diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 335e17056a..02829ed319 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -42,13 +42,13 @@ jobs: dockerfile: "Dockerfile" - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: image: tonistiigi/binfmt:latest platforms: arm64,arm - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 # https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515 with: driver-opts: | @@ -62,7 +62,7 @@ jobs: # if it's v0.10.0 and debian, it will do v0.10.0-debian, latest-debian - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 env: SUFFIX: ${{ format('-{0}', matrix.image_type) }} with: @@ -94,7 +94,7 @@ jobs: # Suffix is not used here since there's no way to disable it above - name: Login to Packages Container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 056e366757..0f145aa005 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: go-version-file: go.mod - name: Run GoReleaser for stable release - uses: goreleaser/goreleaser-action@v4 + uses: goreleaser/goreleaser-action@v5 if: (!contains(github.ref, 'pre')) with: version: v1.16.2 @@ -45,7 +45,7 @@ jobs: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - name: Run GoReleaser for pre-release - uses: goreleaser/goreleaser-action@v4 + uses: goreleaser/goreleaser-action@v5 if: contains(github.ref, 'pre') with: version: v1.16.2 diff --git a/.github/workflows/testing-env-image.yml b/.github/workflows/testing-env-image.yml index fa6b521d07..4c37a4587a 100644 --- a/.github/workflows/testing-env-image.yml +++ b/.github/workflows/testing-env-image.yml @@ -24,16 +24,16 @@ jobs: - uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: image: tonistiigi/binfmt:latest platforms: arm64,arm - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to Packages Container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.node-version b/.node-version index 4a1f488b6c..02c8b485ed 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -18.17.1 +18.18.0 diff --git a/Dockerfile b/Dockerfile index 66a2a06c89..b1c6406426 100644 --- a/Dockerfile +++ b/Dockerfile @@ -125,7 +125,7 @@ ENV DEFAULT_TERRAFORM_VERSION=1.5.7 # In the official Atlantis image, we only have the latest of each Terraform version. # Each binary is about 80 MB so we limit it to the 4 latest minor releases or fewer -RUN AVAILABLE_TERRAFORM_VERSIONS="1.2.9 1.3.9 1.4.6 ${DEFAULT_TERRAFORM_VERSION}" && \ +RUN AVAILABLE_TERRAFORM_VERSIONS="1.2.9 1.3.10 1.4.6 ${DEFAULT_TERRAFORM_VERSION}" && \ case "${TARGETPLATFORM}" in \ "linux/amd64") TERRAFORM_ARCH=amd64 ;; \ "linux/arm64") TERRAFORM_ARCH=arm64 ;; \ @@ -172,7 +172,7 @@ COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh # We place this last as it will bust less docker layer caches when packages update RUN apk add --no-cache \ ca-certificates~=20230506 \ - curl~=8.2 \ + curl~=8.3 \ git~=2.40 \ unzip~=6.0 \ bash~=5.2 \ diff --git a/cmd/server.go b/cmd/server.go index e79012408c..19ed98763e 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -134,6 +134,7 @@ const ( RestrictFileList = "restrict-file-list" TFDownloadFlag = "tf-download" TFDownloadURLFlag = "tf-download-url" + UseTFPluginCache = "use-tf-plugin-cache" VarFileAllowlistFlag = "var-file-allowlist" VCSStatusName = "vcs-status-name" TFEHostnameFlag = "tfe-hostname" @@ -568,6 +569,10 @@ var boolFlags = map[string]boolFlag{ description: "Remove no-changes plan comments from the pull request.", defaultValue: false, }, + UseTFPluginCache: { + description: "Enable the use of the Terraform plugin cache", + defaultValue: true, + }, } var intFlags = map[string]intFlag{ CheckoutDepthFlag: { diff --git a/go.mod b/go.mod index 6dfc6a6da3..e503311d3c 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/petergtz/pegomock/v4 v4.0.0 github.com/pkg/errors v0.9.1 - github.com/redis/go-redis/v9 v9.1.0 + github.com/redis/go-redis/v9 v9.2.0 github.com/remeh/sizedwaitgroup v1.0.0 github.com/shurcooL/githubv4 v0.0.0-20230704064427-599ae7bbf278 github.com/slack-go/slack v0.12.3 @@ -44,7 +44,7 @@ require ( github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 github.com/xanzy/go-gitlab v0.91.1 go.etcd.io/bbolt v1.3.7 - go.uber.org/zap v1.25.0 + go.uber.org/zap v1.26.0 golang.org/x/term v0.12.0 golang.org/x/text v0.13.0 gopkg.in/yaml.v2 v2.4.0 @@ -72,7 +72,6 @@ require ( github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/aymerick/douceur v0.2.0 // indirect - github.com/benbjohnson/clock v1.3.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect diff --git a/go.sum b/go.sum index 2c38c0d0db..d09bea7b4a 100644 --- a/go.sum +++ b/go.sum @@ -67,8 +67,6 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= -github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= -github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -79,10 +77,10 @@ github.com/bradleyfalzon/ghinstallation/v2 v2.7.0 h1:ranXaC3Zz/F6G/f0Joj3LrFp2Oz github.com/bradleyfalzon/ghinstallation/v2 v2.7.0/go.mod h1:ymxfmloxXBFXvvF1KpeUhOQM6Dfz9NYtfvTiJyk82UE= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE= -github.com/bsm/ginkgo/v2 v2.9.5 h1:rtVBYPs3+TC5iLUVOis1B9tjLTup7Cj5IfzosKtvTJ0= -github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= -github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= -github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= +github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs= +github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= +github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= +github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cactus/go-statsd-client/v5 v5.0.0/go.mod h1:COEvJ1E+/E2L4q6QE5CkjWPi4eeDw9maJBMIuMPBZbY= @@ -390,8 +388,8 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY= -github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c= +github.com/redis/go-redis/v9 v9.2.0 h1:zwMdX0A4eVzse46YN18QhuDiM4uf3JmkOB4VZrdt5uI= +github.com/redis/go-redis/v9 v9.2.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -481,8 +479,8 @@ go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= -go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= diff --git a/runatlantis.io/docs/custom-workflows.md b/runatlantis.io/docs/custom-workflows.md index a6ee35ab6a..f46981a620 100644 --- a/runatlantis.io/docs/custom-workflows.md +++ b/runatlantis.io/docs/custom-workflows.md @@ -279,9 +279,11 @@ workflows: name: TF_IN_AUTOMATION value: 'true' - run: - command: terragrunt plan -input=false -out=$PLANFILE - output: strip_refreshing - - run: terragrunt show -json $PLANFILE > $SHOWFILE + # Allow for targetted plans/applies as not supported for Terraform wrappers by default + command: terragrunt plan -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /g' | tr -d '\\') -no-color -out $PLANFILE + output: hide + - run: | + terragrunt show $PLANFILE apply: steps: - env: @@ -292,6 +294,23 @@ workflows: name: TF_IN_AUTOMATION value: 'true' - run: terragrunt apply -input=false $PLANFILE + import: + steps: + - env: + name: TERRAGRUNT_TFPATH + command: 'echo "terraform${DEFAULT_TERRAFORM_VERSION}"' + - env: + name: TF_VAR_author + command: 'git show -s --format="%ae" $HEAD_COMMIT' + # Allow for imports as not supported for Terraform wrappers by default + - run: terragrunt import -input=false $(printf '%s' $COMMENT_ARGS | sed 's/,/ /' | tr -d '\\') + state_rm: + steps: + - env: + name: TERRAGRUNT_TFPATH + command: 'echo "terraform${DEFAULT_TERRAFORM_VERSION}"' + # Allow for state removals as not supported for Terraform wrappers by default + - run: terragrunt state rm $(printf '%s' $COMMENT_ARGS | sed 's/,/ /' | tr -d '\\') ``` If using the repo's `atlantis.yaml` file you would use the following config: diff --git a/runatlantis.io/docs/server-configuration.md b/runatlantis.io/docs/server-configuration.md index ccdd328330..2e9cfe52fd 100644 --- a/runatlantis.io/docs/server-configuration.md +++ b/runatlantis.io/docs/server-configuration.md @@ -989,6 +989,21 @@ Setting this to `false` can be useful in an air-gapped environment where a downl ``` A token for Terraform Cloud/Terraform Enterprise integration. See [Terraform Cloud](terraform-cloud.html) for more details. +### `--use-tf-plugin-cache` +```bash +atlantis server --use-tf-plugin-cache=false +# or +ATLANTIS_USE_TF_PLUGIN_CACHE=false +``` +Set to false if you want to disable terraform plugin cache. + +This flag is useful when having multiple projects that need to run a plan and apply in the same PR to avoid the race condition of `plugin_cache_dir` concurrently, this is a terraform known issue, more info: + +- [plugin_cache_dir concurrently discussion](https://github.com/hashicorp/terraform/issues/31964) +- [PR to improve the situation](https://github.com/hashicorp/terraform/pull/33479) + +The effect of the race condition is more evident when using parallel configuration to run plan and apply, by disabling the use of plugin cache will impact in the performance when starting a new plan or apply, but in large atlantis deployments with multiple projects and shared modules the use of `--parallel_plan` and `--parallel_apply` is mandatory for an efficient managment of the PRs. + ### `--var-file-allowlist` ```bash atlantis server --var-file-allowlist='/path/to/tfvars/dir' diff --git a/server/core/terraform/terraform_client_test.go b/server/core/terraform/terraform_client_test.go index 73251f4aa5..29fccb4579 100644 --- a/server/core/terraform/terraform_client_test.go +++ b/server/core/terraform/terraform_client_test.go @@ -392,7 +392,7 @@ terraform { "<= 1.0": "1.0.0", // cannot use ~> 1.3 or ~> 1.0 since that is a moving target since it will always // resolve to the latest terraform 1.x - "~> 1.3.0": "1.3.9", + "~> 1.3.0": "1.3.10", } type testCase struct { diff --git a/server/server.go b/server/server.go index c93ed170d7..a2410a1315 100644 --- a/server/server.go +++ b/server/server.go @@ -413,7 +413,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) { userConfig.TFDownloadURL, &terraform.DefaultDownloader{}, userConfig.TFDownload, - true, + userConfig.UseTFPluginCache, projectCmdOutputHandler) // The flag.Lookup call is to detect if we're running in a unit test. If we // are, then we don't error out because we don't have/want terraform diff --git a/server/user_config.go b/server/user_config.go index 7104b2df5a..edfc6dd1da 100644 --- a/server/user_config.go +++ b/server/user_config.go @@ -125,6 +125,7 @@ type UserConfig struct { WebPassword string `mapstructure:"web-password"` WriteGitCreds bool `mapstructure:"write-git-creds"` WebsocketCheckOrigin bool `mapstructure:"websocket-check-origin"` + UseTFPluginCache bool `mapstructure:"use-tf-plugin-cache"` } // ToAllowCommandNames parse AllowCommands into a slice of CommandName