Merge branch 'main' into renovate/configure

.circleci/config.yml

@@ -2,11 +2,9 @@ version: 2
 jobs:
   test:
     docker:
-    # TODO: fix tests to use ghcr.io/runatlantis/testing-env:2022.11.13
-    - image: ghcr.io/runatlantis/testing-env:2021.08.31
+    - image: ghcr.io/runatlantis/testing-env:2022.11.17
     steps:
     - checkout
-    - run: make test-all
     - run: make check-fmt
     - run: make check-lint
   e2e:
@@ -17,7 +15,7 @@ jobs:
         # We do this instead of setting --default-tf-version because setting
         # that flag starts the download asynchronously so we'd have a race
         # condition.
-        TERRAFORM_VERSION: 1.3.4
+        TERRAFORM_VERSION: 1.3.5
     steps:
     - checkout
     - run: make build-service
@@ -43,7 +41,7 @@ jobs:
     - run: |
         dockerize -wait tcp://localhost:8080 -- \
           muffet \
-            -e 'https://github\.com/runatlantis/atlantis/edit/master/.*' \
+            -e 'https://github\.com/runatlantis/atlantis/edit/main/.*' \
             -e 'https://github.com/runatlantis/helm-charts#customization' \
             --header 'Accept-Encoding:deflate, gzip' \
             --buffer-size 8192 \

.github/ISSUE_TEMPLATE/feature_request.md

@@ -19,7 +19,7 @@ assignees: ''
 
 ---
 
-- [ ] I'd be willing to implement this feature ([contributing guide](https://github.com/runatlantis/atlantis/blob/master/CONTRIBUTING.md))
+- [ ] I'd be willing to implement this feature ([contributing guide](https://github.com/runatlantis/atlantis/blob/main/CONTRIBUTING.md))
 
 **Describe the user story**
 <!--

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,24 @@
+## what
+
+<!--
+* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
+* Use bullet points to be concise and to the point.
+-->
+
+
+## why
+
+<!--
+* Provide the justifications for the changes (e.g. business case). 
+* Describe why these changes were made (e.g. why do these commits fix the problem?)
+* Use bullet points to be concise and to the point.
+-->
+
+
+## references
+
+<!--
+* Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). 
+* Use `closes #123`, if this PR closes a GitHub issue `#123`
+-->
+

.github/workflows/atlantis-base.yml

@@ -6,7 +6,7 @@ on:
       - 'docker-base/**'
       - '.github/workflows/atlantis-base.yml'
     branches:
-      - "master"
+      - "main"
   pull_request:
     paths:
       - 'docker-base/**'
@@ -49,6 +49,7 @@ jobs:
       with:
         context: docker-base
         platforms: linux/arm64/v8,linux/amd64,linux/arm/v7
+        pull: true
         push: ${{ github.event_name != 'pull_request' }}
         tags: |
           ghcr.io/${{ github.repository_owner }}/atlantis-base:${{env.TODAY}}

.github/workflows/atlantis-image.yml

@@ -3,7 +3,7 @@ name: atlantis-image
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
     tags:
       - v*.*.* # stable release like, v0.19.2
       - v*.*.*-pre.* # pre release like, v0.19.0-pre.calendardate
@@ -20,6 +20,9 @@ concurrency:
 jobs:
   build:
     runs-on: ubuntu-22.04
+    env:
+      RELEASE_TYPE: ${{ contains(github.ref, 'pre') && 'pre' || 'stable' }}
+      RELEASE_TAG: ${{ contains(github.ref, 'pre') && 'prerelease-latest' || 'latest' }}
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-go@v3
@@ -49,33 +52,28 @@ jobs:
       with:
         context: .
         platforms: linux/arm64/v8,linux/amd64,linux/arm/v7
+        pull: true
         push: ${{ github.event_name != 'pull_request' }}
         tags: |
           ghcr.io/${{ github.repository_owner }}/atlantis:dev
 
     # Publish release to container registry
     - name: populate release version
-      if: ${{ contains(fromJson('["push", "pull_request"]'), github.event_name) && startsWith(github.ref, 'refs/tags/') }}
+      if: |
+        contains(fromJson('["push", "pull_request"]'), github.event_name) &&
+        startsWith(github.ref, 'refs/tags/')
       run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
-    - name: Build and push atlantis:${{ env.RELEASE_VERSION }} image for pre release
-      if: ${{ contains(fromJson('["push", "pull_request"]'), github.event_name) && startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-pre.') }}
+    - name: "Build and push atlantis:${{ env.RELEASE_VERSION }} image for ${{ env.RELEASE_TYPE }} release"
+      if: |
+        contains(fromJson('["push", "pull_request"]'), github.event_name) &&
+        startsWith(github.ref, 'refs/tags/')
       uses: docker/build-push-action@v3
       with:
         context: .
         platforms: linux/arm64/v8,linux/amd64,linux/arm/v7
+        pull: true
         push: ${{ github.event_name != 'pull_request' }}
         tags: |
           ghcr.io/${{ github.repository_owner }}/atlantis:${{ env.RELEASE_VERSION }}
-          ghcr.io/${{ github.repository_owner }}/atlantis:prerelease-latest
-
-    - name: Build and push atlantis:${{ env.RELEASE_VERSION }} image for stable release
-      if: ${{ contains(fromJson('["push", "pull_request"]'), github.event_name) && startsWith(github.ref, 'refs/tags/') && (!contains(github.ref, '-pre.')) }}
-      uses: docker/build-push-action@v3
-      with:
-        context: .
-        platforms: linux/arm64/v8,linux/amd64,linux/arm/v7
-        push: ${{ github.event_name != 'pull_request' }}
-        tags: |
-          ghcr.io/${{ github.repository_owner }}/atlantis:${{ env.RELEASE_VERSION }}
-          ghcr.io/${{ github.repository_owner }}/atlantis:latest
+          ghcr.io/${{ github.repository_owner }}/atlantis:${{ env.RELEASE_TAG }}

.github/workflows/ci-link-checker-image.yml

@@ -5,7 +5,7 @@ on:
     paths:
       - '.github/website_link_checker/**'
     branches:
-      - "master"
+      - "main"
   workflow_dispatch:
 
 concurrency:

.github/workflows/lint.yml

@@ -1,13 +1,24 @@
 name: linter
 
-on: [pull_request]
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+    branches:
+      - "main"
+    paths-ignore:
+      - 'runatlantis.io/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
   golangci-lint:
+    if: github.event.pull_request.draft == false
     name: runner / golangci-lint
     runs-on: ubuntu-22.04
     steps:
@@ -20,6 +31,7 @@ jobs:
 
   # Use revive via golangci-lint binary with "warning" level.
   revive:
+    if: github.event.pull_request.draft == false
     name: runner / revive
     runs-on: ubuntu-22.04
     steps:
@@ -34,6 +46,7 @@ jobs:
 
   # You can add more and more supported linters with different config.
   errcheck:
+    if: github.event.pull_request.draft == false
     name: runner / errcheck
     runs-on: ubuntu-22.04
     steps:

.github/workflows/release.yml

@@ -35,7 +35,7 @@ jobs:
         echo "::set-output name=RELEASE_TAG::${GITHUB_REF#refs/tags/}"
         gh api repos/$GITHUB_REPOSITORY/releases/generate-notes \
           -f tag_name="${GITHUB_REF#refs/tags/}" \
-          -f target_commitish=master \
+          -f target_commitish=main \
           -q .body > tmp-CHANGELOG.md
       env:
         GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/test.yml

@@ -3,22 +3,31 @@ name: tester
 on:
   push:
     branches:
-      - "master"
+      - "main"
+    paths-ignore:
+      - 'runatlantis.io/**'
   pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
     branches:
-      - "master"
+      - "main"
+    paths-ignore:
+      - 'runatlantis.io/**'
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
   test:
+    if: github.event.pull_request.draft == false
     name: runner / gotest
     runs-on: ubuntu-22.04
-    container: ghcr.io/runatlantis/testing-env:2021.08.31
+    container: ghcr.io/runatlantis/testing-env:2022.11.17
     steps:
-      # user in image needs write access to do anything
-      - name: setup
-        run: sudo chmod -R 777 $GITHUB_WORKSPACE /github /__w/_temp
       - uses: actions/[email protected]
       - run: make test-all

.github/workflows/testing-env-image.yml

@@ -6,7 +6,7 @@ on:
       - "testing/**"
       - ".github/workflows/testing-env-image.yml"
     branches:
-      - "master"
+      - "main"
   pull_request:
     paths:
       - 'testing/**'
@@ -45,6 +45,7 @@ jobs:
       with:
         context: testing
         platforms: linux/arm64/v8,linux/amd64,linux/arm/v7
+        pull: true
         push: ${{ github.event_name != 'pull_request' }}
         tags: |
            ghcr.io/runatlantis/testing-env:${{env.TODAY}}

CHANGELOG.md

@@ -1,3 +1,11 @@
+# v0.21.0
+
+Bugfixes and new Features
+
+## What's Changed
+
+https://github.com/runatlantis/atlantis/releases/tag/v0.21.0
+
 # v0.20.1
 
 Bugfixes and new Features
@@ -1723,7 +1731,7 @@ These are the changes in detail:
     ```
 
     The `w` group permission was added so that in OpenShift, the random uid can write
-    their own login entry (https://github.com/runatlantis/atlantis/blob/master/docker-entrypoint.sh#L28)
+    their own login entry (https://github.com/runatlantis/atlantis/blob/main/docker-entrypoint.sh#L28)
     which is required because `terraform` expects the running user to have an entry
     in `/etc/passwd`.
 
@@ -2466,7 +2474,7 @@ None
 assume role session with the GitHub username of the user running the Atlantis command
 use the `atlantis_user` terraform variable alongside Terraform's
 [built-in support](https://www.terraform.io/docs/providers/aws/#assume-role) for assume role
-(see https://github.com/runatlantis/atlantis/blob/master/README.md#assume-role-session-names)
+(see https://github.com/runatlantis/atlantis/blob/main/README.md#assume-role-session-names)
 * Atlantis has a docker image now ([#123](https://github.com/hootsuite/atlantis/pull/123)). Here is how you can try it out:
 
 ```bash

CONTRIBUTING.md

@@ -11,12 +11,12 @@
 * When sending lengthy log-files, consider posting them as a gist (https://gist.github.com). Don't forget to remove sensitive data from your logfiles before posting (you can replace those parts with "REDACTED").
 
 # Reporting Security Issues
-We take security issues seriously. Please email us directly at security [at] runatlantis.io instead of opening an issue.
+We take security issues seriously. Please report a security vulnerability to the maintainers using [private vulnerability reporting](https://github.com/runatlantis/atlantis/security/advisories/new).
 
 # Updating The Website
 * To view the generated website locally, run `yarn website:dev` and then
 open your browser to http://localhost:8080.
-* The website will be regenerated when your pull request is merged to master.
+* The website will be regenerated when your pull request is merged to main.
 
 # Developing
 
@@ -78,7 +78,7 @@ docker run --rm -v $(pwd):/go/src/github.com/runatlantis/atlantis -w /go/src/git
 
 ## Calling Your Local Atlantis From GitHub
 - Create a test terraform repository in your GitHub.
-- Create a personal access token for Atlantis. See [Create a GitHub token](https://github.com/runatlantis/atlantis/tree/master/runatlantis.io/docs/access-credentials.md#generating-an-access-token).
+- Create a personal access token for Atlantis. See [Create a GitHub token](https://github.com/runatlantis/atlantis/tree/main/runatlantis.io/docs/access-credentials.md#generating-an-access-token).
 - Start Atlantis in server mode using that token:
 ```
 atlantis server --gh-user <your username> --gh-token <your token> --repo-allowlist <your repo> --gh-webhook-secret <your webhook secret> --log-level debug
@@ -88,7 +88,7 @@ atlantis server --gh-user <your username> --gh-token <your token> --repo-allowli
 ```
 ngrok http 4141
 ```
-- Create a Webhook in your repo and use the `https` url that `ngrok` printed out after running `ngrok http 4141`. Be sure to append `/events` so your webhook url looks something like `https://efce3bcd.ngrok.io/events`. See [Add GitHub Webhook](https://github.com/runatlantis/atlantis/blob/master/runatlantis.io/docs/configuring-webhooks.md#configuring-webhooks).
+- Create a Webhook in your repo and use the `https` url that `ngrok` printed out after running `ngrok http 4141`. Be sure to append `/events` so your webhook url looks something like `https://efce3bcd.ngrok.io/events`. See [Add GitHub Webhook](https://github.com/runatlantis/atlantis/blob/main/runatlantis.io/docs/configuring-webhooks.md#configuring-webhooks).
 - Create a pull request and type `atlantis help`. You should see the request in the `ngrok` and Atlantis logs and you should also see Atlantis comment back.
 
 ## Code Style
@@ -163,15 +163,15 @@ go get github.com/petergtz/pegomock/...
 # Creating a New Release
 1. Update version number in `main.go`.
 1. Update image tag version in the [kustomize/bundle.yaml](kustomize/bundle.yaml).
-1. Update `CHANGELOG.md` with latest release number and information (this URL might be useful: https://github.com/runatlantis/atlantis/compare/v0.3.5...master)
-1. Create a pull request and merge to master
-1. Check out master and fetch latest
+1. Update `CHANGELOG.md` with latest release number and information (this URL might be useful: https://github.com/runatlantis/atlantis/compare/v0.3.5...main)
+1. Create a pull request and merge to main
+1. Check out main and fetch latest
 1. Run `make release`
     1. If you get `signal: killed` errors, bump up your Docker resources to have more memory, e.g. 6 G.B.
 1. Go to https://github.com/runatlantis/atlantis/releases and click "Draft a new release"
     1. Prefix version with `v`
     1. The title of the release is the same as the tag (ex. v0.2.2)
     1. Fill in description by copying from the CHANGELOG just without the Downloads section
     1. Drag in binaries made with `make release`
-1. Re-run master branch build to ensure tag gets pushed to Github: https://github.com/runatlantis/atlantis/pkgs/container/atlantis
+1. Re-run main branch build to ensure tag gets pushed to Github: https://github.com/runatlantis/atlantis/pkgs/container/atlantis
 1. Update the default version in `Chart.yaml` in [the official Helm chart](https://github.com/runatlantis/helm-charts/blob/main/charts/atlantis/values.yaml).

Dockerfile

@@ -7,17 +7,17 @@ RUN CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -v -o atlantis .
 
 # Stage 2
 # The runatlantis/atlantis-base is created by docker-base/Dockerfile.
-FROM ghcr.io/runatlantis/atlantis-base:2022.11.13 AS base
+FROM ghcr.io/runatlantis/atlantis-base:2022.11.24 AS base
 
 # Get the architecture the image is being built for
 ARG TARGETPLATFORM
 
 # install terraform binaries
-ENV DEFAULT_TERRAFORM_VERSION=1.3.4
+ENV DEFAULT_TERRAFORM_VERSION=1.3.5
 
 # In the official Atlantis image we only have the latest of each Terraform version.
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN AVAILABLE_TERRAFORM_VERSIONS="0.11.15 0.12.31 0.13.7 0.14.11 0.15.5 1.0.11 1.1.9 1.2.9 ${DEFAULT_TERRAFORM_VERSION}" && \
+RUN AVAILABLE_TERRAFORM_VERSIONS="1.0.11 1.1.9 1.2.9 ${DEFAULT_TERRAFORM_VERSION}" && \
     case "${TARGETPLATFORM}" in \
         "linux/amd64") TERRAFORM_ARCH=amd64 ;; \
         "linux/arm64") TERRAFORM_ARCH=arm64 ;; \