atlantis icon indicating copy to clipboard operation
atlantis copied to clipboard

Published 20 hours ago verified publisher icon runatlantis

Feature Request: Halt execution on pre-workflow hook failure

Open smitthakkar96 opened this issue 3 years ago • 4 comments

Currently the execution of plan continues even if there is a failure in pre-workflow hook, this is potentially dangerous. Also when Atlantis comments on PR, it suppresses the error (errors should never pass silently or there should be a way to control this behaviour). Since changing this behaviour affects backwards compatibility I propose a new flag halt_on_failure to be added to pre-workflow hooks. I am happy to contribute if maintainers and community thinks there is value in having this feature.

Usecase

We use https://github.com/transcend-io/terragrunt-atlantis-config to generate atlantis.yaml. In our teams developers open PRs to our repos and if there is an error in terragrunt config or hcl the config generator fails too resulting in no atlantis.yaml. Because of this atlantis falls back to default workflow resulting in a weird error because it cannot understand terragrunt configs.

running "/atlantis-data/bin/terraform1.0.0 plan -input=false -refresh -no-color -out \"/atlantis-data/repos/deliveryhero/pd-sre-terraform/34/default/squads/dark-stores/groceries-product-service-golden-signals/staging/default.tfplan\"" in "/atlantis-data/repos/deliveryhero/pd-sre-terraform/34/default/squads/dark-stores/groceries-product-service-golden-signals/staging": exit status 1

Error: No configuration files

Plan requires configuration to be present. Planning without a configuration
would mark everything for destruction, which is normally not what is desired.
If you would like to destroy everything, run plan with the -destroy option.
Otherwise, create a Terraform configuration file (.tf file) and try again.

smitthakkar96 avatar Sep 29 '21 09:09 smitthakkar96

@lkysow @chenrui333 @nishkrishnan @anubhavmishra ping

smitthakkar96 avatar Dec 10 '21 11:12 smitthakkar96

This would be a very good feature to implement. We naively allowed custom workflows when introducing Atlantis in the company and we would like to check if the apply is triggered by someone from the infrastructure team. This is a very simple feature to implement, and, like @smitthakkar96, I'm happy to contribute.

elisiariocouto avatar Feb 10 '22 14:02 elisiariocouto

@elisiariocouto As you said I agree this is easy to implement however before I/you put effort in implementing this, I would like to hear from the maintainers what they think about it and if such feature will be merged in upstream if we open a PR. I am not a fan of running my own fork.

smitthakkar96 avatar Feb 10 '22 16:02 smitthakkar96

Yeah i'd be in favor of this, been thinking about this for a while, but didn't have the bandwidth to look into it and see whether it's something the community would want. Also want to make sure this doesn't break other people's workflows.

nishkrishnan avatar Feb 10 '22 18:02 nishkrishnan

In many cases, pre-workflow hooks that generate atlantis.yaml are essential. Plans should not run when the fail, or the will operate with completely wrong configuration or assumptions (wrong projects, wrong auth, etc). There should be an option to fail a plan and report the output of the failed hook to the users interacting with a pull request.

danielkza avatar May 18 '23 10:05 danielkza