlanCommandRunner_ExecutionOrder(t *testing.T) { Description: "Don't block when parallel is not set", ProjectContexts: []command.ProjectContext{ { - CommandName: command.Plan, - ExecutionOrderGroup: 0, - ProjectName: "First", - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 0, + ProjectName: "First", + AbortOnExecutionOrderFail: true, }, { - CommandName: command.Plan, - ExecutionOrderGroup: 1, - ProjectName: "Second", - AbortOnExcecutionOrderFail: true, + CommandName: command.Plan, + ExecutionOrderGroup: 1, + ProjectName: "Second", + AbortOnExecutionOrderFail: true, }, }, ProjectResults: []command.ProjectResult{ @@ -425,7 +425,7 @@ func TestPlanCommandRunner_ExecutionOrder(t *testing.T) { }, }, { - Description: "Don't block when abortOnExcecutionOrderFail is not set", + Description: "Don't block when abortOnExecutionOrderFail is not set", ProjectContexts: []command.ProjectContext{ { CommandName: command.Plan, diff --git a/server/events/project_command_builder.go b/server/events/project_command_builder.go index 0ffec157f8..c52dee6360 100644 --- a/server/events/project_command_builder.go +++ b/server/events/project_command_builder.go @@ -32,8 +32,8 @@ const ( DefaultWorkspace = "default" // DefaultDeleteSourceBranchOnMerge being false is the default setting whether or not to remove a source branch on merge DefaultDeleteSourceBranchOnMerge = false - // DefaultAbortOnExcecutionOrderFail being false is the default setting for abort on execution group failures - DefaultAbortOnExcecutionOrderFail = false + // DefaultAbortOnExecutionOrderFail being false is the default setting for abort on execution group failures + DefaultAbortOnExecutionOrderFail = false ) func NewInstrumentedProjectCommandBuilder( @@ -440,7 +440,7 @@ func (p *DefaultProjectCommandBuilder) buildAllCommandsByCfg(ctx *command.Contex automerge := p.EnableAutoMerge parallelApply := p.EnableParallelApply parallelPlan := p.EnableParallelPlan - abortOnExcecutionOrderFail := DefaultAbortOnExcecutionOrderFail + abortOnExecutionOrderFail := DefaultAbortOnExecutionOrderFail if hasRepoCfg { if repoCfg.Automerge != nil { automerge = *repoCfg.Automerge @@ -451,7 +451,7 @@ func (p *DefaultProjectCommandBuilder) buildAllCommandsByCfg(ctx *command.Contex if repoCfg.ParallelPlan != nil { parallelPlan = *repoCfg.ParallelPlan } - abortOnExcecutionOrderFail = repoCfg.AbortOnExcecutionOrderFail + abortOnExecutionOrderFail = repoCfg.AbortOnExecutionOrderFail } if len(repoCfg.Projects) > 0 { @@ -477,7 +477,7 @@ func (p *DefaultProjectCommandBuilder) buildAllCommandsByCfg(ctx *command.Contex parallelApply, parallelPlan, verbose, - abortOnExcecutionOrderFail, + abortOnExecutionOrderFail, p.TerraformExecutor, )...) } @@ -539,7 +539,7 @@ func (p *DefaultProjectCommandBuilder) buildAllCommandsByCfg(ctx *command.Contex parallelApply, parallelPlan, verbose, - abortOnExcecutionOrderFail, + abortOnExecutionOrderFail, p.TerraformExecutor, )...) } @@ -860,7 +860,7 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *command.Conte automerge := p.EnableAutoMerge parallelApply := p.EnableParallelApply parallelPlan := p.EnableParallelPlan - abortOnExcecutionOrderFail := DefaultAbortOnExcecutionOrderFail + abortOnExecutionOrderFail := DefaultAbortOnExecutionOrderFail if repoCfgPtr != nil { if repoCfgPtr.Automerge != nil { automerge = *repoCfgPtr.Automerge @@ -871,7 +871,7 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *command.Conte if repoCfgPtr.ParallelPlan != nil { parallelPlan = *repoCfgPtr.ParallelPlan } - abortOnExcecutionOrderFail = repoCfgPtr.AbortOnExcecutionOrderFail + abortOnExecutionOrderFail = repoCfgPtr.AbortOnExecutionOrderFail } if len(matchingProjects) > 0 { @@ -896,7 +896,7 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *command.Conte parallelApply, parallelPlan, verbose, - abortOnExcecutionOrderFail, + abortOnExecutionOrderFail, p.TerraformExecutor, )...) } @@ -920,7 +920,7 @@ func (p *DefaultProjectCommandBuilder) buildProjectCommandCtx(ctx *command.Conte parallelApply, parallelPlan, verbose, - abortOnExcecutionOrderFail, + abortOnExecutionOrderFail, p.TerraformExecutor, )...) } diff --git a/server/events/project_command_context_builder.go b/server/events/project_command_context_builder.go index 19c1c8ff34..509fa728b8 100644 --- a/server/events/project_command_context_builder.go +++ b/server/events/project_command_context_builder.go @@ -38,7 +38,7 @@ type ProjectCommandContextBuilder interface { prjCfg valid.MergedProjectCfg, commentFlags []string, repoDir string, - automerge, parallelApply, parallelPlan, verbose, abortOnExcecutionOrderFail bool, terraformClient terraform.Client, + automerge, parallelApply, parallelPlan, verbose, abortOnExecutionOrderFail bool, terraformClient terraform.Client, ) []command.ProjectContext } @@ -58,13 +58,13 @@ func (cb *CommandScopedStatsProjectCommandContextBuilder) BuildProjectContext( prjCfg valid.MergedProjectCfg, commentFlags []string, repoDir string, - automerge, parallelApply, parallelPlan, verbose, abortOnExcecutionOrderFail bool, + automerge, parallelApply, parallelPlan, verbose, abortOnExecutionOrderFail bool, terraformClient terraform.Client, ) (projectCmds []command.ProjectContext) { cb.ProjectCounter.Inc(1) cmds := cb.ProjectCommandContextBuilder.BuildProjectContext( - ctx, cmdName, subCmdName, prjCfg, commentFlags, repoDir, automerge, parallelApply, parallelPlan, verbose, abortOnExcecutionOrderFail, terraformClient, + ctx, cmdName, subCmdName, prjCfg, commentFlags, repoDir, automerge, parallelApply, parallelPlan, verbose, abortOnExecutionOrderFail, terraformClient, ) projectCmds = []command.ProjectContext{} @@ -92,7 +92,7 @@ func (cb *DefaultProjectCommandContextBuilder) BuildProjectContext( prjCfg valid.MergedProjectCfg, commentFlags []string, repoDir string, - automerge, parallelApply, parallelPlan, verbose, abortOnExcecutionOrderFail bool, + automerge, parallelApply, parallelPlan, verbose, abortOnExecutionOrderFail bool, terraformClient terraform.Client, ) (projectCmds []command.ProjectContext) { ctx.Log.Debug("Building project command context for %s", cmdName) @@ -141,7 +141,7 @@ func (cb *DefaultProjectCommandContextBuilder) BuildProjectContext( parallelApply, parallelPlan, verbose, - abortOnExcecutionOrderFail, + abortOnExecutionOrderFail, ctx.Scope, ctx.PullRequestStatus, ctx.PullStatus, @@ -165,7 +165,7 @@ func (cb *PolicyCheckProjectCommandContextBuilder) BuildProjectContext( prjCfg valid.MergedProjectCfg, commentFlags []string, repoDir string, - automerge, parallelApply, parallelPlan, verbose, abortOnExcecutionOrderFail bool, + automerge, parallelApply, parallelPlan, verbose, abortOnExecutionOrderFail bool, terraformClient terraform.Client, ) (projectCmds []command.ProjectContext) { if prjCfg.PolicyCheck { @@ -192,7 +192,7 @@ func (cb *PolicyCheckProjectCommandContextBuilder) BuildProjectContext( parallelApply, parallelPlan, verbose, - abortOnExcecutionOrderFail, + abortOnExecutionOrderFail, terraformClient, ) @@ -214,7 +214,7 @@ func (cb *PolicyCheckProjectCommandContextBuilder) BuildProjectContext( parallelApply, parallelPlan, verbose, - abortOnExcecutionOrderFail, + abortOnExecutionOrderFail, ctx.Scope, ctx.PullRequestStatus, ctx.PullStatus, @@ -240,7 +240,7 @@ func newProjectCommandContext(ctx *command.Context, parallelApplyEnabled bool, parallelPlanEnabled bool, verbose bool, - abortOnExcecutionOrderFail bool, + abortOnExecutionOrderFail bool, scope tally.Scope, pullReqStatus models.PullReqStatus, pullStatus *models.PullStatus, @@ -308,7 +308,7 @@ func newProjectCommandContext(ctx *command.Context, PullStatus: pullStatus, JobID: uuid.New().String(), ExecutionOrderGroup: projCfg.ExecutionOrderGroup, - AbortOnExcecutionOrderFail: abortOnExcecutionOrderFail, + AbortOnExecutionOrderFail: abortOnExecutionOrderFail, SilencePRComments: projCfg.SilencePRComments, TeamAllowlistChecker: teamAllowlistChecker, } diff --git a/server/events/project_command_context_builder_test.go b/server/events/project_command_context_builder_test.go index 84ce0ff630..ff40645e0a 100644 --- a/server/events/project_command_context_builder_test.go +++ b/server/events/project_command_context_builder_test.go @@ -106,7 +106,7 @@ func TestProjectCommandContextBuilder_PullStatus(t *testing.T) { assert.False(t, result[0].ParallelPlanEnabled) }) - t.Run("when AbortOnExcecutionOrderFail is set to true", func(t *testing.T) { + t.Run("when AbortOnExecutionOrderFail is set to true", func(t *testing.T) { projCfg.Name = "Apply Comment" When(mockCommentBuilder.BuildPlanComment(projRepoRelDir, projWorkspace, "", []string{})).ThenReturn(expectedPlanCmt) When(mockCommentBuilder.BuildApplyComment(projRepoRelDir, projWorkspace, "", false, "")).ThenReturn(expectedApplyCmt) @@ -123,6 +123,6 @@ func TestProjectCommandContextBuilder_PullStatus(t *testing.T) { result := subject.BuildProjectContext(commandCtx, command.Plan, "", projCfg, []string{}, "some/dir", false, false, false, false, true, terraformClient) - assert.True(t, result[0].AbortOnExcecutionOrderFail) + assert.True(t, result[0].AbortOnExecutionOrderFail) }) } diff --git a/server/events/project_command_pool_executor.go b/server/events/project_command_pool_executor.go index c3b19114d6..bd6a934b36 100644 --- a/server/events/project_command_pool_executor.go +++ b/server/events/project_command_pool_executor.go @@ -82,7 +82,7 @@ func runProjectCmdsParallelGroups( for _, group := range groups { res := runProjectCmdsParallel(group, runnerFunc, poolSize) results = append(results, res.ProjectResults...) - if res.HasErrors() && group[0].AbortOnExcecutionOrderFail { + if res.HasErrors() && group[0].AbortOnExecutionOrderFail { ctx.Log.Info("abort on execution order when failed") break } From 2921c9bff408a7cb1cc9f2e843ac48468c14ccd1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 29 Dec 2024 00:24:59 +0000 Subject: [PATCH 13/20] chore(deps): update actions/upload-artifact action to v4.5.0 in .github/workflows/scorecard.yml (main) (#5204) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8bf7658a3e..7b0dee66de 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -43,7 +43,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: 'Upload artifact' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif From 2e1674131aa7b64fd8c515c223542e2c4433ef87 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 00:56:47 +0000 Subject: [PATCH 14/20] chore(deps): update github/codeql-action action to v3.28.0 in .github/workflows/scorecard.yml (main) (#5205) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7b0dee66de..b3cfe0671e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -51,6 +51,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif From 07b6a4cac32022b13e18f93d73f9e3f71a66b96f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 03:31:09 +0000 Subject: [PATCH 15/20] fix(deps): update module github.com/alicebob/miniredis/v2 to v2.34.0 in go.mod (main) (#5206) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f9ddb5c30d..0328202cbd 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.4 require ( code.gitea.io/sdk/gitea v0.19.0 github.com/Masterminds/sprig/v3 v3.3.0 - github.com/alicebob/miniredis/v2 v2.33.0 + github.com/alicebob/miniredis/v2 v2.34.0 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 github.com/briandowns/spinner v1.23.1 github.com/cactus/go-statsd-client/v5 v5.1.0 @@ -70,7 +70,7 @@ require ( github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect - github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect + github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect diff --git a/go.sum b/go.sum index bacda75e32..5e21b61577 100644 --- a/go.sum +++ b/go.sum @@ -59,10 +59,10 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= -github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUiji6lZrA= -github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0= +github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 h1:uvdUDbHQHO85qeSydJtItA4T55Pw6BtAejd0APRJOCE= +github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= +github.com/alicebob/miniredis/v2 v2.34.0 h1:mBFWMaJSNL9RwdGRyEDoAAv8OQc5UlEhLDQggTglU/0= +github.com/alicebob/miniredis/v2 v2.34.0/go.mod h1:kWShP4b58T1CW0Y5dViCd5ztzrDqRWqM3nksiyXk5s8= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= From fad1b2b697f064fc3da6ac249e5906da026bf392 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Mon, 30 Dec 2024 14:49:34 -0500 Subject: [PATCH 16/20] use ubuntu-24.04 for all builds we don't have arm runners at the moment Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 7ab0d8b586..4e8489e0db 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -52,29 +52,9 @@ jobs: attestations: write strategy: matrix: - include: - # ARM64 builds - - image_type: alpine - platform: linux/arm64/v8 - runs_on: buildjet-8vcpu-ubuntu-2204-arm - - image_type: debian - platform: linux/arm64/v8 - runs_on: buildjet-8vcpu-ubuntu-2204-arm - # ARMv7 builds - - image_type: alpine - platform: linux/arm/v7 - runs_on: buildjet-8vcpu-ubuntu-2204-arm - - image_type: debian - platform: linux/arm/v7 - runs_on: buildjet-8vcpu-ubuntu-2204-arm - # AMD64 builds - - image_type: alpine - platform: linux/amd64 - runs_on: ubuntu-24.04 - - image_type: debian - platform: linux/amd64 - runs_on: ubuntu-24.04 - runs-on: ${{ matrix.runs_on }} + image_type: [alpine, debian] + platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] + runs-on: ubuntu-24.04 env: # Set docker repo to either the fork or the main repo where the branch exists DOCKER_REPO: ghcr.io/${{ github.repository }} @@ -210,6 +190,7 @@ jobs: strategy: matrix: image_type: [alpine, debian] + platform: [linux/arm64/v8, linux/amd64, linux/arm/v7] env: # Set docker repo to either the fork or the main repo where the branch exists DOCKER_REPO: ghcr.io/${{ github.repository }} From 9444e3d57fdd62e7fc0ee5b50c55e4ecce5f3eac Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Mon, 30 Dec 2024 15:43:36 -0500 Subject: [PATCH 17/20] Sign dev tags, version tags, and latest tags Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 4e8489e0db..09c2ccc1b1 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -170,8 +170,9 @@ jobs: # no key needed, we're using the GitHub OIDC flow # Only run on alpine/amd64 build to avoid signing multiple times if: env.PUSH == 'true' && github.event_name != 'pull_request' && matrix.image_type == 'alpine' && matrix.platform == 'linux/amd64' - run: | - echo "${TAGS}" | xargs -I {} cosign sign \ + run: | + # Sign dev tags, version tags, and latest tags + echo "${TAGS}" | grep -E ':(dev-|v[0-9]+\.[0-9]+\.[0-9]+|latest)$' | xargs -I {} cosign sign \ --yes \ --recursive=true \ -a actor=${{ github.actor}} \ From 71a35fe4b41669f5e19e0aefbb1967195be02762 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Mon, 30 Dec 2024 15:57:00 -0500 Subject: [PATCH 18/20] Start using setup-go This provides dependency caching. Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 09c2ccc1b1..79165c252a 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -70,6 +70,9 @@ jobs: with: dockerfile: "Dockerfile" + - name: Set up Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 with: From ae8a7bfa83bb5850f57040dd7f2224a3be6cc2d1 Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Mon, 30 Dec 2024 16:09:34 -0500 Subject: [PATCH 19/20] Actually use matrix platform input. Link to go.mod for version mgmt Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 79165c252a..5bed520d7e 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -72,6 +72,8 @@ jobs: - name: Set up Go uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version-file: "go.mod" - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 @@ -154,7 +156,7 @@ jobs: ATLANTIS_VERSION=${{ env.RELEASE_VERSION }} ATLANTIS_COMMIT=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} ATLANTIS_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - platforms: linux/arm64/v8,linux/amd64,linux/arm/v7 + platforms: ${{ matrix.platform }} push: ${{ env.PUSH }} tags: ${{ steps.meta.outputs.tags }} target: ${{ matrix.image_type }} From 6ec9c85f8b5c54b88c89267690f16fd77c33003b Mon Sep 17 00:00:00 2001 From: Dan Urson Date: Mon, 30 Dec 2024 16:18:47 -0500 Subject: [PATCH 20/20] just sign all the tags for now Signed-off-by: Dan Urson --- .github/workflows/atlantis-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 5bed520d7e..0b8e8019df 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -177,7 +177,7 @@ jobs: if: env.PUSH == 'true' && github.event_name != 'pull_request' && matrix.image_type == 'alpine' && matrix.platform == 'linux/amd64' run: | # Sign dev tags, version tags, and latest tags - echo "${TAGS}" | grep -E ':(dev-|v[0-9]+\.[0-9]+\.[0-9]+|latest)$' | xargs -I {} cosign sign \ + echo "${TAGS}" | xargs -I {} cosign sign \ --yes \ --recursive=true \ -a actor=${{ github.actor}} \