atlantis
atlantis copied to clipboard
runatlantis
`--hide-prev-plan-comments` flag fails if using Github App name with uppercased or space chars
Problem
I have ATLANTIS_HIDE_PREV_PLAN_COMMENTS=true and running 0.15.0 as a github app in ECS Fargate. I run plan manually in my repo using the following.
atlantis plan -d iam-policies/engineer
When I run that multiple times in the same PR, it does not hide my previous plan comments.
Configuration
I have the following env vars setup in my module.
custom_environment_variables = [
{
"name" : "ATLANTIS_WRITE_GIT_CREDS",
"value" : "true",
},
{
"name" : "ATLANTIS_HIDE_PREV_PLAN_COMMENTS",
"value" : "true",
},
{
"name" : "ATLANTIS_LOG_LEVEL",
"value" : "debug",
},
# set default version
{
"name" : "ATLANTIS_DEFAULT_TF_VERSION",
"value" : local.terraform_version,
},
{
"name" : "DEFAULT_TERRAFORM_VERSION",
"value" : local.terraform_version,
},
# for the github bot
{
"name" : "ATLANTIS_GH_APP_ID",
"value" : "12345",
},
{
"name" : "ATLANTIS_GH_APP_KEY_FILE",
"value" : "/home/atlantis/atlantis-app-key.pem",
},
]
and my server atlantis.yaml is
# https://www.runatlantis.io/docs/server-configuration.html#repo-config-json
repos:
- # apply config to repos matching this regex
id: /.*/
# allow repo level custom workflows
allow_custom_workflows: true
# allow repo level configs to override the following
allowed_overrides:
- apply_requirements
- workflow
# `terraform apply` requires the PR to be
apply_requirements:
- approved
# - mergeable
workflow: default
terraform_version: 0.12.29
# custom workflows
# https://www.runatlantis.io/docs/server-side-repo-config.html#allow-repos-to-choose-a-server-side-workflow
workflows:
default:
apply:
steps:
# - apply
- run: echo 'Apply is disabled for now. Please apply locally or contact dev_ops / noc_ops slack channels'
- run: if [ `cat /home/atlantis/users | grep -i "^$USERNAME$" | wc -l` != 1 ]; then echo "Not in users file" && exit 1; else echo "Authenticated"; fi
plan:
steps:
- init
- run: echo 'Running tflint...' && tflint
- run: echo 'Running checkov...' && checkov --quiet -d .
- plan
Logs
$ ecs-cli logs --cluster atlantis --task-id mytaskid | grep 'terraform_scripts#319'
2020/08/19 13:04:20+0000 [DBUG] project_command_builder.go:204 ghorg/terraform_scripts#319: Building plan command
2020/08/19 13:04:20+0000 [DBUG] project_command_builder.go:211 ghorg/terraform_scripts#319: Cloning repository
2020/08/19 13:04:20+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:30 ghorg/terraform_scripts#319: Wrote git credentials to /home/atlantis/.git-credentials
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:60 ghorg/terraform_scripts#319: Successfully ran git config --global credential.helper store
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:66 ghorg/terraform_scripts#319: Successfully ran git config --global url.https://[email protected] ssh://[email protected]
2020/08/19 13:04:20+0000 [INFO] working_dir.go:172 ghorg/terraform_scripts#319: Creating dir "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default"
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:238 ghorg/terraform_scripts#319: Ran: git clone --branch engineer-assume --depth=1 --single-branch https://:<redacted>@github.com/ghorg/terraform_scripts.git /home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default. Output: Cloning into '/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default'...
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:189 ghorg/terraform_scripts#319: Building config based on server-side config
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allowed_overrides: [apply_requirements,workflow] from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allow_custom_workflows: true from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting apply_requirements: [approved] from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting workflow: "default" from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [INFO] project_command_builder.go:483 ghorg/terraform_scripts#319: Cannot determine which version to use from terraform configuration, detected 2 possibilities.
2020/08/19 13:04:21+0000 [INFO] project_locker.go:80 ghorg/terraform_scripts#319: Acquired lock with id "ghorg/terraform_scripts/iam-policies/engineer/default"
2020/08/19 13:04:21+0000 [DBUG] project_command_runner.go:144 ghorg/terraform_scripts#319: Acquired lock for project
2020/08/19 13:04:21+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:04:21+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:04:32+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:32+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running tflint...' && tflint" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:36+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running checkov...' && checkov --quiet -d ." in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:36+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 workspace show" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:54+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 plan -input=false -refresh -no-color -out \"/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer/default.tfplan\"" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:55+0000 [DBUG] command_runner.go:584 ghorg/terraform_scripts#319: Updating DB with pull results
2020/08/19 13:05:31+0000 [DBUG] project_command_builder.go:204 ghorg/terraform_scripts#319: Building plan command
2020/08/19 13:05:31+0000 [DBUG] project_command_builder.go:211 ghorg/terraform_scripts#319: Cloning repository
2020/08/19 13:05:31+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:05:31+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:189 ghorg/terraform_scripts#319: Building config based on server-side config
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting apply_requirements: [approved] from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting workflow: "default" from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allowed_overrides: [apply_requirements,workflow] from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allow_custom_workflows: true from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [INFO] project_command_builder.go:483 ghorg/terraform_scripts#319: Cannot determine which version to use from terraform configuration, detected 2 possibilities.
2020/08/19 13:05:31+0000 [INFO] project_locker.go:80 ghorg/terraform_scripts#319: Acquired lock with id "ghorg/terraform_scripts/iam-policies/engineer/default"
2020/08/19 13:05:31+0000 [DBUG] project_command_runner.go:144 ghorg/terraform_scripts#319: Acquired lock for project
2020/08/19 13:05:31+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:05:31+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:05:36+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:36+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running tflint...' && tflint" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:40+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running checkov...' && checkov --quiet -d ." in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:40+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 workspace show" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:58+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 plan -input=false -refresh -no-color -out \"/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer/default.tfplan\"" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:59+0000 [DBUG] command_runner.go:584 ghorg/terraform_scripts#319: Updating DB with pull results
Related
- https://github.com/runatlantis/atlantis/issues/1009
Current workaround
Thanks to comments below, the current workaround seems to be
- Look at the log line
GH User: <gh user> - set
ATLANTIS_GH_APP_SLUGenv to the name of the atlantis app - make sure the atlantis app name is lowercased and all the spaces are now dashes
To resolve this in a PR
- The user used to hide the comments should be the same user as the name of the app
- The
ATLANTIS_GH_APP_SLUGshould not be needed - An error message should be caught and thrown if hiding prev plan comments does not work
In my case I was using the Fargate Module and after reviewing the inputs I noticed that the value for atlantis_hide_prev_plan_comments defaults to false. It seems that setting overrides environment variables that are set in the docker image, which is where I set my env vars. It's possible that it overrides the custom_environment_variables argument as well.
Setting atlantis_hide_prev_plan_comments = "true" in the configuration solved the issue for me.
I'm using the same module, latest version 2.24.0, and tried both ways, using the custom env var and the argument, but still seeing the same result.
# server configuration file
atlantis_hide_prev_plan_comments: "true"
hide_prev_plan_comments: "true"
atlantis-hide-prev-plan-comments: "true"
hide-prev-plan-comments: "true"
# Environment variable
ATLANTIS_HIDE_PREV_PLAN_COMMENTS = "true"
# Docker image arguments
["server", "--hide-prev-plan-comments"]
And yet the GitHub comments do not hide...at this point I'm questioning my sanity! 😄
I am using Atlantis with the GitHub application and I see the same behavior as above, comments doesn't hide. I don't see any errors in the logs. If you need more information, don't hesitate to ask.
We especially have plans on several comments.
We are running Atlantis v0.15.0 on GitHub with a Team plan and ownership of the app have been given to our organization.
We just switched to using app authentication and are also seeing this error. Previously (yesterday) we were using token authentication and had no issues with this setting.
This problem started when i switched from token to GH app. I have gh-app-slug configured however it does not hid previous plan.
Just upgraded to Atlantis 0.17.0 in docker
running TF .15.3
Here is the same, after we switched from token to GH app. Our previous comments doesn't come to hide.
We run Atlantis 0.16.0 and TF .12.x Any suggestions?
Is there any updates on the problem where we can hide previous plan comments using github app rather then token. Is there a working fix that we can apply without having a feature/development branch running?
Ok so I did some code spelunking and I think I figured out what the problem is.
So first of all this line (https://github.com/runatlantis/atlantis/blob/1637171dc9c55f35c056c9f6ab38422f5c2619b7/server/events/vcs/github_client.go#L96) emits the following value:
Atlantis (usw2-hub1)[bot]
Then when you look at the comments payload the login field as referenced here (https://github.com/runatlantis/atlantis/blob/1637171dc9c55f35c056c9f6ab38422f5c2619b7/server/events/vcs/github_client.go#L196)
has the following value
atlantis-usw2-hub1[bot]
My APP was named Atlantis (usw2-hub1) by changing the app name to atlantis-usw2-hub1 the comment hiding started working again. Hopefully this helps anyone else work around this.
For me, logger.Debug("GH User: %s", user) was returning GH User: (empty string). I dug into the code and noticed this change from https://github.com/runatlantis/atlantis/pull/1334 that short circuits GetUser() from retrieving the Github app user. To remedy, one needs to set the environment variable ATLANTIS_GH_APP_SLUG to the name of the Github app. This environment variable is not listed in https://www.runatlantis.io/docs/server-configuration.html#environment-variables.
Hope this helps someone.
Hello,
Thanks you @chriskuchin and @davidji99, your solution is working. As pointed out by @davidji99, it is necessary to set ATLANTIS_GH_APP_SLUG to the same value as the name of the GitHub app. After this change, the comments are well hidden during a new commit.
Still, having an issue with this even when setting ATLANTIS_GH_APP_SLUG
Running Atlantis v0.18.1
Still, having an issue with this even when setting
ATLANTIS_GH_APP_SLUGRunning Atlantisv0.18.1
It is very confusing and counter intuitive, but if you app is called My Atlantis, it's not enough to set the slug to my-atlantis -- the app itself needs to be called my-atlantis.
Hope this makes sense.
@jamengual Should we keep this open until atlantis can support non lowercased github app names? Or at the very least, document this limitation?
This still doesn't seem to work for me using a GitHub app and Atlantis v0.22.3.
