atlantis icon indicating copy to clipboard operation
atlantis copied to clipboard
verified publisher icon runatlantis

Atlantis apply succeeds on unmergeable MR with apply_requirements mergeable in Gitlab

Open Balsir opened this issue 2 years ago • 3 comments

Community Note

  • Please vote on this issue by adding a :+1: reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

In Gitlab, Atlantis runs apply with apply_requirement mergeable even if the merge request cannot be merged.

Reproduction Steps

  1. Configure checkout strategy merge and apply_requirements approved, mergeable, undiverged
  2. In Gitlab repo, set Merge method to Merge commit with semi-linear history.
  3. Create merge request and run atlantis plan
  4. Change a different file and push directly to main. The following should show up on the merge request, preventing merging. image
  5. Run atlantis apply. The apply succeeds. I would expect it to fail until rebase is completed.

Environment details

  • Atlantis version: v0.26.0
  • Deployment method: helm
  • Gitlab version v16.5.1-ee

Atlantis server-side config file:

repos:
- apply_requirements:
  - approved
  - mergeable
  - undiverged
  id: /.*/

Repo atlantis.yaml file:

version: 3
parallel_plan: true
parallel_apply: true
projects:
  - name: terraform
    dir: terraform
    autoplan:
      when_modified: [ "*.tf" ]
    terraform_version: 1.5.6

Balsir avatar Dec 08 '23 20:12 Balsir

Hello I tried to reproduce this issue in version v0.28.5 of Atlantis and my apply was failed with error - Apply Failed: Default branch must be rebased onto pull request before running apply.. This is a good behavior, try and check again and tell me if the issue still exist

dorian-tsorfy avatar Aug 12 '24 11:08 dorian-tsorfy

Hello, running Atlantis v0.31.0 and seeing same behaviour. our config

            repos:
              - id: xxx/infra-terraform
                branch: /^main$/
                plan_requirements: [undiverged]
                apply_requirements: [approved, mergeable, undiverged]
                allowed_workflows: [terragrunt]
                allowed_overrides: [workflow]
                delete_source_branch_on_merge: true

And users are able to apply MR even if it needs rebase.

I suspect that this could be some configuration combination which makes this happen.

Atoms avatar Feb 10 '25 07:02 Atoms

Seems to have been introduced via Issue https://github.com/runatlantis/atlantis/issues/4390 and PR https://github.com/runatlantis/atlantis/pull/4402 with basically no justification.

If the project is set to fast-forward only or semi-linear history, API responsedetailed_merge_status: "need_rebase" clearly indicates that merge is not possible. Why would one want to introduce custom logic and mark MRs as mergeable when it obviously isn't mergeable by VCS?

Maybe @X-Guardian could explain the reasoning behind these changes?

timsolovev avatar Sep 24 '25 10:09 timsolovev