From 9e6a4d7321f9f0a1191a477593848b3f8c19e561 Mon Sep 17 00:00:00 2001 From: Rush Soni <17338080+rushrs@users.noreply.github.com> Date: Thu, 2 Nov 2023 20:40:56 +0000 Subject: [PATCH 01/10] Update Terraform Version for Atlantis (#3914) --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 65f809f601..e87dcbc32b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG ALPINE_TAG=3.18.4 ARG DEBIAN_TAG=12.2-slim -ARG DEFAULT_TERRAFORM_VERSION=1.5.7 +ARG DEFAULT_TERRAFORM_VERSION=1.6.3 ARG DEFAULT_CONFTEST_VERSION=0.46.0 # Stage 1: build artifact and download deps @@ -135,7 +135,7 @@ ENV DEFAULT_TERRAFORM_VERSION=${DEFAULT_TERRAFORM_VERSION} # In the official Atlantis image, we only have the latest of each Terraform version. # Each binary is about 80 MB so we limit it to the 4 latest minor releases or fewer -RUN AVAILABLE_TERRAFORM_VERSIONS="1.2.9 1.3.10 1.4.6 ${DEFAULT_TERRAFORM_VERSION}" && \ +RUN AVAILABLE_TERRAFORM_VERSIONS="1.3.10 1.4.6 1.5.7 ${DEFAULT_TERRAFORM_VERSION}" && \ case "${TARGETPLATFORM}" in \ "linux/amd64") TERRAFORM_ARCH=amd64 ;; \ "linux/arm64") TERRAFORM_ARCH=arm64 ;; \ From 1dcf234a6b5198571300f40af1a5f21338beb295 Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Fri, 3 Nov 2023 22:13:19 -0400 Subject: [PATCH 02/10] chore: enable cherry-pick-bot.yml (#3918) https://github.com/googleapis/repo-automation-bots/tree/main/packages/cherry-pick-bot#configuring --- .github/cherry-pick-bot.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/cherry-pick-bot.yml diff --git a/.github/cherry-pick-bot.yml b/.github/cherry-pick-bot.yml new file mode 100644 index 0000000000..1f62315d79 --- /dev/null +++ b/.github/cherry-pick-bot.yml @@ -0,0 +1,2 @@ +enabled: true +preservePullRequestTitle: true From 3056701c6bf8f59fa504469bac9505d679727cff Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Sat, 4 Nov 2023 02:22:12 +0000 Subject: [PATCH 03/10] fix: Update GitLab Pipeline Type Detection to use Head Pipeline Property (#3887) * Fix GitLab Mulitple Pipelines * Add logger to tests and fix test ref * Add retry to GetMergeRequest * Update retries --------- Co-authored-by: PePe Amengual --- server/events/vcs/gitlab_client.go | 39 ++++++++++++++++++------- server/events/vcs/gitlab_client_test.go | 2 +- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/server/events/vcs/gitlab_client.go b/server/events/vcs/gitlab_client.go index d5d89ab529..b159e3d83b 100644 --- a/server/events/vcs/gitlab_client.go +++ b/server/events/vcs/gitlab_client.go @@ -364,19 +364,38 @@ func (g *GitlabClient) UpdateStatus(repo models.Repo, pull models.PullRequest, s gitlabState = gitlab.Success } - mr, err := g.GetMergeRequest(pull.BaseRepo.FullName, pull.Num) - if err != nil { - return err - } - // refTarget is set to current branch if no pipeline is assigned to the commit, - // otherwise it is set to the pipeline created by the merge_request_event rule + // refTarget is set to the head pipeline of the MR if it exists, or else it is set to the head branch + // of the MR. This is needed because the commit status is only shown in the MR if the pipeline is + // assigned to an MR reference. + // Try to get the MR details a couple of times in case the pipeline is not yet assigned to the MR refTarget := pull.HeadBranch - if mr.Pipeline != nil { - switch mr.Pipeline.Source { - case "merge_request_event": - refTarget = fmt.Sprintf("refs/merge-requests/%d/head", pull.Num) + + retries := 1 + delay := 2 * time.Second + var mr *gitlab.MergeRequest + var err error + + for i := 0; i <= retries; i++ { + mr, err = g.GetMergeRequest(pull.BaseRepo.FullName, pull.Num) + if err != nil { + return err + } + if mr.HeadPipeline != nil { + g.logger.Debug("Head pipeline found for merge request %d, source '%s'. refTarget '%s'", + pull.Num, mr.HeadPipeline.Source, mr.HeadPipeline.Ref) + refTarget = mr.HeadPipeline.Ref + break + } + if i != retries { + g.logger.Debug("Head pipeline not found for merge request %d, source '%s'. Retrying in %s", + pull.Num, mr.HeadPipeline.Source, delay) + time.Sleep(delay) + } else { + g.logger.Debug("Head pipeline not found for merge request %d, source '%s'.", + pull.Num, mr.HeadPipeline.Source) } } + _, resp, err := g.Client.Commits.SetCommitStatus(repo.FullName, pull.HeadCommit, &gitlab.SetCommitStatusOptions{ State: gitlabState, Context: gitlab.String(src), diff --git a/server/events/vcs/gitlab_client_test.go b/server/events/vcs/gitlab_client_test.go index be2ac3b9c8..112f35bcc5 100644 --- a/server/events/vcs/gitlab_client_test.go +++ b/server/events/vcs/gitlab_client_test.go @@ -278,7 +278,7 @@ func TestGitlabClient_UpdateStatus(t *testing.T) { body, err := io.ReadAll(r.Body) Ok(t, err) - exp := fmt.Sprintf(`{"state":"%s","ref":"test","context":"src","target_url":"https://google.com","description":"description"}`, c.expState) + exp := fmt.Sprintf(`{"state":"%s","ref":"patch-1-merger","context":"src","target_url":"https://google.com","description":"description"}`, c.expState) Equals(t, exp, string(body)) defer r.Body.Close() // nolint: errcheck w.Write([]byte("{}")) // nolint: errcheck From 1b45fb1ae13032a8a83acd6b026e3dc3df7f1fc9 Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Sat, 4 Nov 2023 02:41:16 +0000 Subject: [PATCH 04/10] fix: When GitHub/GitLab Auto-Merge Is Used with Atlantis Pre Workflow Hooks, the PR will be Merged Prematurely (#3880) * Fix Premature Auto-Merge * Add CommitStatusUpdater to commandRunner --- server/events/command_runner.go | 29 ++++++++++++++++++- .../pre_workflow_hooks_command_runner.go | 18 ++++++++++-- server/server.go | 1 + 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/server/events/command_runner.go b/server/events/command_runner.go index f339ad9129..085d846a9a 100644 --- a/server/events/command_runner.go +++ b/server/events/command_runner.go @@ -15,7 +15,6 @@ package events import ( "fmt" - "github.com/runatlantis/atlantis/server/utils" "strconv" "github.com/google/go-github/v54/github" @@ -28,6 +27,7 @@ import ( "github.com/runatlantis/atlantis/server/logging" "github.com/runatlantis/atlantis/server/metrics" "github.com/runatlantis/atlantis/server/recovery" + "github.com/runatlantis/atlantis/server/utils" tally "github.com/uber-go/tally/v4" gitlab "github.com/xanzy/go-gitlab" ) @@ -128,6 +128,7 @@ type DefaultCommandRunner struct { PullStatusFetcher PullStatusFetcher TeamAllowlistChecker *TeamAllowlistChecker VarFileAllowlistChecker *VarFileAllowlistChecker + CommitStatusUpdater CommitStatusUpdater } // RunAutoplanCommand runs plan and policy_checks when a pull request is opened or updated. @@ -186,6 +187,19 @@ func (c *DefaultCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo if c.FailOnPreWorkflowHookError { ctx.Log.Err("'fail-on-pre-workflow-hook-error' set, so not running %s command.", command.Plan) + + // Update the plan or apply commit status to pending whilst the pre workflow hook is running so that the PR can't be merged. + switch cmd.Name { + case command.Plan: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Plan); err != nil { + ctx.Log.Warn("unable to update plan commit status: %s", err) + } + case command.Apply: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Apply); err != nil { + ctx.Log.Warn("unable to update apply commit status: %s", err) + } + } + return } @@ -317,6 +331,19 @@ func (c *DefaultCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHead if c.FailOnPreWorkflowHookError { ctx.Log.Err("'fail-on-pre-workflow-hook-error' set, so not running %s command.", cmd.Name.String()) + + // Update the plan or apply commit status to pending whilst the pre workflow hook is running so that the PR can't be merged. + switch cmd.Name { + case command.Plan: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Plan); err != nil { + ctx.Log.Warn("unable to update plan commit status: %s", err) + } + case command.Apply: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Apply); err != nil { + ctx.Log.Warn("unable to update apply commit status: %s", err) + } + } + return } diff --git a/server/events/pre_workflow_hooks_command_runner.go b/server/events/pre_workflow_hooks_command_runner.go index 970d280b9b..daa50df8ba 100644 --- a/server/events/pre_workflow_hooks_command_runner.go +++ b/server/events/pre_workflow_hooks_command_runner.go @@ -75,6 +75,18 @@ func (w *DefaultPreWorkflowHooksCommandRunner) RunPreHooks(ctx *command.Context, escapedArgs = escapeArgs(cmd.Flags) } + // Update the plan or apply commit status to pending whilst the pre workflow hook is running + switch cmd.Name { + case command.Plan: + if err := w.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.PendingCommitStatus, command.Plan); err != nil { + ctx.Log.Warn("unable to update plan commit status: %s", err) + } + case command.Apply: + if err := w.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.PendingCommitStatus, command.Apply); err != nil { + ctx.Log.Warn("unable to update apply commit status: %s", err) + } + } + err = w.runHooks( models.WorkflowHookCommandContext{ BaseRepo: baseRepo, @@ -132,7 +144,7 @@ func (w *DefaultPreWorkflowHooksCommandRunner) runHooks( } if err := w.CommitStatusUpdater.UpdatePreWorkflowHook(ctx.Pull, models.PendingCommitStatus, hookDescription, "", url); err != nil { - ctx.Log.Warn("unable to pre workflow hook status: %s", err) + ctx.Log.Warn("unable to update pre workflow hook status: %s", err) return err } @@ -140,13 +152,13 @@ func (w *DefaultPreWorkflowHooksCommandRunner) runHooks( if err != nil { if err := w.CommitStatusUpdater.UpdatePreWorkflowHook(ctx.Pull, models.FailedCommitStatus, hookDescription, runtimeDesc, url); err != nil { - ctx.Log.Warn("unable to pre workflow hook status: %s", err) + ctx.Log.Warn("unable to update pre workflow hook status: %s", err) } return err } if err := w.CommitStatusUpdater.UpdatePreWorkflowHook(ctx.Pull, models.SuccessCommitStatus, hookDescription, runtimeDesc, url); err != nil { - ctx.Log.Warn("unable to pre workflow hook status: %s", err) + ctx.Log.Warn("unable to update pre workflow hook status: %s", err) return err } } diff --git a/server/server.go b/server/server.go index 6f80cb420f..d5c54e8e9e 100644 --- a/server/server.go +++ b/server/server.go @@ -813,6 +813,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) { PullStatusFetcher: backend, TeamAllowlistChecker: githubTeamAllowlistChecker, VarFileAllowlistChecker: varFileAllowlistChecker, + CommitStatusUpdater: commitStatusUpdater, } repoAllowlist, err := events.NewRepoAllowlistChecker(userConfig.RepoAllowlist) if err != nil { From 721313f4d8f2503d3c012eaddef1efb759037800 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 5 Nov 2023 01:06:35 +0000 Subject: [PATCH 05/10] fix(deps): update module github.com/go-playground/validator/v10 to v10.16.0 in go.mod (#3920) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4f886cb54d..e1f7822c62 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/briandowns/spinner v1.23.0 github.com/cactus/go-statsd-client/v5 v5.1.0 github.com/go-ozzo/ozzo-validation v3.6.0+incompatible - github.com/go-playground/validator/v10 v10.15.5 + github.com/go-playground/validator/v10 v10.16.0 github.com/go-test/deep v1.1.0 github.com/golang-jwt/jwt/v5 v5.0.0 github.com/google/go-github/v54 v54.0.0 diff --git a/go.sum b/go.sum index ef849e5bab..f8f329d638 100644 --- a/go.sum +++ b/go.sum @@ -142,8 +142,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24= -github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= +github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE= +github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= From 9c6b8d0a963efda9c08b449f9eb8f1924ea4c729 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 5 Nov 2023 04:06:28 +0000 Subject: [PATCH 06/10] fix(deps): update module github.com/gorilla/mux to v1.8.1 in go.mod (#3921) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e1f7822c62..31ae56e5ec 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/google/go-github/v54 v54.0.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.4.0 - github.com/gorilla/mux v1.8.0 + github.com/gorilla/mux v1.8.1 github.com/gorilla/websocket v1.5.0 github.com/hashicorp/go-getter/v2 v2.2.1 github.com/hashicorp/go-multierror v1.1.1 diff --git a/go.sum b/go.sum index f8f329d638..7e9c1099ec 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= From 886dd96299f3548bcccb546f8fdfa59be7e9fbca Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Sun, 5 Nov 2023 21:41:32 -0500 Subject: [PATCH 07/10] refactor(ci): reduce complexity in required workflows (#3925) * refactor(ci): builds upon work in tests to reduce complexity in requiring workflows * fix: tweaks and missing outputs * fix: make sure the new workflows actually run * fix: consistency with non-required testing image --- .github/workflows/atlantis-image-required.yml | 26 ---------- .github/workflows/atlantis-image.yml | 42 +++++++++++++--- .github/workflows/codeql-required.yml | 40 --------------- .github/workflows/codeql.yml | 45 +++++++++++++---- .github/workflows/lint-required.yml | 32 ------------ .github/workflows/lint.yml | 36 +++++++++++--- .github/workflows/pr-lint.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/test.yml | 10 ++-- .github/workflows/testing-env-image.yml | 38 +++++++++++--- .github/workflows/website-required.yml | 38 -------------- .github/workflows/website.yml | 49 +++++++++++++------ 12 files changed, 173 insertions(+), 187 deletions(-) delete mode 100644 .github/workflows/atlantis-image-required.yml delete mode 100644 .github/workflows/codeql-required.yml delete mode 100644 .github/workflows/lint-required.yml delete mode 100644 .github/workflows/website-required.yml diff --git a/.github/workflows/atlantis-image-required.yml b/.github/workflows/atlantis-image-required.yml deleted file mode 100644 index 28a47bc4c0..0000000000 --- a/.github/workflows/atlantis-image-required.yml +++ /dev/null @@ -1,26 +0,0 @@ -# For required checks when path filtering doesn't trigger the other job -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: atlantis-image - -on: - pull_request: - paths-ignore: - - 'Dockerfile' - - 'docker-entrypoint.sh' - - '.github/workflows/atlantis-image.yml' - - '**.go' - - 'go.*' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - build: - strategy: - matrix: - image_type: [alpine, debian] - runs-on: ubuntu-latest - steps: - - run: 'echo "No build required"' diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 02829ed319..beb9a7b41e 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -4,16 +4,14 @@ on: push: branches: - 'main' + - 'releases-**' tags: - v*.*.* # stable release like, v0.19.2 - v*.*.*-pre.* # pre release like, v0.19.0-pre.calendardate pull_request: - paths: - - 'Dockerfile' - - 'docker-entrypoint.sh' - - '.github/workflows/atlantis-image.yml' - - '**.go' - - 'go.*' + branches: + - 'main' + - 'releases-**' workflow_dispatch: concurrency: @@ -21,7 +19,28 @@ concurrency: cancel-in-progress: true jobs: + changes: + outputs: + should-run-build: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - 'Dockerfile' + - 'docker-entrypoint.sh' + - '.github/workflows/atlantis-image.yml' + - '**.go' + - 'go.*' + build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'true' + name: Build Image strategy: matrix: image_type: [alpine, debian] @@ -123,3 +142,14 @@ jobs: target: ${{ matrix.image_type }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} + + skip-build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'false' + name: Build Image + strategy: + matrix: + image_type: [alpine, debian] + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' \ No newline at end of file diff --git a/.github/workflows/codeql-required.yml b/.github/workflows/codeql-required.yml deleted file mode 100644 index 05736bb69a..0000000000 --- a/.github/workflows/codeql-required.yml +++ /dev/null @@ -1,40 +0,0 @@ -# For required checks when path filtering doesn;'t trigger the other job -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: "CodeQL" - -on: - push: - branches: [ "main" ] - paths-ignore: - - '**.go' - - '**.js' - pull_request: - # The branches below must be a subset of the branches above - types: - - opened - - reopened - - synchronize - - ready_for_review - branches: [ "main" ] - paths-ignore: - - '**.go' - - '**.js' - -jobs: - analyze: - name: Analyze - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'go', 'javascript' ] - - steps: - - run: 'echo "No build required"' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 57eb362445..5903b805de 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,10 +13,9 @@ name: "CodeQL" on: push: - branches: [ "main" ] - paths: - - '**.go' - - '**.js' + branches: + - 'main' + - 'releases-**' pull_request: # The branches below must be a subset of the branches above types: @@ -24,19 +23,34 @@ on: - reopened - synchronize - ready_for_review - branches: [ "main" ] - paths: - - '**.go' - - '**.js' + branches: + - 'main' + - 'releases-**' schedule: - cron: '17 9 * * 5' jobs: + changes: + outputs: + should-run-analyze: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - '**.go' + - '**.js4' + analyze: + needs: [changes] name: Analyze - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest + if: github.event.pull_request.draft == false && needs.changes.outputs.should-run-analyze == 'true' + runs-on: ubuntu-22.04 permissions: actions: read contents: read @@ -87,3 +101,14 @@ jobs: uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}" + + skip-analyze: + needs: [changes] + if: needs.changes.outputs.should-run-analyze == 'false' + name: Analyze + strategy: + matrix: + language: [ 'go', 'javascript' ] + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' diff --git a/.github/workflows/lint-required.yml b/.github/workflows/lint-required.yml deleted file mode 100644 index 6f5451f8d8..0000000000 --- a/.github/workflows/lint-required.yml +++ /dev/null @@ -1,32 +0,0 @@ -# For required checks when path filtering doesn;'t trigger the other job -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: linter - -on: - pull_request: - types: - - opened - - reopened - - synchronize - - ready_for_review - branches: - - "main" - paths-ignore: - - '**.go' - - 'go.*' - - '.github/workflows/lint.yml' - - '.github/workflows/lint-required.yml' - - '.golangci.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - golangci-lint: - if: github.event.pull_request.draft == false - name: runner / golangci-lint - runs-on: ubuntu-22.04 - steps: - - run: 'echo "No build required"' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2b39dec606..805586e53d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,20 +9,34 @@ on: - ready_for_review branches: - "main" - paths: - - '**.go' - - 'go.*' - - '.github/workflows/lint.yml' - - '.golangci.yml' + - 'releases-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: - golangci-lint: + changes: + outputs: + should-run-linting: ${{ steps.changes.outputs.go == 'true' }} if: github.event.pull_request.draft == false - name: runner / golangci-lint + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + go: + - '**.go' + - 'go.*' + - '.github/workflows/lint.yml' + - '.golangci.yml' + + golangci-lint: + needs: [changes] + if: github.event.pull_request.draft == false && needs.changes.outputs.should-run-linting == 'true' + name: Linting runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -30,3 +44,11 @@ jobs: uses: reviewdog/action-golangci-lint@v2 with: tool_name: golangci-lint + + skip-lint: + needs: [changes] + if: needs.changes.outputs.should-run-linting == 'false' + name: Linting + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index d54e174965..e3a5b647ac 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -13,7 +13,7 @@ permissions: jobs: main: name: Validate PR title - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: amannn/action-semantic-pull-request@v5 env: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 979b3428ed..e2ff5c4635 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,7 +4,7 @@ on: - cron: '30 1 * * *' jobs: stale: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/stale@v8 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a5e3cdc137..120dcee826 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,7 +3,8 @@ name: tester on: push: branches: - - "main" + - 'main' + - 'releases-**' pull_request: types: - opened @@ -11,7 +12,8 @@ on: - synchronize - ready_for_review branches: - - "main" + - 'main' + - 'releases-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -36,7 +38,7 @@ jobs: test: needs: [changes] if: needs.changes.outputs.should-run-tests == 'true' - name: runner / gotest + name: Tests runs-on: ubuntu-22.04 container: ghcr.io/runatlantis/testing-env:latest steps: @@ -86,7 +88,7 @@ jobs: skip-test: needs: [changes] if: needs.changes.outputs.should-run-tests == 'false' - name: runner / gotest + name: Tests runs-on: ubuntu-22.04 steps: - run: 'echo "No build required"' diff --git a/.github/workflows/testing-env-image.yml b/.github/workflows/testing-env-image.yml index 4c37a4587a..9658c72877 100644 --- a/.github/workflows/testing-env-image.yml +++ b/.github/workflows/testing-env-image.yml @@ -2,15 +2,13 @@ name: testing-env-image on: push: - paths: - - "testing/**" - - ".github/workflows/testing-env-image.yml" branches: - - "main" + - 'main' + - 'release-**' pull_request: - paths: - - 'testing/**' - - '.github/workflows/testing-env-image.yml' + branches: + - 'main' + - 'release-**' workflow_dispatch: concurrency: @@ -18,7 +16,25 @@ concurrency: cancel-in-progress: true jobs: + changes: + outputs: + should-run-build: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - 'testing/**' + - '.github/workflows/testing-env-image.yml' + build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'true' + name: Build Testing Env Image runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -51,3 +67,11 @@ jobs: tags: | ghcr.io/runatlantis/testing-env:${{env.TODAY}} ghcr.io/runatlantis/testing-env:latest + + skip-build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'false' + name: Build Testing Env Image + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' \ No newline at end of file diff --git a/.github/workflows/website-required.yml b/.github/workflows/website-required.yml deleted file mode 100644 index de35d5c068..0000000000 --- a/.github/workflows/website-required.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: website - -on: - push: - branches: - - "main" - paths-ignore: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' - pull_request: - types: - - opened - - reopened - - synchronize - - ready_for_review - branches: - - "main" - paths-ignore: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - # Check that there's no missing links for the website. - # This job builds the website, starts a server to serve it, and then uses - # muffet (https://github.com/raviqqe/muffet) to perform the link check. - link_check: - if: github.event.pull_request.draft == false - runs-on: ubuntu-22.04 - steps: - - run: 'echo "No testing required"' diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml index 6db5acdf5d..7f8c110336 100644 --- a/.github/workflows/website.yml +++ b/.github/workflows/website.yml @@ -3,12 +3,8 @@ name: website on: push: branches: - - "main" - paths: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' + - 'main' + - 'release-**' pull_request: types: - opened @@ -16,24 +12,39 @@ on: - synchronize - ready_for_review branches: - - "main" - paths: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' + - 'main' + - 'release-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: + changes: + outputs: + should-run-link-check: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - '**.js' + - 'yarn.lock' + - 'package.json' + - '.github/workflows/website.yml' + # Check that the website builds and there's no missing links. # This job builds the website, starts a server to serve it, and then uses # muffet (https://github.com/raviqqe/muffet) to perform the link check. - link_check: - if: github.event.pull_request.draft == false - runs-on: ubuntu-22.04 + link-check: + needs: [changes] + if: github.event.pull_request.draft == false && needs.changes.outputs.should-run-link-check == 'true' + name: Website Link Check + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -68,3 +79,11 @@ jobs: --header 'Accept-Encoding:deflate, gzip' \ --buffer-size 8192 \ http://localhost:8080/ + + skip-link-check: + needs: [changes] + if: needs.changes.outputs.should-run-link-check == 'false' + name: Website Link Check + runs-on: ubuntu-latest + steps: + - run: 'echo "No build required"' \ No newline at end of file From 06e83e8d08d85d90da3a9c4e56b8f868368a64cc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 03:00:00 +0000 Subject: [PATCH 08/10] fix(deps): update module github.com/gorilla/websocket to v1.5.1 in go.mod (#3926) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 31ae56e5ec..b44eaffba5 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.4.0 github.com/gorilla/mux v1.8.1 - github.com/gorilla/websocket v1.5.0 + github.com/gorilla/websocket v1.5.1 github.com/hashicorp/go-getter/v2 v2.2.1 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-version v1.6.0 diff --git a/go.sum b/go.sum index 7e9c1099ec..e6c5f009d0 100644 --- a/go.sum +++ b/go.sum @@ -238,8 +238,8 @@ github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= From 1f2f3531e56bb7fb652f926d35e86de2e9f08f44 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 03:07:52 +0000 Subject: [PATCH 09/10] fix(deps): update module github.com/spf13/cobra to v1.8.0 in go.mod (#3927) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index b44eaffba5..ba0e308847 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( github.com/remeh/sizedwaitgroup v1.0.0 github.com/shurcooL/githubv4 v0.0.0-20230704064427-599ae7bbf278 github.com/slack-go/slack v0.12.3 - github.com/spf13/cobra v1.7.0 + github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.17.0 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index e6c5f009d0..93941c9451 100644 --- a/go.sum +++ b/go.sum @@ -99,7 +99,7 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -423,8 +423,8 @@ github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI= From 5818334a9a3d72a9d1b1690d50e798a6b10d677c Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Sun, 5 Nov 2023 23:20:15 -0500 Subject: [PATCH 10/10] fix(renovate): add release branches to renovate (#3924) * fix(renovate): This fixes renovate to also autoMerge fixes to our release branches so we don't have to cherry-pick them. * fix(renovate): run config validator on release branches too --- .github/renovate.json5 | 1 + .github/workflows/renovate-config.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 3236c6cd7c..1d9b1c1bb9 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -6,6 +6,7 @@ commitMessageSuffix: " in {{packageFile}}", dependencyDashboardAutoclose: true, automerge: true, + baseBranches: ["main", "/^release\-.*/"], platformAutomerge: true, labels: ["dependencies"], postUpdateOptions: [ diff --git a/.github/workflows/renovate-config.yml b/.github/workflows/renovate-config.yml index b41002086a..bb5258df99 100644 --- a/.github/workflows/renovate-config.yml +++ b/.github/workflows/renovate-config.yml @@ -6,6 +6,7 @@ on: - '.github/renovate.json5' branches: - main + - 'releases-**' pull_request: paths: - '.github/renovate.json5' @@ -13,7 +14,7 @@ on: jobs: validate: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4