From 68b10da2f27b0b206d579ad3a75dc1fdbea85b0b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Sep 2023 01:32:16 +0000 Subject: [PATCH 01/79] fix(deps): update module github.com/redis/go-redis/v9 to v9.2.1 in go.mod (#3798) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 96a7805cce..32c0812dfc 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/petergtz/pegomock/v4 v4.0.0 github.com/pkg/errors v0.9.1 - github.com/redis/go-redis/v9 v9.2.0 + github.com/redis/go-redis/v9 v9.2.1 github.com/remeh/sizedwaitgroup v1.0.0 github.com/shurcooL/githubv4 v0.0.0-20230704064427-599ae7bbf278 github.com/slack-go/slack v0.12.3 diff --git a/go.sum b/go.sum index d66e918f22..035b1c9e3f 100644 --- a/go.sum +++ b/go.sum @@ -388,8 +388,8 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/redis/go-redis/v9 v9.2.0 h1:zwMdX0A4eVzse46YN18QhuDiM4uf3JmkOB4VZrdt5uI= -github.com/redis/go-redis/v9 v9.2.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= +github.com/redis/go-redis/v9 v9.2.1 h1:WlYJg71ODF0dVspZZCpYmoF1+U1Jjk9Rwd7pq6QmlCg= +github.com/redis/go-redis/v9 v9.2.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= From d9d6ff6588a5b050c5be9d6a51d2dda0d166b152 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 29 Sep 2023 01:53:05 +0000 Subject: [PATCH 02/79] chore(deps): update alpine docker tag to v3.18.4 in dockerfile (#3801) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b1c6406426..abfbbd86a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 # what distro is the image being built for -ARG ALPINE_TAG=3.18.3 +ARG ALPINE_TAG=3.18.4 ARG DEBIAN_TAG=12.1-slim # Stage 1: build artifact and download deps From 8c86e439274409f9cb706405f0c896bcf7cc33ef Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 30 Sep 2023 02:24:25 +0000 Subject: [PATCH 03/79] fix(deps): update module github.com/hashicorp/golang-lru/v2 to v2.0.7 in go.mod (#3803) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 32c0812dfc..1bbc50bb5e 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/hashicorp/go-getter/v2 v2.2.1 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-version v1.6.0 - github.com/hashicorp/golang-lru/v2 v2.0.6 + github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d github.com/kr/pretty v0.3.1 github.com/mcdafydd/go-azuredevops v0.12.1 diff --git a/go.sum b/go.sum index 035b1c9e3f..1e217ecfee 100644 --- a/go.sum +++ b/go.sum @@ -261,8 +261,8 @@ github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mO github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru/v2 v2.0.6 h1:3xi/Cafd1NaoEnS/yDssIiuVeDVywU0QdFGl3aQaQHM= -github.com/hashicorp/golang-lru/v2 v2.0.6/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= +github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= +github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.18.0 h1:wYnG7Lt31t2zYkcquwgKo6MWXzRUDIeIVU5naZwHLl8= From 010e1e6bc3b759b7d04c752c28b694209869a099 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 02:35:10 +0000 Subject: [PATCH 04/79] fix(deps): update module github.com/xanzy/go-gitlab to v0.92.3 in go.mod (#3804) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1bbc50bb5e..a419c80648 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/uber-go/tally/v4 v4.1.7 github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 - github.com/xanzy/go-gitlab v0.92.1 + github.com/xanzy/go-gitlab v0.92.3 go.etcd.io/bbolt v1.3.7 go.uber.org/zap v1.26.0 golang.org/x/term v0.12.0 diff --git a/go.sum b/go.sum index 1e217ecfee..1216f65d19 100644 --- a/go.sum +++ b/go.sum @@ -453,8 +453,8 @@ github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/J github.com/urfave/negroni/v3 v3.0.0/go.mod h1:jWvnX03kcSjDBl/ShB0iHvx5uOs7mAzZXW+JvJ5XYAs= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 h1:be5WC0FHdhimAhe2G3DPhduX117RM8qdTMYCMHDt4DM= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997/go.mod h1:saryXNaL624mlulV138FP+HhVw7IpvETUXLS3nTvH1g= -github.com/xanzy/go-gitlab v0.92.1 h1:4HfRQtGtGd1M/Xn3G6hOikfWaysL7/G6y4EEzVKINPs= -github.com/xanzy/go-gitlab v0.92.1/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.92.3 h1:bMtUHSV5BIhKeka6RyjLOOMZ31byVGDN5pGWmqBsIUs= +github.com/xanzy/go-gitlab v0.92.3/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From fe126560da48337b3d7817ae9e842fda2c57c139 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 00:42:49 +0000 Subject: [PATCH 05/79] chore(deps): update dependency open-policy-agent/conftest to v0.46.0 in dockerfile (#3805) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index abfbbd86a2..aa44f0e74c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,7 +60,7 @@ WORKDIR /tmp/build # install conftest # renovate: datasource=github-releases depName=open-policy-agent/conftest -ENV DEFAULT_CONFTEST_VERSION=0.45.0 +ENV DEFAULT_CONFTEST_VERSION=0.46.0 SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN AVAILABLE_CONFTEST_VERSIONS=${DEFAULT_CONFTEST_VERSION} && \ case ${TARGETPLATFORM} in \ From 4bf3a3b34dac17a81048645a907e2fd04410d6a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 00:24:39 +0000 Subject: [PATCH 06/79] chore(deps): update dependency open-policy-agent/conftest to v0.46.0 in testing/dockerfile (#3809) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- testing/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/Dockerfile b/testing/Dockerfile index 22527bf5f8..762ee7fd9b 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -16,7 +16,7 @@ RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH # Install conftest # renovate: datasource=github-releases depName=open-policy-agent/conftest -ENV CONFTEST_VERSION=0.45.0 +ENV CONFTEST_VERSION=0.46.0 SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN case $(uname -m) in x86_64|amd64) ARCH="x86_64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \ curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_${ARCH}.tar.gz && \ From 604c42a86340cd95a9539a3fa92ce80b7251a041 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 05:15:20 +0000 Subject: [PATCH 07/79] fix(deps): update module github.com/go-playground/validator/v10 to v10.15.5 in go.mod (#3808) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a419c80648..16295256da 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/briandowns/spinner v1.23.0 github.com/cactus/go-statsd-client/v5 v5.1.0 github.com/go-ozzo/ozzo-validation v3.6.0+incompatible - github.com/go-playground/validator/v10 v10.15.4 + github.com/go-playground/validator/v10 v10.15.5 github.com/go-test/deep v1.1.0 github.com/golang-jwt/jwt/v5 v5.0.0 github.com/google/go-github/v54 v54.0.0 diff --git a/go.sum b/go.sum index 1216f65d19..f919ca8de0 100644 --- a/go.sum +++ b/go.sum @@ -144,8 +144,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.15.4 h1:zMXza4EpOdooxPel5xDqXEdXG5r+WggpvnAKMsalBjs= -github.com/go-playground/validator/v10 v10.15.4/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= +github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24= +github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= From ee7ab5cc3bfb08fe4dbe8e8e592cb7d0f36dcd11 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Oct 2023 02:25:34 +0000 Subject: [PATCH 08/79] fix(deps): update module github.com/uber-go/tally/v4 to v4.1.9 in go.mod (#3813) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 16295256da..2ffdd2ba9e 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.8.4 - github.com/uber-go/tally/v4 v4.1.7 + github.com/uber-go/tally/v4 v4.1.9 github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 github.com/xanzy/go-gitlab v0.92.3 diff --git a/go.sum b/go.sum index f919ca8de0..12efd33b32 100644 --- a/go.sum +++ b/go.sum @@ -445,8 +445,8 @@ github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNG github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg= github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= -github.com/uber-go/tally/v4 v4.1.7 h1:YiKvvMKCCXlCKXI0i1hVk+xda8YxdIpjeFXohpvn8Zo= -github.com/uber-go/tally/v4 v4.1.7/go.mod h1:pPR56rjthjtLB8xQlEx2I1VwAwRGCh/i4xMUcmG+6z4= +github.com/uber-go/tally/v4 v4.1.9 h1:AorgM0Ix5aCjSSE0SyKLC4JUQE439d64i3ayxEEYeTs= +github.com/uber-go/tally/v4 v4.1.9/go.mod h1:pPR56rjthjtLB8xQlEx2I1VwAwRGCh/i4xMUcmG+6z4= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/JhU= From 65743d8ef4011366230de5414a264cfc5c768fbf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Oct 2023 01:50:34 +0000 Subject: [PATCH 09/79] chore(deps): update golang docker tag to v1.21.2 in testing/dockerfile (#3818) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- testing/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index aa44f0e74c..ebdef0a75a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ ARG DEBIAN_TAG=12.1-slim # Stage 1: build artifact and download deps -FROM golang:1.21.1-alpine AS builder +FROM golang:1.21.2-alpine AS builder ARG ATLANTIS_VERSION=dev ENV ATLANTIS_VERSION=${ATLANTIS_VERSION} diff --git a/testing/Dockerfile b/testing/Dockerfile index 762ee7fd9b..22a64589c8 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.1 +FROM golang:1.21.2 RUN apt-get update && apt-get --no-install-recommends -y install unzip \ && apt-get clean \ From 6d3aef294e166948131a61fa232fca28b9aa205f Mon Sep 17 00:00:00 2001 From: moogly81 Date: Fri, 6 Oct 2023 03:53:15 +0200 Subject: [PATCH 10/79] feat: set default tf & conftest env vars for apline (#3806) * Allow DEFAULT_CONFTEST_VERSION and DEFAULT_TERRAFORM_VERSION in alpine image * update go image to pass build test --------- Co-authored-by: Damien Sonney --- Dockerfile | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ebdef0a75a..6354beebc3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,9 @@ ARG ALPINE_TAG=3.18.4 ARG DEBIAN_TAG=12.1-slim +ARG DEFAULT_TERRAFORM_VERSION=1.5.7 +ARG DEFAULT_CONFTEST_VERSION=0.46.0 + # Stage 1: build artifact and download deps FROM golang:1.21.2-alpine AS builder @@ -14,6 +17,11 @@ ENV ATLANTIS_COMMIT=${ATLANTIS_COMMIT} ARG ATLANTIS_DATE=unknown ENV ATLANTIS_DATE=${ATLANTIS_DATE} +ARG DEFAULT_TERRAFORM_VERSION +ENV DEFAULT_TERRAFORM_VERSION=${DEFAULT_TERRAFORM_VERSION} +ARG DEFAULT_CONFTEST_VERSION +ENV DEFAULT_CONFTEST_VERSION=${DEFAULT_CONFTEST_VERSION} + WORKDIR /app # This is needed to download transitive dependencies instead of compiling them @@ -60,7 +68,8 @@ WORKDIR /tmp/build # install conftest # renovate: datasource=github-releases depName=open-policy-agent/conftest -ENV DEFAULT_CONFTEST_VERSION=0.46.0 +ARG DEFAULT_CONFTEST_VERSION +ENV DEFAULT_CONFTEST_VERSION=${DEFAULT_CONFTEST_VERSION} SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN AVAILABLE_CONFTEST_VERSIONS=${DEFAULT_CONFTEST_VERSION} && \ case ${TARGETPLATFORM} in \ @@ -121,7 +130,8 @@ RUN case ${TARGETPLATFORM} in \ # install terraform binaries # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp -ENV DEFAULT_TERRAFORM_VERSION=1.5.7 +ARG DEFAULT_TERRAFORM_VERSION +ENV DEFAULT_TERRAFORM_VERSION=${DEFAULT_TERRAFORM_VERSION} # In the official Atlantis image, we only have the latest of each Terraform version. # Each binary is about 80 MB so we limit it to the 4 latest minor releases or fewer From 271b51e493309a01809c22eece04b222bdeb99c1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Oct 2023 04:12:36 +0000 Subject: [PATCH 11/79] fix(deps): update module github.com/hashicorp/hcl/v2 to v2.18.1 in go.mod (#3819) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2ffdd2ba9e..50fd0df39c 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/hashicorp/hcl/v2 v2.18.0 + github.com/hashicorp/hcl/v2 v2.18.1 github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29 // indirect diff --git a/go.sum b/go.sum index 12efd33b32..92fb0c5850 100644 --- a/go.sum +++ b/go.sum @@ -265,8 +265,8 @@ github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl/v2 v2.18.0 h1:wYnG7Lt31t2zYkcquwgKo6MWXzRUDIeIVU5naZwHLl8= -github.com/hashicorp/hcl/v2 v2.18.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= +github.com/hashicorp/hcl/v2 v2.18.1 h1:6nxnOJFku1EuSawSD81fuviYUV8DxFr3fp2dUi3ZYSo= +github.com/hashicorp/hcl/v2 v2.18.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d h1:g6kHlvZrFPFKeWRj5q/zyJA5gu7rlJGPf17h8hX7LHY= github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d/go.mod h1:l8HcFPm9cQh6Q0KSWoYPiePqMvRFenybP1CH2MjKdlg= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= From 64f7d2e1a193b1582eba4def26ceec9119e68020 Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Fri, 6 Oct 2023 14:37:07 +0100 Subject: [PATCH 12/79] feat: Add Targeted Execution to the Pre/Post Workflow Hooks (#3708) * Add Workflow hook target filter * Fix post workflow hook example * Update WokrflowHook in global_cfg * Fix linting --------- Co-authored-by: PePe Amengual --- runatlantis.io/docs/post-workflow-hooks.md | 21 +++ runatlantis.io/docs/pre-workflow-hooks.md | 21 +++ server/core/config/raw/workflow_step.go | 1 + server/core/config/valid/global_cfg.go | 1 + .../post_workflow_hooks_command_runner.go | 10 ++ ...post_workflow_hooks_command_runner_test.go | 139 +++++++++++++++-- .../pre_workflow_hooks_command_runner.go | 10 ++ .../pre_workflow_hooks_command_runner_test.go | 140 ++++++++++++++++-- 8 files changed, 321 insertions(+), 22 deletions(-) diff --git a/runatlantis.io/docs/post-workflow-hooks.md b/runatlantis.io/docs/post-workflow-hooks.md index f980ac112a..aca89a08aa 100644 --- a/runatlantis.io/docs/post-workflow-hooks.md +++ b/runatlantis.io/docs/post-workflow-hooks.md @@ -13,6 +13,27 @@ back to the PR as a comment. Post workflow hooks can only be specified in the Server-Side Repo Config under the `repos` key. +## Atlantis Command Targetting + +By default, the workflow hook will run when any command is processed by Atlantis. +This can be modified by specifying the `commands` key in the workflow hook containing a comma delimited list +of Atlantis commands that the hook should be run for. Detail of the Atlantis commands +can be found in [Using Atlantis](using-atlantis.md). + +### Example + +```yaml +repos: + - id: /.*/ + post_workflow_hooks: + - run: ./plan-hook.sh + description: Plan Hook + commands: plan + - run: ./plan-apply-hook.sh + description: Plan & Apply Hook + commands: plan, apply +``` + ## Use Cases ### Cost estimation reporting diff --git a/runatlantis.io/docs/pre-workflow-hooks.md b/runatlantis.io/docs/pre-workflow-hooks.md index 08f14e351d..9087be24c7 100644 --- a/runatlantis.io/docs/pre-workflow-hooks.md +++ b/runatlantis.io/docs/pre-workflow-hooks.md @@ -23,6 +23,27 @@ behavior can be changed by setting the [fail-on-pre-workflow-hook-error](server- flag in the Atlantis server configuration. ::: +## Atlantis Command Targetting + +By default, the workflow hook will run when any command is processed by Atlantis. +This can be modified by specifying the `commands` key in the workflow hook containing a comma delimited list +of Atlantis commands that the hook should be run for. Detail of the Atlantis commands +can be found in [Using Atlantis](using-atlantis.md). + +### Example + +```yaml +repos: + - id: /.*/ + pre_workflow_hooks: + - run: ./plan-hook.sh + description: Plan Hook + commands: plan + - run: ./plan-apply-hook.sh + description: Plan & Apply Hook + commands: plan, apply +``` + ## Use Cases ### Dynamic Repo Config Generation diff --git a/server/core/config/raw/workflow_step.go b/server/core/config/raw/workflow_step.go index 16a4268b05..3a6411136e 100644 --- a/server/core/config/raw/workflow_step.go +++ b/server/core/config/raw/workflow_step.go @@ -78,6 +78,7 @@ func (s WorkflowHook) ToValid() *valid.WorkflowHook { StepDescription: s.StringVal["description"], Shell: s.StringVal["shell"], ShellArgs: s.StringVal["shellArgs"], + Commands: s.StringVal["commands"], } } diff --git a/server/core/config/valid/global_cfg.go b/server/core/config/valid/global_cfg.go index a62625db92..e4a47c39cd 100644 --- a/server/core/config/valid/global_cfg.go +++ b/server/core/config/valid/global_cfg.go @@ -111,6 +111,7 @@ type WorkflowHook struct { StepDescription string Shell string ShellArgs string + Commands string } // DefaultApplyStage is the Atlantis default apply stage. diff --git a/server/events/post_workflow_hooks_command_runner.go b/server/events/post_workflow_hooks_command_runner.go index 6d8f7f5b4b..6af9d6a499 100644 --- a/server/events/post_workflow_hooks_command_runner.go +++ b/server/events/post_workflow_hooks_command_runner.go @@ -2,6 +2,7 @@ package events import ( "fmt" + "strings" "github.com/google/uuid" "github.com/runatlantis/atlantis/server/core/config/valid" @@ -108,6 +109,15 @@ func (w *DefaultPostWorkflowHooksCommandRunner) runHooks( hookDescription = fmt.Sprintf("Post workflow hook #%d", i) } + ctx.Log.Debug("Processing post workflow hook '%s', Command '%s', Target commands [%s]", + hookDescription, ctx.CommandName, hook.Commands) + if hook.Commands != "" && !strings.Contains(hook.Commands, ctx.CommandName) { + ctx.Log.Debug("Skipping post workflow hook '%s' as command '%s' is not in Commands [%s]", + hookDescription, ctx.CommandName, hook.Commands) + continue + } + + ctx.Log.Debug("Running post workflow hook: '%s'", hookDescription) ctx.HookID = uuid.NewString() shell := hook.Shell if shell == "" { diff --git a/server/events/post_workflow_hooks_command_runner_test.go b/server/events/post_workflow_hooks_command_runner_test.go index 3a6a2a3e86..38cd5ee9ec 100644 --- a/server/events/post_workflow_hooks_command_runner_test.go +++ b/server/events/post_workflow_hooks_command_runner_test.go @@ -84,6 +84,18 @@ func TestRunPostHooks_Clone(t *testing.T) { ShellArgs: "-ce", } + testHookWithPlanCommand := valid.WorkflowHook{ + StepName: "test4", + RunCommand: "echo test4", + Commands: "plan", + } + + testHookWithPlanApplyCommands := valid.WorkflowHook{ + StepName: "test5", + RunCommand: "echo test5", + Commands: "plan, apply", + } + repoDir := "path/to/repo" result := "some result" runtimeDesc := "" @@ -99,10 +111,14 @@ func TestRunPostHooks_Clone(t *testing.T) { CommandName: "plan", } - cmd := &events.CommentCommand{ + planCmd := &events.CommentCommand{ Name: command.Plan, } + applyCmd := &events.CommentCommand{ + Name: command.Apply, + } + t.Run("success hooks in cfg", func(t *testing.T) { postWorkflowHooksSetup(t) @@ -129,7 +145,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(whPostWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Ok(t, err) whPostWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -157,7 +173,7 @@ func TestRunPostHooks_Clone(t *testing.T) { postWh.GlobalCfg = globalCfg - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Ok(t, err) @@ -184,7 +200,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(postWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(func() {}, errors.New("some error")) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Assert(t, err != nil, "error not nil") postWhWorkingDir.VerifyWasCalled(Never()).Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace) @@ -216,7 +232,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(postWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) When(postWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, errors.New("some error")) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Assert(t, err != nil, "error not nil") @@ -251,7 +267,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(whPostWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, errors.New("some error")) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Assert(t, err != nil, "error not nil") Assert(t, *unlockCalled == true, "unlock function called") @@ -276,7 +292,7 @@ func TestRunPostHooks_Clone(t *testing.T) { }, } - cmd := &events.CommentCommand{ + planCmd := &events.CommentCommand{ Name: command.Plan, Flags: []string{"comment", "args"}, } @@ -291,7 +307,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(whPostWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Ok(t, err) whPostWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -325,7 +341,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(whPostWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHookWithShell.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Ok(t, err) whPostWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -359,7 +375,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(whPostWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Ok(t, err) whPostWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -393,7 +409,7 @@ func TestRunPostHooks_Clone(t *testing.T) { When(whPostWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHookWithShellandShellArgs.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := postWh.RunPostHooks(ctx, cmd) + err := postWh.RunPostHooks(ctx, planCmd) Ok(t, err) whPostWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -401,4 +417,105 @@ func TestRunPostHooks_Clone(t *testing.T) { Assert(t, *unlockCalled == true, "unlock function called") }) + t.Run("Commands 'plan' set on webhook and plan command", func(t *testing.T) { + preWorkflowHooksSetup(t) + + var unlockCalled = newBool(false) + unlockFn := func() { + unlockCalled = newBool(true) + } + + globalCfg := valid.GlobalCfg{ + Repos: []valid.Repo{ + { + ID: testdata.GithubRepo.ID(), + PreWorkflowHooks: []*valid.WorkflowHook{ + &testHookWithPlanCommand, + }, + }, + }, + } + + preWh.GlobalCfg = globalCfg + + When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) + When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, nil) + When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) + + err := preWh.RunPreHooks(ctx, planCmd) + + Ok(t, err) + whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir)) + Assert(t, *unlockCalled == true, "unlock function called") + }) + + t.Run("Commands 'plan' set on webhook and non-plan command", func(t *testing.T) { + preWorkflowHooksSetup(t) + + var unlockCalled = newBool(false) + unlockFn := func() { + unlockCalled = newBool(true) + } + + globalCfg := valid.GlobalCfg{ + Repos: []valid.Repo{ + { + ID: testdata.GithubRepo.ID(), + PreWorkflowHooks: []*valid.WorkflowHook{ + &testHookWithPlanCommand, + }, + }, + }, + } + + preWh.GlobalCfg = globalCfg + + When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) + When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, nil) + When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) + + err := preWh.RunPreHooks(ctx, applyCmd) + + Ok(t, err) + whPreWorkflowHookRunner.VerifyWasCalled(Never()).Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir)) + Assert(t, *unlockCalled == true, "unlock function called") + }) + + t.Run("Commands 'plan, apply' set on webhook and plan command", func(t *testing.T) { + preWorkflowHooksSetup(t) + + var unlockCalled = newBool(false) + unlockFn := func() { + unlockCalled = newBool(true) + } + + globalCfg := valid.GlobalCfg{ + Repos: []valid.Repo{ + { + ID: testdata.GithubRepo.ID(), + PreWorkflowHooks: []*valid.WorkflowHook{ + &testHookWithPlanApplyCommands, + }, + }, + }, + } + + preWh.GlobalCfg = globalCfg + + When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) + When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, nil) + When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanApplyCommands.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) + + err := preWh.RunPreHooks(ctx, planCmd) + + Ok(t, err) + whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanApplyCommands.RunCommand), Any[string](), Any[string](), Eq(repoDir)) + Assert(t, *unlockCalled == true, "unlock function called") + }) } diff --git a/server/events/pre_workflow_hooks_command_runner.go b/server/events/pre_workflow_hooks_command_runner.go index 5777f2a429..970d280b9b 100644 --- a/server/events/pre_workflow_hooks_command_runner.go +++ b/server/events/pre_workflow_hooks_command_runner.go @@ -2,6 +2,7 @@ package events import ( "fmt" + "strings" "github.com/google/uuid" "github.com/runatlantis/atlantis/server/core/config/valid" @@ -105,6 +106,15 @@ func (w *DefaultPreWorkflowHooksCommandRunner) runHooks( hookDescription = fmt.Sprintf("Pre workflow hook #%d", i) } + ctx.Log.Debug("Processing pre workflow hook '%s', Command '%s', Target commands [%s]", + hookDescription, ctx.CommandName, hook.Commands) + if hook.Commands != "" && !strings.Contains(hook.Commands, ctx.CommandName) { + ctx.Log.Debug("Skipping pre workflow hook '%s' as command '%s' is not in Commands [%s]", + hookDescription, ctx.CommandName, hook.Commands) + continue + } + + ctx.Log.Debug("Running pre workflow hook: '%s'", hookDescription) ctx.HookID = uuid.NewString() shell := hook.Shell if shell == "" { diff --git a/server/events/pre_workflow_hooks_command_runner_test.go b/server/events/pre_workflow_hooks_command_runner_test.go index 540c22a816..3156797f86 100644 --- a/server/events/pre_workflow_hooks_command_runner_test.go +++ b/server/events/pre_workflow_hooks_command_runner_test.go @@ -87,6 +87,18 @@ func TestRunPreHooks_Clone(t *testing.T) { ShellArgs: "-ce", } + testHookWithPlanCommand := valid.WorkflowHook{ + StepName: "test4", + RunCommand: "echo test4", + Commands: "plan", + } + + testHookWithPlanApplyCommands := valid.WorkflowHook{ + StepName: "test5", + RunCommand: "echo test5", + Commands: "plan, apply", + } + repoDir := "path/to/repo" result := "some result" runtimeDesc := "" @@ -101,10 +113,14 @@ func TestRunPreHooks_Clone(t *testing.T) { CommandName: "plan", } - cmd := &events.CommentCommand{ + planCmd := &events.CommentCommand{ Name: command.Plan, } + applyCmd := &events.CommentCommand{ + Name: command.Apply, + } + t.Run("success hooks in cfg", func(t *testing.T) { preWorkflowHooksSetup(t) @@ -131,7 +147,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Ok(t, err) whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -160,7 +176,7 @@ func TestRunPreHooks_Clone(t *testing.T) { preWh.GlobalCfg = globalCfg - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Ok(t, err) @@ -187,7 +203,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(func() {}, errors.New("some error")) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Assert(t, err != nil, "error not nil") preWhWorkingDir.VerifyWasCalled(Never()).Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace) @@ -218,7 +234,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, errors.New("some error")) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Assert(t, err != nil, "error not nil") @@ -252,7 +268,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, errors.New("some error")) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Assert(t, err != nil, "error not nil") Assert(t, *unlockCalled == true, "unlock function called") @@ -277,7 +293,7 @@ func TestRunPreHooks_Clone(t *testing.T) { }, } - cmd := &events.CommentCommand{ + planCmd := &events.CommentCommand{ Name: command.Plan, Flags: []string{"comment", "args"}, } @@ -291,7 +307,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, nil) When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Ok(t, err) whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Eq(defaultShell), Eq(defaultShellArgs), Eq(repoDir)) @@ -324,7 +340,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHookWithShell.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Ok(t, err) whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -358,7 +374,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHook.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Ok(t, err) whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -392,7 +408,7 @@ func TestRunPreHooks_Clone(t *testing.T) { When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), Eq(testHookWithShellandShellArgs.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) - err := preWh.RunPreHooks(ctx, cmd) + err := preWh.RunPreHooks(ctx, planCmd) Ok(t, err) whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), @@ -400,4 +416,106 @@ func TestRunPreHooks_Clone(t *testing.T) { Eq(testHookWithShellandShellArgs.ShellArgs), Eq(repoDir)) Assert(t, *unlockCalled == true, "unlock function called") }) + + t.Run("Commands 'plan' set on webhook and plan command", func(t *testing.T) { + preWorkflowHooksSetup(t) + + var unlockCalled = newBool(false) + unlockFn := func() { + unlockCalled = newBool(true) + } + + globalCfg := valid.GlobalCfg{ + Repos: []valid.Repo{ + { + ID: testdata.GithubRepo.ID(), + PreWorkflowHooks: []*valid.WorkflowHook{ + &testHookWithPlanCommand, + }, + }, + }, + } + + preWh.GlobalCfg = globalCfg + + When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) + When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, nil) + When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) + + err := preWh.RunPreHooks(ctx, planCmd) + + Ok(t, err) + whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir)) + Assert(t, *unlockCalled == true, "unlock function called") + }) + + t.Run("Commands 'plan' set on webhook and non-plan command", func(t *testing.T) { + preWorkflowHooksSetup(t) + + var unlockCalled = newBool(false) + unlockFn := func() { + unlockCalled = newBool(true) + } + + globalCfg := valid.GlobalCfg{ + Repos: []valid.Repo{ + { + ID: testdata.GithubRepo.ID(), + PreWorkflowHooks: []*valid.WorkflowHook{ + &testHookWithPlanCommand, + }, + }, + }, + } + + preWh.GlobalCfg = globalCfg + + When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) + When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, nil) + When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) + + err := preWh.RunPreHooks(ctx, applyCmd) + + Ok(t, err) + whPreWorkflowHookRunner.VerifyWasCalled(Never()).Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanCommand.RunCommand), Any[string](), Any[string](), Eq(repoDir)) + Assert(t, *unlockCalled == true, "unlock function called") + }) + + t.Run("Commands 'plan, apply' set on webhook and plan command", func(t *testing.T) { + preWorkflowHooksSetup(t) + + var unlockCalled = newBool(false) + unlockFn := func() { + unlockCalled = newBool(true) + } + + globalCfg := valid.GlobalCfg{ + Repos: []valid.Repo{ + { + ID: testdata.GithubRepo.ID(), + PreWorkflowHooks: []*valid.WorkflowHook{ + &testHookWithPlanApplyCommands, + }, + }, + }, + } + + preWh.GlobalCfg = globalCfg + + When(preWhWorkingDirLocker.TryLock(testdata.GithubRepo.FullName, newPull.Num, events.DefaultWorkspace, events.DefaultRepoRelDir)).ThenReturn(unlockFn, nil) + When(preWhWorkingDir.Clone(testdata.GithubRepo, newPull, events.DefaultWorkspace)).ThenReturn(repoDir, false, nil) + When(whPreWorkflowHookRunner.Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanApplyCommands.RunCommand), Any[string](), Any[string](), Eq(repoDir))).ThenReturn(result, runtimeDesc, nil) + + err := preWh.RunPreHooks(ctx, planCmd) + + Ok(t, err) + whPreWorkflowHookRunner.VerifyWasCalledOnce().Run(Any[models.WorkflowHookCommandContext](), + Eq(testHookWithPlanApplyCommands.RunCommand), Any[string](), Any[string](), Eq(repoDir)) + Assert(t, *unlockCalled == true, "unlock function called") + }) } From cf2b7911f45e6a3f26a2c3243eb7d578c29c33f3 Mon Sep 17 00:00:00 2001 From: Vincent <106497818+vincentgna@users.noreply.github.com> Date: Fri, 6 Oct 2023 21:10:40 +0700 Subject: [PATCH 13/79] feat: Add project depends on functionality (#3821) * feat: implemented the code for the depends on functionnality * chore: Address PR comments --------- Co-authored-by: Luay-Sol --- runatlantis.io/docs/depends-on.md | 21 ++++ server/core/config/raw/project.go | 8 ++ server/core/config/valid/global_cfg.go | 5 +- server/core/config/valid/repo_cfg.go | 1 + server/events/command/project_context.go | 9 ++ server/events/command_requirement_handler.go | 18 +++ .../command_requirement_handler_test.go | 107 ++++++++++++++++++ .../mocks/mock_command_requirement_handler.go | 19 ++++ .../events/project_command_context_builder.go | 9 +- server/events/project_command_runner.go | 5 + 10 files changed, 197 insertions(+), 5 deletions(-) create mode 100644 runatlantis.io/docs/depends-on.md diff --git a/runatlantis.io/docs/depends-on.md b/runatlantis.io/docs/depends-on.md new file mode 100644 index 0000000000..ae0d059f54 --- /dev/null +++ b/runatlantis.io/docs/depends-on.md @@ -0,0 +1,21 @@ +# Depends_on Argument +[[toc]] + +## Description +The depends_on argument allow you to enforce dependencies between projects. Use the depends_on argument to handle cases +where require one project to be applied prior to the other. + +## What Happens if one or more project's dependencies are not applied? +If there's one or more projects in the dependency list is not in an applied status, users will see an error if they try +to run `atlantis apply`. + +### Usage +1. In `atlantis.yaml` file specify the `depends_on` key under the project config: + #### atlantis.yaml + ```yaml + version: 3 + projects: + - dir: . + name: project-2 + depends_on: [project-1] + ``` diff --git a/server/core/config/raw/project.go b/server/core/config/raw/project.go index 12eb6a2b33..f331c64483 100644 --- a/server/core/config/raw/project.go +++ b/server/core/config/raw/project.go @@ -31,6 +31,7 @@ type Project struct { PlanRequirements []string `yaml:"plan_requirements,omitempty"` ApplyRequirements []string `yaml:"apply_requirements,omitempty"` ImportRequirements []string `yaml:"import_requirements,omitempty"` + DependsOn []string `yaml:"depends_on,omitempty"` DeleteSourceBranchOnMerge *bool `yaml:"delete_source_branch_on_merge,omitempty"` RepoLocking *bool `yaml:"repo_locking,omitempty"` ExecutionOrderGroup *int `yaml:"execution_order_group,omitempty"` @@ -73,12 +74,17 @@ func (p Project) Validate() error { return errors.Wrapf(err, "parsing: %s", branch) } + Dependencies := func(value interface{}) error { + return nil + } + return validation.ValidateStruct(&p, validation.Field(&p.Dir, validation.Required, validation.By(hasDotDot)), validation.Field(&p.PlanRequirements, validation.By(validPlanReq)), validation.Field(&p.ApplyRequirements, validation.By(validApplyReq)), validation.Field(&p.ImportRequirements, validation.By(validImportReq)), validation.Field(&p.TerraformVersion, validation.By(VersionValidator)), + validation.Field(&p.DependsOn, validation.By(Dependencies)), validation.Field(&p.Name, validation.By(validName)), validation.Field(&p.Branch, validation.By(branchValid)), ) @@ -122,6 +128,8 @@ func (p Project) ToValid() valid.Project { v.Name = p.Name + v.DependsOn = p.DependsOn + if p.DeleteSourceBranchOnMerge != nil { v.DeleteSourceBranchOnMerge = p.DeleteSourceBranchOnMerge } diff --git a/server/core/config/valid/global_cfg.go b/server/core/config/valid/global_cfg.go index e4a47c39cd..937211c00e 100644 --- a/server/core/config/valid/global_cfg.go +++ b/server/core/config/valid/global_cfg.go @@ -17,10 +17,7 @@ const PoliciesPassedCommandReq = "policies_passed" const PlanRequirementsKey = "plan_requirements" const ApplyRequirementsKey = "apply_requirements" const ImportRequirementsKey = "import_requirements" -const PreWorkflowHooksKey = "pre_workflow_hooks" const WorkflowKey = "workflow" -const PostWorkflowHooksKey = "post_workflow_hooks" -const AllowedWorkflowsKey = "allowed_workflows" const AllowedOverridesKey = "allowed_overrides" const AllowCustomWorkflowsKey = "allow_custom_workflows" const DefaultWorkflowName = "default" @@ -90,6 +87,7 @@ type MergedProjectCfg struct { ImportRequirements []string Workflow Workflow AllowedWorkflows []string + DependsOn []string RepoRelDir string Workspace string Name string @@ -380,6 +378,7 @@ func (g GlobalCfg) MergeProjectCfg(log logging.SimpleLogging, repoID string, pro Workflow: workflow, RepoRelDir: proj.Dir, Workspace: proj.Workspace, + DependsOn: proj.DependsOn, Name: proj.GetName(), AutoplanEnabled: proj.Autoplan.Enabled, TerraformVersion: proj.TerraformVersion, diff --git a/server/core/config/valid/repo_cfg.go b/server/core/config/valid/repo_cfg.go index 7f6f28f344..6929fd42b3 100644 --- a/server/core/config/valid/repo_cfg.go +++ b/server/core/config/valid/repo_cfg.go @@ -131,6 +131,7 @@ type Project struct { PlanRequirements []string ApplyRequirements []string ImportRequirements []string + DependsOn []string DeleteSourceBranchOnMerge *bool RepoLocking *bool ExecutionOrderGroup int diff --git a/server/events/command/project_context.go b/server/events/command/project_context.go index ec6acea34a..5afbe145ac 100644 --- a/server/events/command/project_context.go +++ b/server/events/command/project_context.go @@ -57,6 +57,13 @@ type ProjectContext struct { // If the pull request branch is from the same repository then HeadRepo will // be the same as BaseRepo. HeadRepo models.Repo + // DependsOn are a list of project that this project relies on + // their apply status. These projects must be applied first. + // + // Atlantis uses this information to valid the apply + // orders and to warn the user if they're applying a project that + // depends on other projects. + DependsOn []string // Log is a logger that's been set up for this context. Log logging.SimpleLogging // Scope is the scope for reporting stats setup for this context @@ -67,6 +74,8 @@ type ProjectContext struct { ProjectPlanStatus models.ProjectPlanStatus // ProjectPolicyStatus is the status of policy sets of the current project prior to this command. ProjectPolicyStatus []models.PolicySetStatus + // PullStatus is the current status of a pull request that is in progress. + PullStatus *models.PullStatus // Pull is the pull request we're responding to. Pull models.PullRequest // ProjectName is the name of the project set in atlantis.yaml. If there was diff --git a/server/events/command_requirement_handler.go b/server/events/command_requirement_handler.go index 8af12bec54..20ee61aee1 100644 --- a/server/events/command_requirement_handler.go +++ b/server/events/command_requirement_handler.go @@ -1,13 +1,17 @@ package events import ( + "fmt" + "github.com/runatlantis/atlantis/server/core/config/raw" "github.com/runatlantis/atlantis/server/core/config/valid" "github.com/runatlantis/atlantis/server/events/command" + "github.com/runatlantis/atlantis/server/events/models" ) //go:generate pegomock generate --package mocks -o mocks/mock_command_requirement_handler.go CommandRequirementHandler type CommandRequirementHandler interface { + ValidateProjectDependencies(ctx command.ProjectContext) (string, error) ValidatePlanProject(repoDir string, ctx command.ProjectContext) (string, error) ValidateApplyProject(repoDir string, ctx command.ProjectContext) (string, error) ValidateImportProject(repoDir string, ctx command.ProjectContext) (string, error) @@ -65,6 +69,20 @@ func (a *DefaultCommandRequirementHandler) ValidateApplyProject(repoDir string, return "", nil } +func (a *DefaultCommandRequirementHandler) ValidateProjectDependencies(ctx command.ProjectContext) (failure string, err error) { + for _, dependOnProject := range ctx.DependsOn { + + for _, project := range ctx.PullStatus.Projects { + + if project.ProjectName == dependOnProject && project.Status != models.AppliedPlanStatus { + return fmt.Sprintf("Can't apply your project unless you apply its dependencies: [%s]", project.ProjectName), nil + } + } + } + + return "", nil +} + func (a *DefaultCommandRequirementHandler) ValidateImportProject(repoDir string, ctx command.ProjectContext) (failure string, err error) { for _, req := range ctx.ImportRequirements { switch req { diff --git a/server/events/command_requirement_handler_test.go b/server/events/command_requirement_handler_test.go index 7a9891b07c..86f318825f 100644 --- a/server/events/command_requirement_handler_test.go +++ b/server/events/command_requirement_handler_test.go @@ -207,6 +207,113 @@ func TestAggregateApplyRequirements_ValidateApplyProject(t *testing.T) { } } +func TestRequirements_ValidateProjectDependencies(t *testing.T) { + tests := []struct { + name string + ctx command.ProjectContext + setup func(workingDir *mocks.MockWorkingDir) + wantFailure string + wantErr assert.ErrorAssertionFunc + }{ + { + name: "pass no dependencies", + ctx: command.ProjectContext{}, + wantErr: assert.NoError, + }, + { + name: "pass all dependencies applied", + ctx: command.ProjectContext{ + DependsOn: []string{"project1"}, + PullStatus: &models.PullStatus{ + Projects: []models.ProjectStatus{ + { + ProjectName: "project1", + Status: models.AppliedPlanStatus, + }, + }, + }, + }, + wantErr: assert.NoError, + }, + { + name: "Fail all dependencies are not applied", + ctx: command.ProjectContext{ + DependsOn: []string{"project1", "project2"}, + PullStatus: &models.PullStatus{ + Projects: []models.ProjectStatus{ + { + ProjectName: "project1", + Status: models.PlannedPlanStatus, + }, + { + ProjectName: "project2", + Status: models.ErroredApplyStatus, + }, + }, + }, + }, + wantFailure: "Can't apply your project unless you apply its dependencies: [project1]", + wantErr: assert.NoError, + }, + { + name: "Fail one of dependencies is not applied", + ctx: command.ProjectContext{ + DependsOn: []string{"project1", "project2"}, + PullStatus: &models.PullStatus{ + Projects: []models.ProjectStatus{ + { + ProjectName: "project1", + Status: models.AppliedPlanStatus, + }, + { + ProjectName: "project2", + Status: models.ErroredApplyStatus, + }, + }, + }, + }, + wantFailure: "Can't apply your project unless you apply its dependencies: [project2]", + wantErr: assert.NoError, + }, + { + name: "Fail one of dependencies is not applied", + ctx: command.ProjectContext{ + DependsOn: []string{"project1", "project2", "project3"}, + PullStatus: &models.PullStatus{ + Projects: []models.ProjectStatus{ + { + ProjectName: "project1", + Status: models.AppliedPlanStatus, + }, + { + ProjectName: "project2", + Status: models.ErroredApplyStatus, + }, + { + ProjectName: "project3", + Status: models.PlannedPlanStatus, + }, + }, + }, + }, + wantFailure: "Can't apply your project unless you apply its dependencies: [project2]", + wantErr: assert.NoError, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + RegisterMockTestingT(t) + workingDir := mocks.NewMockWorkingDir() + a := &events.DefaultCommandRequirementHandler{WorkingDir: workingDir} + gotFailure, err := a.ValidateProjectDependencies(tt.ctx) + if !tt.wantErr(t, err, fmt.Sprintf("ValidateProjectDependencies(%v)", tt.ctx)) { + return + } + assert.Equalf(t, tt.wantFailure, gotFailure, "ValidateProjectDependencies(%v)", tt.ctx) + }) + } +} + func TestAggregateApplyRequirements_ValidateImportProject(t *testing.T) { repoDir := "repoDir" fullRequirements := []string{ diff --git a/server/events/mocks/mock_command_requirement_handler.go b/server/events/mocks/mock_command_requirement_handler.go index 8b6dd3c775..aeee17ae83 100644 --- a/server/events/mocks/mock_command_requirement_handler.go +++ b/server/events/mocks/mock_command_requirement_handler.go @@ -125,6 +125,25 @@ func (verifier *VerifierMockCommandRequirementHandler) ValidateApplyProject(repo return &MockCommandRequirementHandler_ValidateApplyProject_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations} } +func (mock *MockCommandRequirementHandler) ValidateProjectDependencies(_param0 command.ProjectContext) (string, error) { + if mock == nil { + panic("mock must not be nil. Use myMock := NewMockCommandRequirementHandler().") + } + params := []pegomock.Param{_param0} + result := pegomock.GetGenericMockFrom(mock).Invoke("ValidateProjectDependencies", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()}) + var ret0 string + var ret1 error + if len(result) != 0 { + if result[0] != nil { + ret0 = result[0].(string) + } + if result[1] != nil { + ret1 = result[1].(error) + } + } + return ret0, ret1 +} + type MockCommandRequirementHandler_ValidateApplyProject_OngoingVerification struct { mock *MockCommandRequirementHandler methodInvocations []pegomock.MethodInvocation diff --git a/server/events/project_command_context_builder.go b/server/events/project_command_context_builder.go index 2170bfb8e2..317e8516a1 100644 --- a/server/events/project_command_context_builder.go +++ b/server/events/project_command_context_builder.go @@ -144,6 +144,7 @@ func (cb *DefaultProjectCommandContextBuilder) BuildProjectContext( abortOnExcecutionOrderFail, ctx.Scope, ctx.PullRequestStatus, + ctx.PullStatus, ) projectCmds = append(projectCmds, projectCmdContext) @@ -215,6 +216,7 @@ func (cb *PolicyCheckProjectCommandContextBuilder) BuildProjectContext( abortOnExcecutionOrderFail, ctx.Scope, ctx.PullRequestStatus, + ctx.PullStatus, )) } @@ -238,7 +240,8 @@ func newProjectCommandContext(ctx *command.Context, verbose bool, abortOnExcecutionOrderFail bool, scope tally.Scope, - pullStatus models.PullReqStatus, + pullReqStatus models.PullReqStatus, + pullStatus *models.PullStatus, ) command.ProjectContext { var projectPlanStatus models.ProjectPlanStatus @@ -274,6 +277,7 @@ func newProjectCommandContext(ctx *command.Context, ParallelApplyEnabled: parallelApplyEnabled, ParallelPlanEnabled: parallelPlanEnabled, ParallelPolicyCheckEnabled: parallelPlanEnabled, + DependsOn: projCfg.DependsOn, AutoplanEnabled: projCfg.AutoplanEnabled, Steps: steps, HeadRepo: ctx.HeadRepo, @@ -296,7 +300,8 @@ func newProjectCommandContext(ctx *command.Context, PolicySets: policySets, PolicySetTarget: ctx.PolicySet, ClearPolicyApproval: ctx.ClearPolicyApproval, - PullReqStatus: pullStatus, + PullReqStatus: pullReqStatus, + PullStatus: pullStatus, JobID: uuid.New().String(), ExecutionOrderGroup: projCfg.ExecutionOrderGroup, AbortOnExcecutionOrderFail: abortOnExcecutionOrderFail, diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go index 6b938b2b95..1e8e2fe315 100644 --- a/server/events/project_command_runner.go +++ b/server/events/project_command_runner.go @@ -598,6 +598,11 @@ func (p *DefaultProjectCommandRunner) doApply(ctx command.ProjectContext) (apply return "", failure, err } + failure, err = p.CommandRequirementHandler.ValidateProjectDependencies(ctx) + if failure != "" || err != nil { + return "", failure, err + } + // Acquire internal lock for the directory we're going to operate in. unlockFn, err := p.WorkingDirLocker.TryLock(ctx.Pull.BaseRepo.FullName, ctx.Pull.Num, ctx.Workspace, ctx.RepoRelDir) if err != nil { From 22060fe5d23bbd147c59490f1ea980aa1a5364fa Mon Sep 17 00:00:00 2001 From: Brett Galkowski Date: Fri, 6 Oct 2023 07:57:29 -0700 Subject: [PATCH 14/79] feat: Add option allowing usage of custom policy check tools (#3765) * Adding new flag everywhere relevant, implementing policy result workaround * Fixing unit test str matching, adding custom policy conditional to step_runner * Adding documentation steps for custom policy tools * Refactoring ConftestOutput attribute to PolicyOutput --- runatlantis.io/docs/custom-policy-checks.md | 45 +++++++++++++++++ runatlantis.io/docs/policy-checking.md | 2 +- .../docs/repo-level-atlantis-yaml.md | 6 ++- .../docs/server-side-repo-config.md | 12 ++++- server/core/config/parser_validator_test.go | 3 +- server/core/config/raw/global_cfg.go | 6 ++- server/core/config/raw/project.go | 5 ++ server/core/config/valid/global_cfg.go | 28 +++++++++-- server/core/config/valid/global_cfg_test.go | 49 +++++++++++++------ server/core/config/valid/repo_cfg.go | 2 + server/core/runtime/policy/conftest_client.go | 8 +-- .../runtime/policy/conftest_client_test.go | 10 ++-- server/core/runtime/run_step_runner.go | 8 ++- server/events/command/project_context.go | 2 + server/events/markdown_renderer_test.go | 42 ++++++++-------- server/events/models/models.go | 14 +++--- server/events/models/models_test.go | 16 +++--- .../events/project_command_context_builder.go | 1 + server/events/project_command_runner.go | 19 +++++-- server/events/templates/policy_check.tmpl | 2 +- 20 files changed, 200 insertions(+), 80 deletions(-) create mode 100644 runatlantis.io/docs/custom-policy-checks.md diff --git a/runatlantis.io/docs/custom-policy-checks.md b/runatlantis.io/docs/custom-policy-checks.md new file mode 100644 index 0000000000..769558910d --- /dev/null +++ b/runatlantis.io/docs/custom-policy-checks.md @@ -0,0 +1,45 @@ +# Custom Policy Checks +If you want to run custom policy tools or scripts instead of the built-in Conftest integration, you can do so by setting the `custom_policy_check` option and running it in a custom workflow. Note: custom policy tool output is simply parsed for "fail" substrings to determine if the policy set passed. + +This option can be configured either at the server-level in a [repos.yaml config file](server-configuration.md) or at the repo-level in an [atlantis.yaml file.](repo-level-atlantis-yaml.md). + +## Server-side config example +Set the `policy_check` and `custom_policy_check` options to true, and run the custom tool in the policy check steps as seen below. No + +```yaml +repos: + - id: /.*/ + branch: /^main$/ + apply_requirements: [mergeable, undiverged, approved] + policy_check: true + custom_policy_check: true + workflow: custom +workflows: + custom: + policy_check: + steps: + - show + - run: cnspec scan terraform plan $SHOWFILE --policy-bundle example-cnspec-policies.mql.yaml +policies: + owners: + users: + - example_ghuser + policy_sets: + - name: example-set + path: example-cnspec-policies.mql.yaml + source: local +``` + + +## Repo-level atlantis.yaml example +First, you will need to ensure `custom_policy_check` is within the `allowed_overrides` field of the server-side config. Next, just set the custom option to true on the specific project you want as shown in the example `atlantis.yaml` below: + +```yaml +version: 3 +projects: + - name: example + dir: ./example + custom_policy_check: true + autoplan: + when_modified: ["*.tf"] +``` \ No newline at end of file diff --git a/runatlantis.io/docs/policy-checking.md b/runatlantis.io/docs/policy-checking.md index 2530c5969f..c996ef7ee0 100644 --- a/runatlantis.io/docs/policy-checking.md +++ b/runatlantis.io/docs/policy-checking.md @@ -187,7 +187,7 @@ When the policy check workflow runs, a file is created in the working directory [ { "PolicySetName": "policy1", - "ConftestOutput": "", + "PolicyOutput": "", "Passed": false, "ReqApprovals": 1, "CurApprovals": 0 diff --git a/runatlantis.io/docs/repo-level-atlantis-yaml.md b/runatlantis.io/docs/repo-level-atlantis-yaml.md index c3908ea89d..890569c2a7 100644 --- a/runatlantis.io/docs/repo-level-atlantis-yaml.md +++ b/runatlantis.io/docs/repo-level-atlantis-yaml.md @@ -59,6 +59,7 @@ projects: terraform_version: v0.11.0 delete_source_branch_on_merge: true repo_locking: true + custom_policy_check: false autoplan: when_modified: ["*.tf", "../modules/**/*.tf", ".terraform.lock.hcl"] enabled: true @@ -311,6 +312,7 @@ workspace: myworkspace execution_order_group: 0 delete_source_branch_on_merge: false repo_locking: true +custom_policy_check: false autoplan: terraform_version: 0.11.0 plan_requirements: ["approved"] @@ -327,7 +329,9 @@ workflow: myworkflow | workspace | string | `"default"` | no | The [Terraform workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for this project. Atlantis will switch to this workplace when planning/applying and will create it if it doesn't exist. | | execution_order_group | int | `0` | no | Index of execution order group. Projects will be sort by this field before planning/applying. | | delete_source_branch_on_merge | bool | `false` | no | Automatically deletes the source branch on merge. | -| repo_locking | bool | `true` | no | Get a repository lock in this project when plan. | +| repo_locking | bool | `true` | no | Get a repository lock in this project when plan. + +| custom_policy_check | bool | `false` | no | Enable using policy check tools other than Conftest | | autoplan | [Autoplan](#autoplan) | none | no | A custom autoplan configuration. If not specified, will use the autoplan config. See [Autoplanning](autoplanning.html). | | terraform_version | string | none | no | A specific Terraform version to use when running commands for this project. Must be [Semver compatible](https://semver.org/), ex. `v0.11.0`, `0.12.0-beta1`. | | plan_requirements
*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis plan` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | diff --git a/runatlantis.io/docs/server-side-repo-config.md b/runatlantis.io/docs/server-side-repo-config.md index 83cd3ddc5a..01d8a175aa 100644 --- a/runatlantis.io/docs/server-side-repo-config.md +++ b/runatlantis.io/docs/server-side-repo-config.md @@ -54,7 +54,7 @@ repos: # allowed_overrides specifies which keys can be overridden by this repo in # its atlantis.yaml file. - allowed_overrides: [apply_requirements, workflow, delete_source_branch_on_merge, repo_locking] + allowed_overrides: [apply_requirements, workflow, delete_source_branch_on_merge, repo_locking, custom_policy_check] # allowed_workflows specifies which workflows the repos that match # are allowed to select. @@ -73,6 +73,10 @@ repos: # If true (default), atlantis try to get a lock. repo_locking: true + # custom_policy_check defines whether policy checking tools besides Conftest are enabled in checks + # If false (default), only Conftest JSON output is allowed + custom_policy_check: false + # pre_workflow_hooks defines arbitrary list of scripts to execute before workflow execution. pre_workflow_hooks: - run: my-pre-workflow-hook-command arg1 @@ -340,6 +344,9 @@ unless you've created your own server-side workflow with that key (overriding it See [Custom Workflows](custom-workflows.html) for more details on writing custom workflows. +### Allow Using Custom Policy Tools +Conftest is the standard policy check application integrated with Atlantis, but custom tools can still be run in custom workflows when the `custom_policy_check` option is set. See the [Custom Policy Checks page](custom-policy-checks.md) for detailed examples. + ### Allow Repos To Define Their Own Workflows If you want repos to be able to define their own workflows you need to allow them to override the `workflow` key and set `allow_custom_workflows` to `true`. @@ -482,12 +489,13 @@ If you set a workflow with the key `default`, it will override this. | plan_requirements | []string | none | no | Requirements that must be satisfied before `atlantis plan` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | | | apply_requirements | []string | none | no | Requirements that must be satisfied before `atlantis apply` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | | import_requirements | []string | none | no | Requirements that must be satisfied before `atlantis import` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | -| allowed_overrides | []string | none | no | A list of restricted keys that `atlantis.yaml` files can override. The only supported keys are `apply_requirements`, `workflow`, `delete_source_branch_on_merge` and `repo_locking` | +| allowed_overrides | []string | none | no | A list of restricted keys that `atlantis.yaml` files can override. The only supported keys are `apply_requirements`, `workflow`, `delete_source_branch_on_merge`,`repo_locking`, and `custom_policy_check` | | allowed_workflows | []string | none | no | A list of workflows that `atlantis.yaml` files can select from. | | allow_custom_workflows | bool | false | no | Whether or not to allow [Custom Workflows](custom-workflows.html). | | delete_source_branch_on_merge | bool | false | no | Whether or not to delete the source branch on merge. | | repo_locking | bool | false | no | Whether or not to get a lock. | | policy_check | bool | false | no | Whether or not to run policy checks on this repository. | +| custom_policy_check | bool | false | no | Whether or not to enable custom policy check tools outside of Conftest on this repository. | :::tip Notes diff --git a/server/core/config/parser_validator_test.go b/server/core/config/parser_validator_test.go index 13cff30744..53caf9e539 100644 --- a/server/core/config/parser_validator_test.go +++ b/server/core/config/parser_validator_test.go @@ -1309,7 +1309,7 @@ func TestParseGlobalCfg(t *testing.T) { input: `repos: - id: /.*/ allowed_overrides: [invalid]`, - expErr: "repos: (0: (allowed_overrides: \"invalid\" is not a valid override, only \"plan_requirements\", \"apply_requirements\", \"import_requirements\", \"workflow\", \"delete_source_branch_on_merge\", \"repo_locking\" and \"policy_check\" are supported.).).", + expErr: "repos: (0: (allowed_overrides: \"invalid\" is not a valid override, only \"plan_requirements\", \"apply_requirements\", \"import_requirements\", \"workflow\", \"delete_source_branch_on_merge\", \"repo_locking\", \"policy_check\", and \"custom_policy_check\" are supported.).).", }, "invalid plan_requirement": { input: `repos: @@ -1573,6 +1573,7 @@ workflows: DeleteSourceBranchOnMerge: Bool(false), RepoLocking: Bool(true), PolicyCheck: Bool(false), + CustomPolicyCheck: Bool(false), }, }, Workflows: map[string]valid.Workflow{ diff --git a/server/core/config/raw/global_cfg.go b/server/core/config/raw/global_cfg.go index 9909b6ed59..92a9ec29b6 100644 --- a/server/core/config/raw/global_cfg.go +++ b/server/core/config/raw/global_cfg.go @@ -35,6 +35,7 @@ type Repo struct { DeleteSourceBranchOnMerge *bool `yaml:"delete_source_branch_on_merge,omitempty" json:"delete_source_branch_on_merge,omitempty"` RepoLocking *bool `yaml:"repo_locking,omitempty" json:"repo_locking,omitempty"` PolicyCheck *bool `yaml:"policy_check,omitempty" json:"policy_check,omitempty"` + CustomPolicyCheck *bool `yaml:"custom_policy_check,omitempty" json:"custom_policy_check,omitempty"` } func (g GlobalCfg) Validate() error { @@ -192,8 +193,8 @@ func (r Repo) Validate() error { overridesValid := func(value interface{}) error { overrides := value.([]string) for _, o := range overrides { - if o != valid.PlanRequirementsKey && o != valid.ApplyRequirementsKey && o != valid.ImportRequirementsKey && o != valid.WorkflowKey && o != valid.DeleteSourceBranchOnMergeKey && o != valid.RepoLockingKey && o != valid.PolicyCheckKey { - return fmt.Errorf("%q is not a valid override, only %q, %q, %q, %q, %q, %q and %q are supported", o, valid.PlanRequirementsKey, valid.ApplyRequirementsKey, valid.ImportRequirementsKey, valid.WorkflowKey, valid.DeleteSourceBranchOnMergeKey, valid.RepoLockingKey, valid.PolicyCheckKey) + if o != valid.PlanRequirementsKey && o != valid.ApplyRequirementsKey && o != valid.ImportRequirementsKey && o != valid.WorkflowKey && o != valid.DeleteSourceBranchOnMergeKey && o != valid.RepoLockingKey && o != valid.PolicyCheckKey && o != valid.CustomPolicyCheckKey { + return fmt.Errorf("%q is not a valid override, only %q, %q, %q, %q, %q, %q, %q, and %q are supported", o, valid.PlanRequirementsKey, valid.ApplyRequirementsKey, valid.ImportRequirementsKey, valid.WorkflowKey, valid.DeleteSourceBranchOnMergeKey, valid.RepoLockingKey, valid.PolicyCheckKey, valid.CustomPolicyCheckKey) } } return nil @@ -331,5 +332,6 @@ OuterGlobalImportReqs: DeleteSourceBranchOnMerge: r.DeleteSourceBranchOnMerge, RepoLocking: r.RepoLocking, PolicyCheck: r.PolicyCheck, + CustomPolicyCheck: r.CustomPolicyCheck, } } diff --git a/server/core/config/raw/project.go b/server/core/config/raw/project.go index f331c64483..90784fd747 100644 --- a/server/core/config/raw/project.go +++ b/server/core/config/raw/project.go @@ -36,6 +36,7 @@ type Project struct { RepoLocking *bool `yaml:"repo_locking,omitempty"` ExecutionOrderGroup *int `yaml:"execution_order_group,omitempty"` PolicyCheck *bool `yaml:"policy_check,omitempty"` + CustomPolicyCheck *bool `yaml:"custom_policy_check,omitempty"` } func (p Project) Validate() error { @@ -146,6 +147,10 @@ func (p Project) ToValid() valid.Project { v.PolicyCheck = p.PolicyCheck } + if p.CustomPolicyCheck != nil { + v.CustomPolicyCheck = p.CustomPolicyCheck + } + return v } diff --git a/server/core/config/valid/global_cfg.go b/server/core/config/valid/global_cfg.go index 937211c00e..5bd0c5bf96 100644 --- a/server/core/config/valid/global_cfg.go +++ b/server/core/config/valid/global_cfg.go @@ -24,6 +24,7 @@ const DefaultWorkflowName = "default" const DeleteSourceBranchOnMergeKey = "delete_source_branch_on_merge" const RepoLockingKey = "repo_locking" const PolicyCheckKey = "policy_check" +const CustomPolicyCheckKey = "custom_policy_check" // DefaultAtlantisFile is the default name of the config file for each repo. const DefaultAtlantisFile = "atlantis.yaml" @@ -79,6 +80,7 @@ type Repo struct { DeleteSourceBranchOnMerge *bool RepoLocking *bool PolicyCheck *bool + CustomPolicyCheck *bool } type MergedProjectCfg struct { @@ -100,6 +102,7 @@ type MergedProjectCfg struct { ExecutionOrderGroup int RepoLocking bool PolicyCheck bool + CustomPolicyCheck bool } // WorkflowHook is a map of custom run commands to run before or after workflows. @@ -239,6 +242,7 @@ func NewGlobalCfgFromArgs(args GlobalCfgArgs) GlobalCfg { allowCustomWorkflows := false deleteSourceBranchOnMerge := false repoLockingKey := true + customPolicyCheck := false if args.AllowRepoCfg { allowedOverrides = []string{PlanRequirementsKey, ApplyRequirementsKey, ImportRequirementsKey, WorkflowKey, DeleteSourceBranchOnMergeKey, RepoLockingKey, PolicyCheckKey} allowCustomWorkflows = true @@ -262,6 +266,7 @@ func NewGlobalCfgFromArgs(args GlobalCfgArgs) GlobalCfg { DeleteSourceBranchOnMerge: &deleteSourceBranchOnMerge, RepoLocking: &repoLockingKey, PolicyCheck: &policyCheck, + CustomPolicyCheck: &customPolicyCheck, }, }, Workflows: map[string]Workflow{ @@ -298,7 +303,7 @@ func (r Repo) IDString() string { // final config. It assumes that all configs have been validated. func (g GlobalCfg) MergeProjectCfg(log logging.SimpleLogging, repoID string, proj Project, rCfg RepoCfg) MergedProjectCfg { log.Debug("MergeProjectCfg started") - planReqs, applyReqs, importReqs, workflow, allowedOverrides, allowCustomWorkflows, deleteSourceBranchOnMerge, repoLocking, policyCheck := g.getMatchingCfg(log, repoID) + planReqs, applyReqs, importReqs, workflow, allowedOverrides, allowCustomWorkflows, deleteSourceBranchOnMerge, repoLocking, policyCheck, customPolicyCheck := g.getMatchingCfg(log, repoID) // If repos are allowed to override certain keys then override them. for _, key := range allowedOverrides { @@ -364,6 +369,11 @@ func (g GlobalCfg) MergeProjectCfg(log logging.SimpleLogging, repoID string, pro log.Debug("overriding server-defined %s with repo settings: [%t]", PolicyCheckKey, *proj.PolicyCheck) policyCheck = *proj.PolicyCheck } + case CustomPolicyCheckKey: + if proj.CustomPolicyCheck != nil { + log.Debug("overriding server-defined %s with repo settings: [%t]", CustomPolicyCheckKey, *proj.CustomPolicyCheck) + customPolicyCheck = *proj.CustomPolicyCheck + } } log.Debug("MergeProjectCfg completed") } @@ -388,6 +398,7 @@ func (g GlobalCfg) MergeProjectCfg(log logging.SimpleLogging, repoID string, pro ExecutionOrderGroup: proj.ExecutionOrderGroup, RepoLocking: repoLocking, PolicyCheck: policyCheck, + CustomPolicyCheck: customPolicyCheck, } } @@ -395,7 +406,7 @@ func (g GlobalCfg) MergeProjectCfg(log logging.SimpleLogging, repoID string, pro // repo with id repoID. It is used when there is no repo config. func (g GlobalCfg) DefaultProjCfg(log logging.SimpleLogging, repoID string, repoRelDir string, workspace string) MergedProjectCfg { log.Debug("building config based on server-side config") - planReqs, applyReqs, importReqs, workflow, _, _, deleteSourceBranchOnMerge, repoLocking, policyCheck := g.getMatchingCfg(log, repoID) + planReqs, applyReqs, importReqs, workflow, _, _, deleteSourceBranchOnMerge, repoLocking, policyCheck, customPolicyCheck := g.getMatchingCfg(log, repoID) return MergedProjectCfg{ PlanRequirements: planReqs, ApplyRequirements: applyReqs, @@ -410,6 +421,7 @@ func (g GlobalCfg) DefaultProjCfg(log logging.SimpleLogging, repoID string, repo DeleteSourceBranchOnMerge: deleteSourceBranchOnMerge, RepoLocking: repoLocking, PolicyCheck: policyCheck, + CustomPolicyCheck: customPolicyCheck, } } @@ -454,6 +466,9 @@ func (g GlobalCfg) ValidateRepoCfg(rCfg RepoCfg, repoID string) error { if p.RepoLocking != nil && !utils.SlicesContains(allowedOverrides, RepoLockingKey) { return fmt.Errorf("repo config not allowed to set '%s' key: server-side config needs '%s: [%s]'", RepoLockingKey, AllowedOverridesKey, RepoLockingKey) } + if p.CustomPolicyCheck != nil && !utils.SlicesContains(allowedOverrides, CustomPolicyCheckKey) { + return fmt.Errorf("repo config not allowed to set '%s' key: server-side config needs '%s: [%s]'", CustomPolicyCheckKey, AllowedOverridesKey, CustomPolicyCheckKey) + } } // Check custom workflows. @@ -512,7 +527,7 @@ func (g GlobalCfg) ValidateRepoCfg(rCfg RepoCfg, repoID string) error { } // getMatchingCfg returns the key settings for repoID. -func (g GlobalCfg) getMatchingCfg(log logging.SimpleLogging, repoID string) (planReqs []string, applyReqs []string, importReqs []string, workflow Workflow, allowedOverrides []string, allowCustomWorkflows bool, deleteSourceBranchOnMerge bool, repoLocking bool, policyCheck bool) { +func (g GlobalCfg) getMatchingCfg(log logging.SimpleLogging, repoID string) (planReqs []string, applyReqs []string, importReqs []string, workflow Workflow, allowedOverrides []string, allowCustomWorkflows bool, deleteSourceBranchOnMerge bool, repoLocking bool, policyCheck bool, customPolicyCheck bool) { toLog := make(map[string]string) traceF := func(repoIdx int, repoID string, key string, val interface{}) string { from := "default server config" @@ -534,7 +549,7 @@ func (g GlobalCfg) getMatchingCfg(log logging.SimpleLogging, repoID string) (pla return fmt.Sprintf("setting %s: %s from %s", key, valStr, from) } - for _, key := range []string{PlanRequirementsKey, ApplyRequirementsKey, ImportRequirementsKey, WorkflowKey, AllowedOverridesKey, AllowCustomWorkflowsKey, DeleteSourceBranchOnMergeKey, RepoLockingKey, PolicyCheckKey} { + for _, key := range []string{PlanRequirementsKey, ApplyRequirementsKey, ImportRequirementsKey, WorkflowKey, AllowedOverridesKey, AllowCustomWorkflowsKey, DeleteSourceBranchOnMergeKey, RepoLockingKey, PolicyCheckKey, CustomPolicyCheckKey} { for i, repo := range g.Repos { if repo.IDMatches(repoID) { switch key { @@ -583,6 +598,11 @@ func (g GlobalCfg) getMatchingCfg(log logging.SimpleLogging, repoID string) (pla toLog[PolicyCheckKey] = traceF(i, repo.IDString(), PolicyCheckKey, *repo.PolicyCheck) policyCheck = *repo.PolicyCheck } + case CustomPolicyCheckKey: + if repo.CustomPolicyCheck != nil { + toLog[CustomPolicyCheckKey] = traceF(i, repo.IDString(), CustomPolicyCheckKey, *repo.CustomPolicyCheck) + customPolicyCheck = *repo.CustomPolicyCheck + } } } } diff --git a/server/core/config/valid/global_cfg_test.go b/server/core/config/valid/global_cfg_test.go index 1efa610f8f..d778a9f12d 100644 --- a/server/core/config/valid/global_cfg_test.go +++ b/server/core/config/valid/global_cfg_test.go @@ -81,6 +81,7 @@ func TestNewGlobalCfg(t *testing.T) { DeleteSourceBranchOnMerge: Bool(false), RepoLocking: Bool(true), PolicyCheck: Bool(false), + CustomPolicyCheck: Bool(false), }, }, Workflows: map[string]valid.Workflow{ @@ -707,11 +708,12 @@ policies: }, }, }, - RepoRelDir: ".", - Workspace: "default", - Name: "", - AutoplanEnabled: false, - RepoLocking: true, + RepoRelDir: ".", + Workspace: "default", + Name: "", + AutoplanEnabled: false, + RepoLocking: true, + CustomPolicyCheck: false, }, }, "policies set correct version if specified": { @@ -755,11 +757,12 @@ policies: }, }, }, - RepoRelDir: ".", - Workspace: "default", - Name: "", - AutoplanEnabled: false, - RepoLocking: true, + RepoRelDir: ".", + Workspace: "default", + Name: "", + AutoplanEnabled: false, + RepoLocking: true, + CustomPolicyCheck: false, }, }, } @@ -848,12 +851,13 @@ workflows: Import: valid.DefaultImportStage, StateRm: valid.DefaultStateRmStage, }, - RepoRelDir: ".", - Workspace: "default", - Name: "", - AutoplanEnabled: false, - PolicySets: emptyPolicySets, - RepoLocking: true, + RepoRelDir: ".", + Workspace: "default", + Name: "", + AutoplanEnabled: false, + PolicySets: emptyPolicySets, + RepoLocking: true, + CustomPolicyCheck: false, }, }, "repo-side plan reqs win out if allowed": { @@ -883,6 +887,7 @@ repos: AutoplanEnabled: false, PolicySets: emptyPolicySets, RepoLocking: true, + CustomPolicyCheck: false, }, }, "repo-side apply reqs win out if allowed": { @@ -912,6 +917,7 @@ repos: AutoplanEnabled: false, PolicySets: emptyPolicySets, RepoLocking: true, + CustomPolicyCheck: false, }, }, "repo-side import reqs win out if allowed": { @@ -941,6 +947,7 @@ repos: AutoplanEnabled: false, PolicySets: emptyPolicySets, RepoLocking: true, + CustomPolicyCheck: false, }, }, "repo-side repo_locking win out if allowed": { @@ -957,6 +964,7 @@ repos: ApplyRequirements: []string{}, ImportRequirements: []string{}, RepoLocking: Bool(true), + CustomPolicyCheck: Bool(false), }, repoWorkflows: nil, exp: valid.MergedProjectCfg{ @@ -970,6 +978,7 @@ repos: AutoplanEnabled: false, PolicySets: emptyPolicySets, RepoLocking: false, + CustomPolicyCheck: false, }, }, "last server-side match wins": { @@ -1006,6 +1015,7 @@ repos: AutoplanEnabled: false, PolicySets: emptyPolicySets, RepoLocking: true, + CustomPolicyCheck: false, }, }, "autoplan is set properly": { @@ -1032,6 +1042,7 @@ repos: AutoplanEnabled: true, PolicySets: emptyPolicySets, RepoLocking: true, + CustomPolicyCheck: false, }, }, "execution order group is set": { @@ -1060,6 +1071,7 @@ repos: PolicySets: emptyPolicySets, ExecutionOrderGroup: 10, RepoLocking: true, + CustomPolicyCheck: false, }, }, } @@ -1254,6 +1266,7 @@ repos: PolicySets: emptyPolicySets, RepoLocking: true, PolicyCheck: false, + CustomPolicyCheck: false, }, }, "global policy check enabled": { @@ -1293,6 +1306,7 @@ repos: PolicySets: emptyPolicySets, RepoLocking: true, PolicyCheck: true, + CustomPolicyCheck: false, }, }, "global policy check enabled except current repo": { @@ -1333,6 +1347,7 @@ repos: PolicySets: emptyPolicySets, RepoLocking: true, PolicyCheck: false, + CustomPolicyCheck: false, }, }, "global policy check disabled and disabled on current repo": { @@ -1373,6 +1388,7 @@ repos: PolicySets: emptyPolicySets, RepoLocking: true, PolicyCheck: false, + CustomPolicyCheck: false, }, }, "global policy check disabled and enabled on current repo": { @@ -1413,6 +1429,7 @@ repos: PolicySets: emptyPolicySets, RepoLocking: true, PolicyCheck: true, // Project will have policy check as true but since it is globally disable it wont actually run + CustomPolicyCheck: false, }, }, } diff --git a/server/core/config/valid/repo_cfg.go b/server/core/config/valid/repo_cfg.go index 6929fd42b3..1a99e89cda 100644 --- a/server/core/config/valid/repo_cfg.go +++ b/server/core/config/valid/repo_cfg.go @@ -24,6 +24,7 @@ type RepoCfg struct { ParallelPolicyCheck *bool DeleteSourceBranchOnMerge *bool RepoLocking *bool + CustomPolicyCheck *bool EmojiReaction string AllowedRegexpPrefixes []string AbortOnExcecutionOrderFail bool @@ -136,6 +137,7 @@ type Project struct { RepoLocking *bool ExecutionOrderGroup int PolicyCheck *bool + CustomPolicyCheck *bool } // GetName returns the name of the project or an empty string if there is no diff --git a/server/core/runtime/policy/conftest_client.go b/server/core/runtime/policy/conftest_client.go index 3c97bffb0e..9b0f1fa2f8 100644 --- a/server/core/runtime/policy/conftest_client.go +++ b/server/core/runtime/policy/conftest_client.go @@ -208,10 +208,10 @@ func (c *ConfTestExecutorWorkflow) Run(ctx command.ProjectContext, executablePat } policySetResults = append(policySetResults, models.PolicySetResult{ - PolicySetName: policySet.Name, - ConftestOutput: cmdOutput, - Passed: passed, - ReqApprovals: policySet.ApproveCount, + PolicySetName: policySet.Name, + PolicyOutput: cmdOutput, + Passed: passed, + ReqApprovals: policySet.ApproveCount, }) } diff --git a/server/core/runtime/policy/conftest_client_test.go b/server/core/runtime/policy/conftest_client_test.go index 171882c257..143b6e8dbc 100644 --- a/server/core/runtime/policy/conftest_client_test.go +++ b/server/core/runtime/policy/conftest_client_test.go @@ -191,7 +191,7 @@ func TestRun(t *testing.T) { var extraArgs []string expectedOutput := "Success" - expectedResult := `[{"PolicySetName":"policy1","ConftestOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","ConftestOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` + expectedResult := `[{"PolicySetName":"policy1","PolicyOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","PolicyOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` expectedArgsPolicy1 := []string{executablePath, "test", "-p", localPolicySetPath1, filepath.Join(workdir, "testproj-default.json"), "--no-color"} expectedArgsPolicy2 := []string{executablePath, "test", "-p", localPolicySetPath2, filepath.Join(workdir, "testproj-default.json"), "--no-color"} @@ -216,7 +216,7 @@ func TestRun(t *testing.T) { extraArgs := []string{"--all-namespaces"} expectedOutput := "Success" - expectedResult := `[{"PolicySetName":"policy1","ConftestOutput":"","Passed":true,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","ConftestOutput":"","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` + expectedResult := `[{"PolicySetName":"policy1","PolicyOutput":"","Passed":true,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","PolicyOutput":"","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` expectedArgsPolicy1 := []string{executablePath, "test", "-p", localPolicySetPath1, filepath.Join(workdir, "testproj-default.json"), "--no-color"} expectedArgsPolicy2 := []string{executablePath, "test", "-p", localPolicySetPath2, filepath.Join(workdir, "testproj-default.json"), "--no-color"} @@ -241,7 +241,7 @@ func TestRun(t *testing.T) { var extraArgs []string expectedOutput := "Success" - expectedResult := `[{"PolicySetName":"policy1","ConftestOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` + expectedResult := `[{"PolicySetName":"policy1","PolicyOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` expectedArgsPolicy1 := []string{executablePath, "test", "-p", localPolicySetPath1, filepath.Join(workdir, "testproj-default.json"), "--no-color"} expectedArgsPolicy2 := []string{executablePath, "test", "-p", localPolicySetPath2, filepath.Join(workdir, "testproj-default.json"), "--no-color"} @@ -284,7 +284,7 @@ func TestRun(t *testing.T) { expectedOutputPolicy1 := fmt.Sprintf("FAIL - %s - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions", filepath.Join(workdir, "testproj-default.json")) expectedOutputPolicy2 := "Success" - expectedResult := `[{"PolicySetName":"policy1","ConftestOutput":"FAIL - - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions","Passed":false,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","ConftestOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` + expectedResult := `[{"PolicySetName":"policy1","PolicyOutput":"FAIL - - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions","Passed":false,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","PolicyOutput":"Success","Passed":true,"ReqApprovals":0,"CurApprovals":0}]` expectedArgsPolicy1 := []string{executablePath, "test", "-p", localPolicySetPath1, filepath.Join(workdir, "testproj-default.json"), "--no-color"} expectedArgsPolicy2 := []string{executablePath, "test", "-p", localPolicySetPath2, filepath.Join(workdir, "testproj-default.json"), "--no-color"} @@ -306,7 +306,7 @@ func TestRun(t *testing.T) { var extraArgs []string expectedOutput := fmt.Sprintf("FAIL - %s - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions", filepath.Join(workdir, "testproj-default.json")) - expectedResult := `[{"PolicySetName":"policy1","ConftestOutput":"FAIL - - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions","Passed":false,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","ConftestOutput":"FAIL - - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions","Passed":false,"ReqApprovals":0,"CurApprovals":0}]` + expectedResult := `[{"PolicySetName":"policy1","PolicyOutput":"FAIL - - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions","Passed":false,"ReqApprovals":0,"CurApprovals":0},{"PolicySetName":"policy2","PolicyOutput":"FAIL - - failure\n1 tests, 0 passed, 0 warnings, 1 failure, 0 exceptions","Passed":false,"ReqApprovals":0,"CurApprovals":0}]` expectedArgsPolicy1 := []string{executablePath, "test", "-p", localPolicySetPath1, filepath.Join(workdir, "testproj-default.json"), "--no-color"} expectedArgsPolicy2 := []string{executablePath, "test", "-p", localPolicySetPath2, filepath.Join(workdir, "testproj-default.json"), "--no-color"} diff --git a/server/core/runtime/run_step_runner.go b/server/core/runtime/run_step_runner.go index 32b62f2cc4..b38ba20f24 100644 --- a/server/core/runtime/run_step_runner.go +++ b/server/core/runtime/run_step_runner.go @@ -73,8 +73,12 @@ func (r *RunStepRunner) Run(ctx command.ProjectContext, command string, path str if err != nil { err = fmt.Errorf("%s: running %q in %q: \n%s", err, command, path, output) - ctx.Log.Debug("error: %s", err) - return "", err + if !ctx.CustomPolicyCheck { + ctx.Log.Debug("error: %s", err) + return "", err + } else { + ctx.Log.Debug("Treating custom policy tool error exit code as a policy failure. Error output: %s", err) + } } switch postProcessOutput { diff --git a/server/events/command/project_context.go b/server/events/command/project_context.go index 5afbe145ac..aa77cb8ff1 100644 --- a/server/events/command/project_context.go +++ b/server/events/command/project_context.go @@ -122,6 +122,8 @@ type ProjectContext struct { ExecutionOrderGroup int // If plans/applies should be aborted if any prior plan/apply fails AbortOnExcecutionOrderFail bool + // Allows custom policy check tools outside of Conftest to run in checks + CustomPolicyCheck bool } // SetProjectScopeTags adds ProjectContext tags to a new returned scope. diff --git a/server/events/markdown_renderer_test.go b/server/events/markdown_renderer_test.go index 548ce03cdb..e5c5b3e03e 100644 --- a/server/events/markdown_renderer_test.go +++ b/server/events/markdown_renderer_test.go @@ -267,7 +267,7 @@ $$$ { PolicySetName: "policy1", // strings.Repeat require to get wrapped result - ConftestOutput: `FAIL - - main - WARNING: Null Resource creation is prohibited. + PolicyOutput: `FAIL - - main - WARNING: Null Resource creation is prohibited. 2 tests, 1 passed, 0 warnings, 1 failure, 0 exceptions`, Passed: false, @@ -276,9 +276,9 @@ $$$ { PolicySetName: "policy2", // strings.Repeat require to get wrapped result - ConftestOutput: "2 tests, 2 passed, 0 warnings, 0 failure, 0 exceptions", - Passed: true, - ReqApprovals: 1, + PolicyOutput: "2 tests, 2 passed, 0 warnings, 0 failure, 0 exceptions", + Passed: true, + ReqApprovals: 1, }, }, LockURL: "lock-url", @@ -335,7 +335,7 @@ $$$ { PolicySetName: "policy1", // strings.Repeat require to get wrapped result - ConftestOutput: strings.Repeat("line\n", 13) + `FAIL - - main - WARNING: Null Resource creation is prohibited. + PolicyOutput: strings.Repeat("line\n", 13) + `FAIL - - main - WARNING: Null Resource creation is prohibited. 2 tests, 1 passed, 0 warnings, 1 failure, 0 exceptions`, Passed: false, @@ -565,9 +565,9 @@ $$$ PolicyCheckResults: &models.PolicyCheckResults{ PolicySetResults: []models.PolicySetResult{ models.PolicySetResult{ - PolicySetName: "policy1", - ConftestOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", - Passed: true, + PolicySetName: "policy1", + PolicyOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", + Passed: true, }, }, LockURL: "lock-url", @@ -582,9 +582,9 @@ $$$ PolicyCheckResults: &models.PolicyCheckResults{ PolicySetResults: []models.PolicySetResult{ models.PolicySetResult{ - PolicySetName: "policy1", - ConftestOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", - Passed: true, + PolicySetName: "policy1", + PolicyOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", + Passed: true, }, }, LockURL: "lock-url2", ApplyCmd: "atlantis apply -d path2 -w workspace", @@ -778,9 +778,9 @@ $$$ PolicyCheckResults: &models.PolicyCheckResults{ PolicySetResults: []models.PolicySetResult{ models.PolicySetResult{ - PolicySetName: "policy1", - ConftestOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", - Passed: true, + PolicySetName: "policy1", + PolicyOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", + Passed: true, }, }, LockURL: "lock-url", ApplyCmd: "atlantis apply -d path -w workspace", @@ -794,10 +794,10 @@ $$$ PolicyCheckResults: &models.PolicyCheckResults{ PolicySetResults: []models.PolicySetResult{ models.PolicySetResult{ - PolicySetName: "policy1", - ConftestOutput: "4 tests, 2 passed, 0 warnings, 2 failures, 0 exceptions", - Passed: false, - ReqApprovals: 1, + PolicySetName: "policy1", + PolicyOutput: "4 tests, 2 passed, 0 warnings, 2 failures, 0 exceptions", + Passed: false, + ReqApprovals: 1, }, }, LockURL: "lock-url", ApplyCmd: "atlantis apply -d path -w workspace", @@ -1317,9 +1317,9 @@ func TestRenderCustomPolicyCheckTemplate_DisableApplyAll(t *testing.T) { PolicyCheckResults: &models.PolicyCheckResults{ PolicySetResults: []models.PolicySetResult{ models.PolicySetResult{ - PolicySetName: "policy1", - ConftestOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", - Passed: true, + PolicySetName: "policy1", + PolicyOutput: "4 tests, 4 passed, 0 warnings, 0 failures, 0 exceptions", + Passed: true, }, }, LockURL: "lock-url", ApplyCmd: "atlantis apply -d path -w workspace", diff --git a/server/events/models/models.go b/server/events/models/models.go index bdc821c285..549e06a6af 100644 --- a/server/events/models/models.go +++ b/server/events/models/models.go @@ -368,11 +368,11 @@ type PlanSuccess struct { } type PolicySetResult struct { - PolicySetName string - ConftestOutput string - Passed bool - ReqApprovals int - CurApprovals int + PolicySetName string + PolicyOutput string + Passed bool + ReqApprovals int + CurApprovals int } // PolicySetApproval tracks the number of approvals a given policy set has. @@ -472,7 +472,7 @@ func (p *PolicyCheckResults) CombinedOutput() string { combinedOutput := "" for _, psResult := range p.PolicySetResults { // accounting for json output from conftest. - for _, psResultLine := range strings.Split(psResult.ConftestOutput, "\\n") { + for _, psResultLine := range strings.Split(psResult.PolicyOutput, "\\n") { combinedOutput = fmt.Sprintf("%s\n%s", combinedOutput, psResultLine) } } @@ -484,7 +484,7 @@ func (p *PolicyCheckResults) Summary() string { note := "" for _, policySetResult := range p.PolicySetResults { r := regexp.MustCompile(`\d+ tests?, \d+ passed, \d+ warnings?, \d+ failures?, \d+ exceptions?(, \d skipped)?`) - if match := r.FindString(policySetResult.ConftestOutput); match != "" { + if match := r.FindString(policySetResult.PolicyOutput); match != "" { note = fmt.Sprintf("%s\npolicy set: %s: %s", note, policySetResult.PolicySetName, match) } } diff --git a/server/events/models/models_test.go b/server/events/models/models_test.go index 126d89c60a..c05016d2af 100644 --- a/server/events/models/models_test.go +++ b/server/events/models/models_test.go @@ -433,8 +433,8 @@ func TestPolicyCheckResults_Summary(t *testing.T) { description: "test single format with single policy set", policysetResults: []models.PolicySetResult{ { - PolicySetName: "policy1", - ConftestOutput: "20 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions", + PolicySetName: "policy1", + PolicyOutput: "20 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions", }, }, exp: "policy set: policy1: 20 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions", @@ -443,16 +443,16 @@ func TestPolicyCheckResults_Summary(t *testing.T) { description: "test multiple formats with multiple policy sets", policysetResults: []models.PolicySetResult{ { - PolicySetName: "policy1", - ConftestOutput: "20 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions", + PolicySetName: "policy1", + PolicyOutput: "20 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions", }, { - PolicySetName: "policy2", - ConftestOutput: "3 tests, 0 passed, 1 warning, 1 failure, 0 exceptions, 1 skipped", + PolicySetName: "policy2", + PolicyOutput: "3 tests, 0 passed, 1 warning, 1 failure, 0 exceptions, 1 skipped", }, { - PolicySetName: "policy3", - ConftestOutput: "1 test, 0 passed, 1 warning, 1 failure, 1 exception", + PolicySetName: "policy3", + PolicyOutput: "1 test, 0 passed, 1 warning, 1 failure, 1 exception", }, }, exp: `policy set: policy1: 20 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions diff --git a/server/events/project_command_context_builder.go b/server/events/project_command_context_builder.go index 317e8516a1..02245b27fd 100644 --- a/server/events/project_command_context_builder.go +++ b/server/events/project_command_context_builder.go @@ -274,6 +274,7 @@ func newProjectCommandContext(ctx *command.Context, AutomergeEnabled: automergeEnabled, DeleteSourceBranchOnMerge: projCfg.DeleteSourceBranchOnMerge, RepoLocking: projCfg.RepoLocking, + CustomPolicyCheck: projCfg.CustomPolicyCheck, ParallelApplyEnabled: parallelApplyEnabled, ParallelPlanEnabled: parallelPlanEnabled, ParallelPolicyCheckEnabled: parallelPlanEnabled, diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go index 1e8e2fe315..69ae9e73d4 100644 --- a/server/events/project_command_runner.go +++ b/server/events/project_command_runner.go @@ -425,7 +425,7 @@ func (p *DefaultProjectCommandRunner) doPolicyCheck(ctx command.ProjectContext) if !lockAttempt.LockAcquired { return nil, lockAttempt.LockFailureReason, nil } - ctx.Log.Debug("acquired lock for project") + ctx.Log.Debug("acquired lock for project.") // Acquire internal lock for the directory we're going to operate in. // We should refactor this to keep the lock for the duration of plan and policy check since as of now @@ -489,14 +489,23 @@ func (p *DefaultProjectCommandRunner) doPolicyCheck(ctx command.ProjectContext) var preConftestOutput []string var postConftestOutput []string var policySetResults []models.PolicySetResult + for i, output := range outputs { index = i - err = json.Unmarshal([]byte(strings.Join([]string{output}, "\n")), &policySetResults) - if err == nil { - break + if !ctx.CustomPolicyCheck { + err = json.Unmarshal([]byte(strings.Join([]string{output}, "\n")), &policySetResults) + if err == nil { + break + } + preConftestOutput = append(preConftestOutput, output) + } else { + // Using a policy tool other than Conftest, manually building result struct + passed := !strings.Contains(strings.ToLower(output), "fail") + policySetResults = append(policySetResults, models.PolicySetResult{PolicySetName: "Custom", PolicyOutput: output, Passed: passed, ReqApprovals: 1, CurApprovals: 0}) + preConftestOutput = append(preConftestOutput, "") } - preConftestOutput = append(preConftestOutput, output) } + if policySetResults == nil { return nil, "", errors.New("unable to unmarshal conftest output") } diff --git a/server/events/templates/policy_check.tmpl b/server/events/templates/policy_check.tmpl index dcabbea963..69ab18cc8d 100644 --- a/server/events/templates/policy_check.tmpl +++ b/server/events/templates/policy_check.tmpl @@ -3,7 +3,7 @@ {{ range $ps, $policy_sets }} #### Policy Set: `{{ $ps.PolicySetName }}` ```diff -{{ $ps.ConftestOutput }} +{{ $ps.PolicyOutput }} ``` {{ end }} {{ end }} From 31a5639635115693c8a761966580999690599ebc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Oct 2023 10:58:33 -0400 Subject: [PATCH 15/79] chore(deps): bump postcss from 8.4.29 to 8.4.31 (#3810) Bumps [postcss](https://github.com/postcss/postcss) from 8.4.29 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.29...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index d679ac3889..1943cd4764 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1566,9 +1566,9 @@ postcss-value-parser@^4.2.0: integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== postcss@^8.1.10, postcss@^8.4.25, postcss@^8.4.27: - version "8.4.29" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.29.tgz#33bc121cf3b3688d4ddef50be869b2a54185a1dd" - integrity sha512-cbI+jaqIeu/VGqXEarWkRCCffhjgXc0qjBtXpqJhTBohMUjUQnbBr0xqX3vEKudc4iviTewcJo5ajcec5+wdJw== + version "8.4.31" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" + integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== dependencies: nanoid "^3.3.6" picocolors "^1.0.0" From 4a921b3d658c84a901c99bbc2b6d822fbb067e9f Mon Sep 17 00:00:00 2001 From: Finn Arne Gangstad Date: Fri, 6 Oct 2023 17:04:34 +0200 Subject: [PATCH 16/79] fix: make go-generate now creates working mocks out of the box (#3802) * Rename arguments in mocked functions from result to res The code generated by pegomock is broken if any of the arguments to the mocked function are named "result", so they must be named something else. * Regenerate all mocks with make go-generate The mocks now work without further modification after running go-generate. --- .../core/runtime/mocks/mock_status_updater.go | 20 +++++++++---------- server/core/runtime/runtime.go | 2 +- server/events/mocks/mock_event_parsing.go | 20 +++++++++++++------ server/events/mocks/mock_job_url_setter.go | 20 +++++++++---------- server/events/project_command_runner.go | 2 +- server/jobs/job_url_setter.go | 2 +- .../jobs/mocks/mock_project_status_updater.go | 20 +++++++++---------- 7 files changed, 47 insertions(+), 39 deletions(-) diff --git a/server/core/runtime/mocks/mock_status_updater.go b/server/core/runtime/mocks/mock_status_updater.go index 63da713ab9..70f8edf1d3 100644 --- a/server/core/runtime/mocks/mock_status_updater.go +++ b/server/core/runtime/mocks/mock_status_updater.go @@ -26,16 +26,16 @@ func NewMockStatusUpdater(options ...pegomock.Option) *MockStatusUpdater { func (mock *MockStatusUpdater) SetFailHandler(fh pegomock.FailHandler) { mock.fail = fh } func (mock *MockStatusUpdater) FailHandler() pegomock.FailHandler { return mock.fail } -func (mock *MockStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, result *command.ProjectResult) error { +func (mock *MockStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, res *command.ProjectResult) error { if mock == nil { panic("mock must not be nil. Use myMock := NewMockStatusUpdater().") } - params := []pegomock.Param{ctx, cmdName, status, url, result} - pegomockResult := pegomock.GetGenericMockFrom(mock).Invoke("UpdateProject", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()}) + params := []pegomock.Param{ctx, cmdName, status, url, res} + result := pegomock.GetGenericMockFrom(mock).Invoke("UpdateProject", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()}) var ret0 error - if len(pegomockResult) != 0 { - if pegomockResult[0] != nil { - ret0 = pegomockResult[0].(error) + if len(result) != 0 { + if result[0] != nil { + ret0 = result[0].(error) } } return ret0 @@ -78,8 +78,8 @@ type VerifierMockStatusUpdater struct { timeout time.Duration } -func (verifier *VerifierMockStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, result *command.ProjectResult) *MockStatusUpdater_UpdateProject_OngoingVerification { - params := []pegomock.Param{ctx, cmdName, status, url, result} +func (verifier *VerifierMockStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, res *command.ProjectResult) *MockStatusUpdater_UpdateProject_OngoingVerification { + params := []pegomock.Param{ctx, cmdName, status, url, res} methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "UpdateProject", params, verifier.timeout) return &MockStatusUpdater_UpdateProject_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations} } @@ -90,8 +90,8 @@ type MockStatusUpdater_UpdateProject_OngoingVerification struct { } func (c *MockStatusUpdater_UpdateProject_OngoingVerification) GetCapturedArguments() (command.ProjectContext, command.Name, models.CommitStatus, string, *command.ProjectResult) { - ctx, cmdName, status, url, result := c.GetAllCapturedArguments() - return ctx[len(ctx)-1], cmdName[len(cmdName)-1], status[len(status)-1], url[len(url)-1], result[len(result)-1] + ctx, cmdName, status, url, res := c.GetAllCapturedArguments() + return ctx[len(ctx)-1], cmdName[len(cmdName)-1], status[len(status)-1], url[len(url)-1], res[len(res)-1] } func (c *MockStatusUpdater_UpdateProject_OngoingVerification) GetAllCapturedArguments() (_param0 []command.ProjectContext, _param1 []command.Name, _param2 []models.CommitStatus, _param3 []string, _param4 []*command.ProjectResult) { diff --git a/server/core/runtime/runtime.go b/server/core/runtime/runtime.go index fbef261ce2..4f54420cd6 100644 --- a/server/core/runtime/runtime.go +++ b/server/core/runtime/runtime.go @@ -51,7 +51,7 @@ type AsyncTFExec interface { // //go:generate pegomock generate --package mocks -o mocks/mock_status_updater.go StatusUpdater type StatusUpdater interface { - UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, result *command.ProjectResult) error + UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, res *command.ProjectResult) error } // Runner mirrors events.StepRunner as a way to bring it into this package diff --git a/server/events/mocks/mock_event_parsing.go b/server/events/mocks/mock_event_parsing.go index 0f7067eb89..8203afd5d1 100644 --- a/server/events/mocks/mock_event_parsing.go +++ b/server/events/mocks/mock_event_parsing.go @@ -531,8 +531,8 @@ type VerifierMockEventParsing struct { timeout time.Duration } -func (verifier *VerifierMockEventParsing) GetBitbucketCloudPullEventType(eventTypeHeader string) *MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification { - params := []pegomock.Param{eventTypeHeader} +func (verifier *VerifierMockEventParsing) GetBitbucketCloudPullEventType(eventTypeHeader string, sha string, pr string) *MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification { + params := []pegomock.Param{eventTypeHeader, sha, pr} methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "GetBitbucketCloudPullEventType", params, verifier.timeout) return &MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations} } @@ -542,18 +542,26 @@ type MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification struct methodInvocations []pegomock.MethodInvocation } -func (c *MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification) GetCapturedArguments() string { - eventTypeHeader := c.GetAllCapturedArguments() - return eventTypeHeader[len(eventTypeHeader)-1] +func (c *MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification) GetCapturedArguments() (string, string, string) { + eventTypeHeader, sha, pr := c.GetAllCapturedArguments() + return eventTypeHeader[len(eventTypeHeader)-1], sha[len(sha)-1], pr[len(pr)-1] } -func (c *MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification) GetAllCapturedArguments() (_param0 []string) { +func (c *MockEventParsing_GetBitbucketCloudPullEventType_OngoingVerification) GetAllCapturedArguments() (_param0 []string, _param1 []string, _param2 []string) { params := pegomock.GetGenericMockFrom(c.mock).GetInvocationParams(c.methodInvocations) if len(params) > 0 { _param0 = make([]string, len(c.methodInvocations)) for u, param := range params[0] { _param0[u] = param.(string) } + _param1 = make([]string, len(c.methodInvocations)) + for u, param := range params[1] { + _param1[u] = param.(string) + } + _param2 = make([]string, len(c.methodInvocations)) + for u, param := range params[2] { + _param2[u] = param.(string) + } } return } diff --git a/server/events/mocks/mock_job_url_setter.go b/server/events/mocks/mock_job_url_setter.go index 6d37bf9c73..427e081f27 100644 --- a/server/events/mocks/mock_job_url_setter.go +++ b/server/events/mocks/mock_job_url_setter.go @@ -26,16 +26,16 @@ func NewMockJobURLSetter(options ...pegomock.Option) *MockJobURLSetter { func (mock *MockJobURLSetter) SetFailHandler(fh pegomock.FailHandler) { mock.fail = fh } func (mock *MockJobURLSetter) FailHandler() pegomock.FailHandler { return mock.fail } -func (mock *MockJobURLSetter) SetJobURLWithStatus(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, result *command.ProjectResult) error { +func (mock *MockJobURLSetter) SetJobURLWithStatus(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, res *command.ProjectResult) error { if mock == nil { panic("mock must not be nil. Use myMock := NewMockJobURLSetter().") } - params := []pegomock.Param{ctx, cmdName, status, result} - pegomockResult := pegomock.GetGenericMockFrom(mock).Invoke("SetJobURLWithStatus", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()}) + params := []pegomock.Param{ctx, cmdName, status, res} + result := pegomock.GetGenericMockFrom(mock).Invoke("SetJobURLWithStatus", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()}) var ret0 error - if len(pegomockResult) != 0 { - if pegomockResult[0] != nil { - ret0 = pegomockResult[0].(error) + if len(result) != 0 { + if result[0] != nil { + ret0 = result[0].(error) } } return ret0 @@ -78,8 +78,8 @@ type VerifierMockJobURLSetter struct { timeout time.Duration } -func (verifier *VerifierMockJobURLSetter) SetJobURLWithStatus(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, result *command.ProjectResult) *MockJobURLSetter_SetJobURLWithStatus_OngoingVerification { - params := []pegomock.Param{ctx, cmdName, status, result} +func (verifier *VerifierMockJobURLSetter) SetJobURLWithStatus(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, res *command.ProjectResult) *MockJobURLSetter_SetJobURLWithStatus_OngoingVerification { + params := []pegomock.Param{ctx, cmdName, status, res} methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "SetJobURLWithStatus", params, verifier.timeout) return &MockJobURLSetter_SetJobURLWithStatus_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations} } @@ -90,8 +90,8 @@ type MockJobURLSetter_SetJobURLWithStatus_OngoingVerification struct { } func (c *MockJobURLSetter_SetJobURLWithStatus_OngoingVerification) GetCapturedArguments() (command.ProjectContext, command.Name, models.CommitStatus, *command.ProjectResult) { - ctx, cmdName, status, result := c.GetAllCapturedArguments() - return ctx[len(ctx)-1], cmdName[len(cmdName)-1], status[len(status)-1], result[len(result)-1] + ctx, cmdName, status, res := c.GetAllCapturedArguments() + return ctx[len(ctx)-1], cmdName[len(cmdName)-1], status[len(status)-1], res[len(res)-1] } func (c *MockJobURLSetter_SetJobURLWithStatus_OngoingVerification) GetAllCapturedArguments() (_param0 []command.ProjectContext, _param1 []command.Name, _param2 []models.CommitStatus, _param3 []*command.ProjectResult) { diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go index 69ae9e73d4..736b8ac31b 100644 --- a/server/events/project_command_runner.go +++ b/server/events/project_command_runner.go @@ -143,7 +143,7 @@ type ProjectCommandRunner interface { type JobURLSetter interface { // SetJobURLWithStatus sets the commit status for the project represented by // ctx and updates the status with and url to a job. - SetJobURLWithStatus(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, result *command.ProjectResult) error + SetJobURLWithStatus(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, res *command.ProjectResult) error } //go:generate pegomock generate --package mocks -o mocks/mock_job_message_sender.go JobMessageSender diff --git a/server/jobs/job_url_setter.go b/server/jobs/job_url_setter.go index 872f3c3636..d2c6209c17 100644 --- a/server/jobs/job_url_setter.go +++ b/server/jobs/job_url_setter.go @@ -17,7 +17,7 @@ type ProjectJobURLGenerator interface { type ProjectStatusUpdater interface { // UpdateProject sets the commit status for the project represented by // ctx. - UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, result *command.ProjectResult) error + UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, res *command.ProjectResult) error } type JobURLSetter struct { diff --git a/server/jobs/mocks/mock_project_status_updater.go b/server/jobs/mocks/mock_project_status_updater.go index f79baa5869..9f0a18f037 100644 --- a/server/jobs/mocks/mock_project_status_updater.go +++ b/server/jobs/mocks/mock_project_status_updater.go @@ -26,16 +26,16 @@ func NewMockProjectStatusUpdater(options ...pegomock.Option) *MockProjectStatusU func (mock *MockProjectStatusUpdater) SetFailHandler(fh pegomock.FailHandler) { mock.fail = fh } func (mock *MockProjectStatusUpdater) FailHandler() pegomock.FailHandler { return mock.fail } -func (mock *MockProjectStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, result *command.ProjectResult) error { +func (mock *MockProjectStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, res *command.ProjectResult) error { if mock == nil { panic("mock must not be nil. Use myMock := NewMockProjectStatusUpdater().") } - params := []pegomock.Param{ctx, cmdName, status, url, result} - pegomockResult := pegomock.GetGenericMockFrom(mock).Invoke("UpdateProject", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()}) + params := []pegomock.Param{ctx, cmdName, status, url, res} + result := pegomock.GetGenericMockFrom(mock).Invoke("UpdateProject", params, []reflect.Type{reflect.TypeOf((*error)(nil)).Elem()}) var ret0 error - if len(pegomockResult) != 0 { - if pegomockResult[0] != nil { - ret0 = pegomockResult[0].(error) + if len(result) != 0 { + if result[0] != nil { + ret0 = result[0].(error) } } return ret0 @@ -78,8 +78,8 @@ type VerifierMockProjectStatusUpdater struct { timeout time.Duration } -func (verifier *VerifierMockProjectStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, result *command.ProjectResult) *MockProjectStatusUpdater_UpdateProject_OngoingVerification { - params := []pegomock.Param{ctx, cmdName, status, url, result} +func (verifier *VerifierMockProjectStatusUpdater) UpdateProject(ctx command.ProjectContext, cmdName command.Name, status models.CommitStatus, url string, res *command.ProjectResult) *MockProjectStatusUpdater_UpdateProject_OngoingVerification { + params := []pegomock.Param{ctx, cmdName, status, url, res} methodInvocations := pegomock.GetGenericMockFrom(verifier.mock).Verify(verifier.inOrderContext, verifier.invocationCountMatcher, "UpdateProject", params, verifier.timeout) return &MockProjectStatusUpdater_UpdateProject_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations} } @@ -90,8 +90,8 @@ type MockProjectStatusUpdater_UpdateProject_OngoingVerification struct { } func (c *MockProjectStatusUpdater_UpdateProject_OngoingVerification) GetCapturedArguments() (command.ProjectContext, command.Name, models.CommitStatus, string, *command.ProjectResult) { - ctx, cmdName, status, url, result := c.GetAllCapturedArguments() - return ctx[len(ctx)-1], cmdName[len(cmdName)-1], status[len(status)-1], url[len(url)-1], result[len(result)-1] + ctx, cmdName, status, url, res := c.GetAllCapturedArguments() + return ctx[len(ctx)-1], cmdName[len(cmdName)-1], status[len(status)-1], url[len(url)-1], res[len(res)-1] } func (c *MockProjectStatusUpdater_UpdateProject_OngoingVerification) GetAllCapturedArguments() (_param0 []command.ProjectContext, _param1 []command.Name, _param2 []models.CommitStatus, _param3 []string, _param4 []*command.ProjectResult) { From 98045720c16324f6f6a6ed21d87faa7a6c70040c Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Fri, 6 Oct 2023 11:10:28 -0400 Subject: [PATCH 17/79] fix(ci): website tests 403 atlassian links (#3824) --- .github/workflows/website.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml index 56f14f2683..5acacb5127 100644 --- a/.github/workflows/website.yml +++ b/.github/workflows/website.yml @@ -64,6 +64,7 @@ jobs: -e 'https://medium.com/runatlantis' \ -e 'https://github\.com/runatlantis/atlantis/edit/main/.*' \ -e 'https://github.com/runatlantis/helm-charts#customization' \ + -e 'https://confluence.atlassian.com/*' \ --header 'Accept-Encoding:deflate, gzip' \ --buffer-size 8192 \ http://localhost:8080/ From d083aa119fa172b31a154722e3873a47217390d4 Mon Sep 17 00:00:00 2001 From: PePe Amengual Date: Fri, 6 Oct 2023 08:35:38 -0700 Subject: [PATCH 18/79] Revert "feat: Add project depends on functionality (#3821)" (#3825) This reverts commit cf2b7911f45e6a3f26a2c3243eb7d578c29c33f3. --- runatlantis.io/docs/depends-on.md | 21 ---- server/core/config/raw/project.go | 8 -- server/core/config/valid/global_cfg.go | 5 +- server/core/config/valid/repo_cfg.go | 1 - server/events/command/project_context.go | 9 -- server/events/command_requirement_handler.go | 18 --- .../command_requirement_handler_test.go | 107 ------------------ .../mocks/mock_command_requirement_handler.go | 19 ---- .../events/project_command_context_builder.go | 9 +- server/events/project_command_runner.go | 5 - 10 files changed, 5 insertions(+), 197 deletions(-) delete mode 100644 runatlantis.io/docs/depends-on.md diff --git a/runatlantis.io/docs/depends-on.md b/runatlantis.io/docs/depends-on.md deleted file mode 100644 index ae0d059f54..0000000000 --- a/runatlantis.io/docs/depends-on.md +++ /dev/null @@ -1,21 +0,0 @@ -# Depends_on Argument -[[toc]] - -## Description -The depends_on argument allow you to enforce dependencies between projects. Use the depends_on argument to handle cases -where require one project to be applied prior to the other. - -## What Happens if one or more project's dependencies are not applied? -If there's one or more projects in the dependency list is not in an applied status, users will see an error if they try -to run `atlantis apply`. - -### Usage -1. In `atlantis.yaml` file specify the `depends_on` key under the project config: - #### atlantis.yaml - ```yaml - version: 3 - projects: - - dir: . - name: project-2 - depends_on: [project-1] - ``` diff --git a/server/core/config/raw/project.go b/server/core/config/raw/project.go index 90784fd747..e288818a9e 100644 --- a/server/core/config/raw/project.go +++ b/server/core/config/raw/project.go @@ -31,7 +31,6 @@ type Project struct { PlanRequirements []string `yaml:"plan_requirements,omitempty"` ApplyRequirements []string `yaml:"apply_requirements,omitempty"` ImportRequirements []string `yaml:"import_requirements,omitempty"` - DependsOn []string `yaml:"depends_on,omitempty"` DeleteSourceBranchOnMerge *bool `yaml:"delete_source_branch_on_merge,omitempty"` RepoLocking *bool `yaml:"repo_locking,omitempty"` ExecutionOrderGroup *int `yaml:"execution_order_group,omitempty"` @@ -75,17 +74,12 @@ func (p Project) Validate() error { return errors.Wrapf(err, "parsing: %s", branch) } - Dependencies := func(value interface{}) error { - return nil - } - return validation.ValidateStruct(&p, validation.Field(&p.Dir, validation.Required, validation.By(hasDotDot)), validation.Field(&p.PlanRequirements, validation.By(validPlanReq)), validation.Field(&p.ApplyRequirements, validation.By(validApplyReq)), validation.Field(&p.ImportRequirements, validation.By(validImportReq)), validation.Field(&p.TerraformVersion, validation.By(VersionValidator)), - validation.Field(&p.DependsOn, validation.By(Dependencies)), validation.Field(&p.Name, validation.By(validName)), validation.Field(&p.Branch, validation.By(branchValid)), ) @@ -129,8 +123,6 @@ func (p Project) ToValid() valid.Project { v.Name = p.Name - v.DependsOn = p.DependsOn - if p.DeleteSourceBranchOnMerge != nil { v.DeleteSourceBranchOnMerge = p.DeleteSourceBranchOnMerge } diff --git a/server/core/config/valid/global_cfg.go b/server/core/config/valid/global_cfg.go index 5bd0c5bf96..8aab42f67b 100644 --- a/server/core/config/valid/global_cfg.go +++ b/server/core/config/valid/global_cfg.go @@ -17,7 +17,10 @@ const PoliciesPassedCommandReq = "policies_passed" const PlanRequirementsKey = "plan_requirements" const ApplyRequirementsKey = "apply_requirements" const ImportRequirementsKey = "import_requirements" +const PreWorkflowHooksKey = "pre_workflow_hooks" const WorkflowKey = "workflow" +const PostWorkflowHooksKey = "post_workflow_hooks" +const AllowedWorkflowsKey = "allowed_workflows" const AllowedOverridesKey = "allowed_overrides" const AllowCustomWorkflowsKey = "allow_custom_workflows" const DefaultWorkflowName = "default" @@ -89,7 +92,6 @@ type MergedProjectCfg struct { ImportRequirements []string Workflow Workflow AllowedWorkflows []string - DependsOn []string RepoRelDir string Workspace string Name string @@ -388,7 +390,6 @@ func (g GlobalCfg) MergeProjectCfg(log logging.SimpleLogging, repoID string, pro Workflow: workflow, RepoRelDir: proj.Dir, Workspace: proj.Workspace, - DependsOn: proj.DependsOn, Name: proj.GetName(), AutoplanEnabled: proj.Autoplan.Enabled, TerraformVersion: proj.TerraformVersion, diff --git a/server/core/config/valid/repo_cfg.go b/server/core/config/valid/repo_cfg.go index 1a99e89cda..fe441f4d05 100644 --- a/server/core/config/valid/repo_cfg.go +++ b/server/core/config/valid/repo_cfg.go @@ -132,7 +132,6 @@ type Project struct { PlanRequirements []string ApplyRequirements []string ImportRequirements []string - DependsOn []string DeleteSourceBranchOnMerge *bool RepoLocking *bool ExecutionOrderGroup int diff --git a/server/events/command/project_context.go b/server/events/command/project_context.go index aa77cb8ff1..1e2521e38c 100644 --- a/server/events/command/project_context.go +++ b/server/events/command/project_context.go @@ -57,13 +57,6 @@ type ProjectContext struct { // If the pull request branch is from the same repository then HeadRepo will // be the same as BaseRepo. HeadRepo models.Repo - // DependsOn are a list of project that this project relies on - // their apply status. These projects must be applied first. - // - // Atlantis uses this information to valid the apply - // orders and to warn the user if they're applying a project that - // depends on other projects. - DependsOn []string // Log is a logger that's been set up for this context. Log logging.SimpleLogging // Scope is the scope for reporting stats setup for this context @@ -74,8 +67,6 @@ type ProjectContext struct { ProjectPlanStatus models.ProjectPlanStatus // ProjectPolicyStatus is the status of policy sets of the current project prior to this command. ProjectPolicyStatus []models.PolicySetStatus - // PullStatus is the current status of a pull request that is in progress. - PullStatus *models.PullStatus // Pull is the pull request we're responding to. Pull models.PullRequest // ProjectName is the name of the project set in atlantis.yaml. If there was diff --git a/server/events/command_requirement_handler.go b/server/events/command_requirement_handler.go index 20ee61aee1..8af12bec54 100644 --- a/server/events/command_requirement_handler.go +++ b/server/events/command_requirement_handler.go @@ -1,17 +1,13 @@ package events import ( - "fmt" - "github.com/runatlantis/atlantis/server/core/config/raw" "github.com/runatlantis/atlantis/server/core/config/valid" "github.com/runatlantis/atlantis/server/events/command" - "github.com/runatlantis/atlantis/server/events/models" ) //go:generate pegomock generate --package mocks -o mocks/mock_command_requirement_handler.go CommandRequirementHandler type CommandRequirementHandler interface { - ValidateProjectDependencies(ctx command.ProjectContext) (string, error) ValidatePlanProject(repoDir string, ctx command.ProjectContext) (string, error) ValidateApplyProject(repoDir string, ctx command.ProjectContext) (string, error) ValidateImportProject(repoDir string, ctx command.ProjectContext) (string, error) @@ -69,20 +65,6 @@ func (a *DefaultCommandRequirementHandler) ValidateApplyProject(repoDir string, return "", nil } -func (a *DefaultCommandRequirementHandler) ValidateProjectDependencies(ctx command.ProjectContext) (failure string, err error) { - for _, dependOnProject := range ctx.DependsOn { - - for _, project := range ctx.PullStatus.Projects { - - if project.ProjectName == dependOnProject && project.Status != models.AppliedPlanStatus { - return fmt.Sprintf("Can't apply your project unless you apply its dependencies: [%s]", project.ProjectName), nil - } - } - } - - return "", nil -} - func (a *DefaultCommandRequirementHandler) ValidateImportProject(repoDir string, ctx command.ProjectContext) (failure string, err error) { for _, req := range ctx.ImportRequirements { switch req { diff --git a/server/events/command_requirement_handler_test.go b/server/events/command_requirement_handler_test.go index 86f318825f..7a9891b07c 100644 --- a/server/events/command_requirement_handler_test.go +++ b/server/events/command_requirement_handler_test.go @@ -207,113 +207,6 @@ func TestAggregateApplyRequirements_ValidateApplyProject(t *testing.T) { } } -func TestRequirements_ValidateProjectDependencies(t *testing.T) { - tests := []struct { - name string - ctx command.ProjectContext - setup func(workingDir *mocks.MockWorkingDir) - wantFailure string - wantErr assert.ErrorAssertionFunc - }{ - { - name: "pass no dependencies", - ctx: command.ProjectContext{}, - wantErr: assert.NoError, - }, - { - name: "pass all dependencies applied", - ctx: command.ProjectContext{ - DependsOn: []string{"project1"}, - PullStatus: &models.PullStatus{ - Projects: []models.ProjectStatus{ - { - ProjectName: "project1", - Status: models.AppliedPlanStatus, - }, - }, - }, - }, - wantErr: assert.NoError, - }, - { - name: "Fail all dependencies are not applied", - ctx: command.ProjectContext{ - DependsOn: []string{"project1", "project2"}, - PullStatus: &models.PullStatus{ - Projects: []models.ProjectStatus{ - { - ProjectName: "project1", - Status: models.PlannedPlanStatus, - }, - { - ProjectName: "project2", - Status: models.ErroredApplyStatus, - }, - }, - }, - }, - wantFailure: "Can't apply your project unless you apply its dependencies: [project1]", - wantErr: assert.NoError, - }, - { - name: "Fail one of dependencies is not applied", - ctx: command.ProjectContext{ - DependsOn: []string{"project1", "project2"}, - PullStatus: &models.PullStatus{ - Projects: []models.ProjectStatus{ - { - ProjectName: "project1", - Status: models.AppliedPlanStatus, - }, - { - ProjectName: "project2", - Status: models.ErroredApplyStatus, - }, - }, - }, - }, - wantFailure: "Can't apply your project unless you apply its dependencies: [project2]", - wantErr: assert.NoError, - }, - { - name: "Fail one of dependencies is not applied", - ctx: command.ProjectContext{ - DependsOn: []string{"project1", "project2", "project3"}, - PullStatus: &models.PullStatus{ - Projects: []models.ProjectStatus{ - { - ProjectName: "project1", - Status: models.AppliedPlanStatus, - }, - { - ProjectName: "project2", - Status: models.ErroredApplyStatus, - }, - { - ProjectName: "project3", - Status: models.PlannedPlanStatus, - }, - }, - }, - }, - wantFailure: "Can't apply your project unless you apply its dependencies: [project2]", - wantErr: assert.NoError, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - RegisterMockTestingT(t) - workingDir := mocks.NewMockWorkingDir() - a := &events.DefaultCommandRequirementHandler{WorkingDir: workingDir} - gotFailure, err := a.ValidateProjectDependencies(tt.ctx) - if !tt.wantErr(t, err, fmt.Sprintf("ValidateProjectDependencies(%v)", tt.ctx)) { - return - } - assert.Equalf(t, tt.wantFailure, gotFailure, "ValidateProjectDependencies(%v)", tt.ctx) - }) - } -} - func TestAggregateApplyRequirements_ValidateImportProject(t *testing.T) { repoDir := "repoDir" fullRequirements := []string{ diff --git a/server/events/mocks/mock_command_requirement_handler.go b/server/events/mocks/mock_command_requirement_handler.go index aeee17ae83..8b6dd3c775 100644 --- a/server/events/mocks/mock_command_requirement_handler.go +++ b/server/events/mocks/mock_command_requirement_handler.go @@ -125,25 +125,6 @@ func (verifier *VerifierMockCommandRequirementHandler) ValidateApplyProject(repo return &MockCommandRequirementHandler_ValidateApplyProject_OngoingVerification{mock: verifier.mock, methodInvocations: methodInvocations} } -func (mock *MockCommandRequirementHandler) ValidateProjectDependencies(_param0 command.ProjectContext) (string, error) { - if mock == nil { - panic("mock must not be nil. Use myMock := NewMockCommandRequirementHandler().") - } - params := []pegomock.Param{_param0} - result := pegomock.GetGenericMockFrom(mock).Invoke("ValidateProjectDependencies", params, []reflect.Type{reflect.TypeOf((*string)(nil)).Elem(), reflect.TypeOf((*error)(nil)).Elem()}) - var ret0 string - var ret1 error - if len(result) != 0 { - if result[0] != nil { - ret0 = result[0].(string) - } - if result[1] != nil { - ret1 = result[1].(error) - } - } - return ret0, ret1 -} - type MockCommandRequirementHandler_ValidateApplyProject_OngoingVerification struct { mock *MockCommandRequirementHandler methodInvocations []pegomock.MethodInvocation diff --git a/server/events/project_command_context_builder.go b/server/events/project_command_context_builder.go index 02245b27fd..16714f841a 100644 --- a/server/events/project_command_context_builder.go +++ b/server/events/project_command_context_builder.go @@ -144,7 +144,6 @@ func (cb *DefaultProjectCommandContextBuilder) BuildProjectContext( abortOnExcecutionOrderFail, ctx.Scope, ctx.PullRequestStatus, - ctx.PullStatus, ) projectCmds = append(projectCmds, projectCmdContext) @@ -216,7 +215,6 @@ func (cb *PolicyCheckProjectCommandContextBuilder) BuildProjectContext( abortOnExcecutionOrderFail, ctx.Scope, ctx.PullRequestStatus, - ctx.PullStatus, )) } @@ -240,8 +238,7 @@ func newProjectCommandContext(ctx *command.Context, verbose bool, abortOnExcecutionOrderFail bool, scope tally.Scope, - pullReqStatus models.PullReqStatus, - pullStatus *models.PullStatus, + pullStatus models.PullReqStatus, ) command.ProjectContext { var projectPlanStatus models.ProjectPlanStatus @@ -278,7 +275,6 @@ func newProjectCommandContext(ctx *command.Context, ParallelApplyEnabled: parallelApplyEnabled, ParallelPlanEnabled: parallelPlanEnabled, ParallelPolicyCheckEnabled: parallelPlanEnabled, - DependsOn: projCfg.DependsOn, AutoplanEnabled: projCfg.AutoplanEnabled, Steps: steps, HeadRepo: ctx.HeadRepo, @@ -301,8 +297,7 @@ func newProjectCommandContext(ctx *command.Context, PolicySets: policySets, PolicySetTarget: ctx.PolicySet, ClearPolicyApproval: ctx.ClearPolicyApproval, - PullReqStatus: pullReqStatus, - PullStatus: pullStatus, + PullReqStatus: pullStatus, JobID: uuid.New().String(), ExecutionOrderGroup: projCfg.ExecutionOrderGroup, AbortOnExcecutionOrderFail: abortOnExcecutionOrderFail, diff --git a/server/events/project_command_runner.go b/server/events/project_command_runner.go index 736b8ac31b..b67b77065b 100644 --- a/server/events/project_command_runner.go +++ b/server/events/project_command_runner.go @@ -607,11 +607,6 @@ func (p *DefaultProjectCommandRunner) doApply(ctx command.ProjectContext) (apply return "", failure, err } - failure, err = p.CommandRequirementHandler.ValidateProjectDependencies(ctx) - if failure != "" || err != nil { - return "", failure, err - } - // Acquire internal lock for the directory we're going to operate in. unlockFn, err := p.WorkingDirLocker.TryLock(ctx.Pull.BaseRepo.FullName, ctx.Pull.Num, ctx.Workspace, ctx.RepoRelDir) if err != nil { From bb18da218ddb8af5cff7f0b19c32869cc0b3b84d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leandro=20L=C3=B3pez?= Date: Fri, 6 Oct 2023 13:05:19 -0300 Subject: [PATCH 19/79] fix(multienv): allow commas and quoted values (#3542) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Make code more Go-idiomatic While at it makes it more readable. Signed-off-by: Leandro LĂ³pez (inkel) * Add internal function to parse multienv step input This new function properly deals with quotes and commas in values. Signed-off-by: Leandro LĂ³pez (inkel) * Add regression test for multienv output with comma in values See #2765 for an issue report. Signed-off-by: Leandro LĂ³pez (inkel) * Use parseMultienvLine for parsing multienv steps output Signed-off-by: Leandro LĂ³pez (inkel) * Add internal function to parse multienv step input This new function properly deals with quotes and commas in values. Signed-off-by: Leandro LĂ³pez (inkel) --------- Signed-off-by: Leandro LĂ³pez (inkel) Co-authored-by: PePe Amengual --- server/core/runtime/multienv_step_runner.go | 138 +++++++++++++++--- .../multienv_step_runner_internal_test.go | 85 +++++++++++ .../core/runtime/multienv_step_runner_test.go | 5 + 3 files changed, 208 insertions(+), 20 deletions(-) create mode 100644 server/core/runtime/multienv_step_runner_internal_test.go diff --git a/server/core/runtime/multienv_step_runner.go b/server/core/runtime/multienv_step_runner.go index be4ac7ee43..515eb66896 100644 --- a/server/core/runtime/multienv_step_runner.go +++ b/server/core/runtime/multienv_step_runner.go @@ -1,6 +1,7 @@ package runtime import ( + "errors" "fmt" "strings" @@ -17,27 +18,124 @@ type MultiEnvStepRunner struct { // The command must return a json string containing the array of name-value pairs that are being added as extra environment variables func (r *MultiEnvStepRunner) Run(ctx command.ProjectContext, command string, path string, envs map[string]string) (string, error) { res, err := r.RunStepRunner.Run(ctx, command, path, envs, false, valid.PostProcessRunOutputShow) - if err == nil { - if len(res) > 0 { - var sb strings.Builder - sb.WriteString("Dynamic environment variables added:\n") - - envVars := strings.Split(res, ",") - for _, item := range envVars { - // Only split after the first = found in case the environment variable value has - // = in it (as might be the case with access tokens) - nameValue := strings.SplitN(strings.TrimRight(item, "\n"), "=", 2) - if len(nameValue) == 2 { - envs[nameValue[0]] = nameValue[1] - sb.WriteString(nameValue[0]) - sb.WriteString("\n") - } else { - return "", fmt.Errorf("Invalid environment variable definition: %s", item) - } + if err != nil { + return "", err + } + + if len(res) == 0 { + return "No dynamic environment variable added", nil + } + + var sb strings.Builder + sb.WriteString("Dynamic environment variables added:\n") + + vars, err := parseMultienvLine(res) + if err != nil { + return "", fmt.Errorf("Invalid environment variable definition: %s (%w)", res, err) + } + + for i := 0; i < len(vars); i += 2 { + key := vars[i] + envs[key] = vars[i+1] + sb.WriteString(key) + sb.WriteRune('\n') + } + + return sb.String(), nil +} + +func parseMultienvLine(in string) ([]string, error) { + in = strings.TrimSpace(in) + if in == "" { + return nil, nil + } + if len(in) < 3 { + return nil, errors.New("invalid syntax") // TODO + } + + var res []string + var inValue, dquoted, squoted, escaped bool + var i int + + for j, r := range in { + if !inValue { + if r == '=' { + inValue = true + res = append(res, in[i:j]) + i = j + 1 + } + if r == ' ' || r == '\t' { + return nil, errInvalidKeySyntax } - return sb.String(), nil + if r == ',' && len(res) > 0 { + i = j + 1 + } + continue + } + + if r == '"' && !squoted { + if j == i && !dquoted { // value is double quoted + dquoted = true + i = j + 1 + } else if dquoted && in[j-1] != '\\' { + res = append(res, unescape(in[i:j], escaped)) + i = j + 1 + dquoted = false + inValue = false + } else if in[j-1] != '\\' { + return nil, errMisquoted + } else if in[j-1] == '\\' { + escaped = true + } + continue + } + + if r == '\'' && !dquoted { + if j == i && !squoted { // value is double quoted + squoted = true + i = j + 1 + } else if squoted && in[j-1] != '\\' { + res = append(res, in[i:j]) + i = j + 1 + squoted = false + inValue = false + } + continue + } + + if r == ',' && !dquoted && !squoted && inValue { + res = append(res, in[i:j]) + i = j + 1 + inValue = false } - return "No dynamic environment variable added", nil } - return "", err + + if i < len(in) { + if !inValue { + return nil, errRemaining + } + res = append(res, unescape(in[i:], escaped)) + inValue = false + } + if dquoted || squoted { + return nil, errMisquoted + } + if inValue { + return nil, errRemaining + } + + return res, nil } + +func unescape(s string, escaped bool) string { + if escaped { + return strings.ReplaceAll(strings.ReplaceAll(s, `\\`, `\`), `\"`, `"`) + } + return s +} + +var ( + errInvalidKeySyntax = errors.New("invalid key syntax") + errMisquoted = errors.New("misquoted") + errRemaining = errors.New("remaining unparsed data") +) diff --git a/server/core/runtime/multienv_step_runner_internal_test.go b/server/core/runtime/multienv_step_runner_internal_test.go new file mode 100644 index 0000000000..40eb65aacd --- /dev/null +++ b/server/core/runtime/multienv_step_runner_internal_test.go @@ -0,0 +1,85 @@ +package runtime + +import ( + "errors" + "testing" +) + +func TestMultiEnvStepRunner_Run_parser(t *testing.T) { + t.Run("success", func(t *testing.T) { + tests := map[string][]string{ + "": nil, + "KEY=value": {"KEY", "value"}, + `KEY="value"`: {"KEY", "value"}, + "KEY==": {"KEY", "="}, + `KEY="'"`: {"KEY", "'"}, + `KEY=""`: {"KEY", ""}, + `KEY=a\"b`: {"KEY", `a"b`}, + `KEY="va\"l\"ue"`: {"KEY", `va"l"ue`}, + + "KEY='value'": {"KEY", "value"}, + `KEY='va"l"ue'`: {"KEY", `va"l"ue`}, + `KEY='"'`: {"KEY", `"`}, + "KEY=a'b": {"KEY", "a'b"}, + "KEY=''": {"KEY", ""}, + "KEY='a\\'b'": {"KEY", "a\\'b"}, + + "FOO=bar,QUUX=baz": {"FOO", "bar", "QUUX", "baz"}, + "FOO='bar',QUUX=baz": {"FOO", "bar", "QUUX", "baz"}, + "FOO=bar,QUUX='baz'": {"FOO", "bar", "QUUX", "baz"}, + `FOO="bar",QUUX=baz`: {"FOO", "bar", "QUUX", "baz"}, + `FOO=bar,QUUX="baz"`: {"FOO", "bar", "QUUX", "baz"}, + `FOO="bar",QUUX='baz'`: {"FOO", "bar", "QUUX", "baz"}, + `FOO='bar',QUUX="baz"`: {"FOO", "bar", "QUUX", "baz"}, + + "FOO=\"bar\nbaz\"": {"FOO", "bar\nbaz"}, + + `KEY="foo='bar',lorem=ipsum"`: {"KEY", "foo='bar',lorem=ipsum"}, + `FOO=bar,QUUX="lorem ipsum"`: {"FOO", "bar", "QUUX", "lorem ipsum"}, + + `JSON="{\"ID\":1,\"Name\":\"Reds\",\"Colors\":[\"Crimson\",\"Red\",\"Ruby\",\"Maroon\"]}"`: {"JSON", `{"ID":1,"Name":"Reds","Colors":["Crimson","Red","Ruby","Maroon"]}`}, + + `JSON='{"ID":1,"Name":"Reds","Colors":["Crimson","Red","Ruby","Maroon"]}'`: {"JSON", `{"ID":1,"Name":"Reds","Colors":["Crimson","Red","Ruby","Maroon"]}`}, + } + + for in, exp := range tests { + t.Run(in, func(t *testing.T) { + got, err := parseMultienvLine(in) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + + t.Logf("\n%q\n%q", exp, got) + + if e, g := len(exp), len(got); e != g { + t.Fatalf("expecting %d elements, got %d", e, g) + } + + for i, e := range exp { + if g := got[i]; g != e { + t.Errorf("expecting %q at index %d, got %q", e, i, g) + } + } + }) + } + }) + + t.Run("error", func(t *testing.T) { + tests := map[string]error{ + "BAD KEY": errInvalidKeySyntax, + "KEY='missingquote": errMisquoted, + `KEY="missingquote`: errMisquoted, + `KEY="missquoted'`: errMisquoted, + `KEY=a"b`: errMisquoted, + `KEY=value,rem`: errRemaining, + } + + for in, exp := range tests { + t.Run(in, func(t *testing.T) { + if _, err := parseMultienvLine(in); !errors.Is(err, exp) { + t.Fatalf("expecting error %v, got %v", exp, err) + } + }) + } + }) +} diff --git a/server/core/runtime/multienv_step_runner_test.go b/server/core/runtime/multienv_step_runner_test.go index 171f026117..f7d6b1132f 100644 --- a/server/core/runtime/multienv_step_runner_test.go +++ b/server/core/runtime/multienv_step_runner_test.go @@ -37,6 +37,11 @@ func TestMultiEnvStepRunner_Run(t *testing.T) { ExpErr: "Invalid environment variable definition: TF_VAR_REPODEFINEDVARIABLE_NO_VALUE", Version: "v1.2.3", }, + { + Command: `echo 'TF_VAR1_MULTILINE="foo\\nbar",TF_VAR2_VALUEWITHCOMMA="one,two",TF_VAR3_CONTROL=true'`, + ExpOut: "Dynamic environment variables added:\nTF_VAR1_MULTILINE\nTF_VAR2_VALUEWITHCOMMA\nTF_VAR3_CONTROL\n", + Version: "v1.2.3", + }, } RegisterMockTestingT(t) tfClient := mocks.NewMockClient() From 6d43214dcfc23187906a5bd2676b1171fd66ab3f Mon Sep 17 00:00:00 2001 From: Brett Galkowski Date: Fri, 6 Oct 2023 11:15:24 -0700 Subject: [PATCH 20/79] fix: Removing typo in documentation (#3827) * Adding new flag everywhere relevant, implementing policy result workaround * Fixing unit test str matching, adding custom policy conditional to step_runner * Adding documentation steps for custom policy tools * Refactoring ConftestOutput attribute to PolicyOutput * Adding new flag everywhere relevant, implementing policy result workaround * Fixing unit test str matching, adding custom policy conditional to step_runner * Adding documentation steps for custom policy tools * Refactoring ConftestOutput attribute to PolicyOutput * Fixing custom policy docs typo * End spacing --- runatlantis.io/docs/custom-policy-checks.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runatlantis.io/docs/custom-policy-checks.md b/runatlantis.io/docs/custom-policy-checks.md index 769558910d..9c6d362803 100644 --- a/runatlantis.io/docs/custom-policy-checks.md +++ b/runatlantis.io/docs/custom-policy-checks.md @@ -4,7 +4,7 @@ If you want to run custom policy tools or scripts instead of the built-in Confte This option can be configured either at the server-level in a [repos.yaml config file](server-configuration.md) or at the repo-level in an [atlantis.yaml file.](repo-level-atlantis-yaml.md). ## Server-side config example -Set the `policy_check` and `custom_policy_check` options to true, and run the custom tool in the policy check steps as seen below. No +Set the `policy_check` and `custom_policy_check` options to true, and run the custom tool in the policy check steps as seen below. ```yaml repos: @@ -42,4 +42,4 @@ projects: custom_policy_check: true autoplan: when_modified: ["*.tf"] -``` \ No newline at end of file +``` From aac6667aca40154f9bd9476ba8ae5af26f13f0c7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 02:55:55 +0000 Subject: [PATCH 21/79] fix(deps): update module github.com/spf13/viper to v1.17.0 in go.mod (#3828) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 23 +++++++++++++---------- go.sum | 55 ++++++++++++++++++++++++++++++------------------------- 2 files changed, 43 insertions(+), 35 deletions(-) diff --git a/go.mod b/go.mod index 50fd0df39c..da7c462abf 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( github.com/slack-go/slack v0.12.3 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 - github.com/spf13/viper v1.16.0 + github.com/spf13/viper v1.17.0 github.com/stretchr/testify v1.8.4 github.com/uber-go/tally/v4 v4.1.9 github.com/urfave/negroni/v3 v3.0.0 @@ -94,7 +94,7 @@ require ( github.com/hashicorp/hcl v1.0.0 // indirect github.com/huandu/xstrings v1.4.0 // indirect github.com/imdario/mergo v0.3.16 // indirect - github.com/klauspost/compress v1.16.5 // indirect + github.com/klauspost/compress v1.17.0 // indirect github.com/kr/text v0.2.0 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -106,25 +106,28 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/onsi/gomega v1.27.6 // indirect - github.com/pelletier/go-toml/v2 v2.0.8 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.12.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.34.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect + github.com/sagikazarmark/locafero v0.3.0 // indirect + github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect - github.com/spf13/afero v1.9.5 // indirect + github.com/sourcegraph/conc v0.3.0 // indirect + github.com/spf13/afero v1.10.0 // indirect github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/jwalterweatherman v1.1.0 // indirect - github.com/subosito/gotenv v1.4.2 // indirect + github.com/subosito/gotenv v1.6.0 // indirect github.com/ulikunitz/xz v0.5.11 // indirect github.com/yuin/gopher-lua v1.1.0 // indirect github.com/zclconf/go-cty v1.13.2 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect - golang.org/x/oauth2 v0.11.0 // indirect + golang.org/x/crypto v0.13.0 // indirect + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/net v0.15.0 // indirect + golang.org/x/oauth2 v0.12.0 // indirect golang.org/x/sys v0.12.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 92fb0c5850..77d6781bb3 100644 --- a/go.sum +++ b/go.sum @@ -249,8 +249,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S github.com/hashicorp/go-getter/v2 v2.2.1 h1:2JXqPZs1Jej67RtdTi0YZaEB2hEFB3fkBA4cPYKQwFQ= github.com/hashicorp/go-getter/v2 v2.2.1/go.mod h1:EcJx6oZE8hmGuRR1l38QrfnyiujQbwsEAn11eHv6l2M= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= -github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= +github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= @@ -290,8 +290,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= -github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM= +github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= @@ -352,8 +352,8 @@ github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= -github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= -github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= +github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= +github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= github.com/petergtz/pegomock/v4 v4.0.0 h1:BIGMUof4NXc+xBbuFk0VBfK5Ls7DplcP+LWz4hfYWsY= github.com/petergtz/pegomock/v4 v4.0.0/go.mod h1:Xscaw/kXYcuh9sGsns+If19FnSMMQy4Wz60YJTn3XOU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -362,8 +362,9 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= @@ -396,6 +397,10 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ= +github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U= +github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= +github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= @@ -412,19 +417,19 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/slack-go/slack v0.12.3 h1:92/dfFU8Q5XP6Wp5rr5/T5JHLM5c5Smtn53fhToAP88= github.com/slack-go/slack v0.12.3/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= -github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= -github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= +github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= +github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY= +github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= -github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc= -github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg= +github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI= +github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -437,11 +442,10 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= -github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= +github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= +github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg= github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= @@ -494,8 +498,9 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -506,8 +511,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 h1:3MTrJm4PyNL9NBqvYDSj3DHl46qQakyfqfWo4jgfaEM= -golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -575,8 +580,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -589,8 +594,8 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= -golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -740,8 +745,8 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= -golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From cee36fc7368c22443247f10a5e7be2061c69ddca Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 8 Oct 2023 00:50:18 +0000 Subject: [PATCH 22/79] fix(deps): update module github.com/xanzy/go-gitlab to v0.93.0 in go.mod (#3831) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index da7c462abf..cfad3f1492 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/uber-go/tally/v4 v4.1.9 github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 - github.com/xanzy/go-gitlab v0.92.3 + github.com/xanzy/go-gitlab v0.93.0 go.etcd.io/bbolt v1.3.7 go.uber.org/zap v1.26.0 golang.org/x/term v0.12.0 diff --git a/go.sum b/go.sum index 77d6781bb3..9a75f7a1ba 100644 --- a/go.sum +++ b/go.sum @@ -457,8 +457,8 @@ github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/J github.com/urfave/negroni/v3 v3.0.0/go.mod h1:jWvnX03kcSjDBl/ShB0iHvx5uOs7mAzZXW+JvJ5XYAs= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 h1:be5WC0FHdhimAhe2G3DPhduX117RM8qdTMYCMHDt4DM= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997/go.mod h1:saryXNaL624mlulV138FP+HhVw7IpvETUXLS3nTvH1g= -github.com/xanzy/go-gitlab v0.92.3 h1:bMtUHSV5BIhKeka6RyjLOOMZ31byVGDN5pGWmqBsIUs= -github.com/xanzy/go-gitlab v0.92.3/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.93.0 h1:/Fy4akqKIQasZgQ2xj2xJBrEZ+iCW+iC+9qLEt19tgo= +github.com/xanzy/go-gitlab v0.93.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From 23e897c0f7f3250e864c0bf9df4404959d1758ee Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 00:32:07 +0000 Subject: [PATCH 23/79] fix(deps): update module golang.org/x/term to v0.13.0 in go.mod (#3833) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index cfad3f1492..443c40c090 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/xanzy/go-gitlab v0.93.0 go.etcd.io/bbolt v1.3.7 go.uber.org/zap v1.26.0 - golang.org/x/term v0.12.0 + golang.org/x/term v0.13.0 golang.org/x/text v0.13.0 gopkg.in/yaml.v2 v2.4.0 ) @@ -128,7 +128,7 @@ require ( golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect golang.org/x/net v0.15.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.12.0 // indirect + golang.org/x/sys v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.31.0 // indirect diff --git a/go.sum b/go.sum index 9a75f7a1ba..37f9b57d86 100644 --- a/go.sum +++ b/go.sum @@ -665,8 +665,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -674,8 +674,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= -golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From df0445632509b2238013b993bafc6618e7569b43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leandro=20L=C3=B3pez?= Date: Mon, 9 Oct 2023 18:18:07 -0300 Subject: [PATCH 24/79] Return error on InstrumentedClient.MergePull (#3839) When the underlying GitHub Client returns an error it gets swallowed in this wrapper method. Not only that but also the emitted metrics are wrong, as it counts one error AND success at the same time. We've found this @grafana when using Atlantis in a massive repository with many changes per minute, and sometimes Atlantis leave a comment saying it's automatically merging but then nothing happens. But checking the logs, we've found the following error message: Unable to merge pull, error: merging pull request: PUT https://api.github.com/repos/grafana/redacted/pulls/666/merge: 405 Base branch was modified. Review and try the merge again. [] And because the error is swallowed and `InstrumentedClient.MergePull` returns `nil`, then `Automerger` fails to leave a comment saying merging failed. --- server/events/vcs/instrumented_client.go | 1 + 1 file changed, 1 insertion(+) diff --git a/server/events/vcs/instrumented_client.go b/server/events/vcs/instrumented_client.go index 2868548d6f..436b75e160 100644 --- a/server/events/vcs/instrumented_client.go +++ b/server/events/vcs/instrumented_client.go @@ -250,6 +250,7 @@ func (c *InstrumentedClient) MergePull(pull models.PullRequest, pullOptions mode if err := c.Client.MergePull(pull, pullOptions); err != nil { executionError.Inc(1) logger.Err("Unable to merge pull, error: %s", err.Error()) + return err } executionSuccess.Inc(1) From ac778e8b195548450ece14530e83bcaa7f5832a6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Oct 2023 00:41:16 +0000 Subject: [PATCH 25/79] fix(deps): update module github.com/xanzy/go-gitlab to v0.93.1 in go.mod (#3840) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 443c40c090..986208dc37 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/uber-go/tally/v4 v4.1.9 github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 - github.com/xanzy/go-gitlab v0.93.0 + github.com/xanzy/go-gitlab v0.93.1 go.etcd.io/bbolt v1.3.7 go.uber.org/zap v1.26.0 golang.org/x/term v0.13.0 diff --git a/go.sum b/go.sum index 37f9b57d86..25bee662ce 100644 --- a/go.sum +++ b/go.sum @@ -457,8 +457,8 @@ github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/J github.com/urfave/negroni/v3 v3.0.0/go.mod h1:jWvnX03kcSjDBl/ShB0iHvx5uOs7mAzZXW+JvJ5XYAs= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 h1:be5WC0FHdhimAhe2G3DPhduX117RM8qdTMYCMHDt4DM= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997/go.mod h1:saryXNaL624mlulV138FP+HhVw7IpvETUXLS3nTvH1g= -github.com/xanzy/go-gitlab v0.93.0 h1:/Fy4akqKIQasZgQ2xj2xJBrEZ+iCW+iC+9qLEt19tgo= -github.com/xanzy/go-gitlab v0.93.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.93.1 h1:f7J33cw/P9b/8paIOoH0F3H+TFrswvWHs6yUgoTp9LY= +github.com/xanzy/go-gitlab v0.93.1/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From 5c37634a9940a6c1ad239840ce825166c9e02256 Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Tue, 10 Oct 2023 02:10:04 +0100 Subject: [PATCH 26/79] Fix repo-level-atlantis-yaml table (#3836) Co-authored-by: PePe Amengual --- runatlantis.io/docs/repo-level-atlantis-yaml.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/runatlantis.io/docs/repo-level-atlantis-yaml.md b/runatlantis.io/docs/repo-level-atlantis-yaml.md index 890569c2a7..5484f26e34 100644 --- a/runatlantis.io/docs/repo-level-atlantis-yaml.md +++ b/runatlantis.io/docs/repo-level-atlantis-yaml.md @@ -329,12 +329,11 @@ workflow: myworkflow | workspace | string | `"default"` | no | The [Terraform workspace](https://developer.hashicorp.com/terraform/language/state/workspaces) for this project. Atlantis will switch to this workplace when planning/applying and will create it if it doesn't exist. | | execution_order_group | int | `0` | no | Index of execution order group. Projects will be sort by this field before planning/applying. | | delete_source_branch_on_merge | bool | `false` | no | Automatically deletes the source branch on merge. | -| repo_locking | bool | `true` | no | Get a repository lock in this project when plan. - -| custom_policy_check | bool | `false` | no | Enable using policy check tools other than Conftest | +| repo_locking | bool | `true` | no | Get a repository lock in this project when plan. | +| custom_policy_check | bool | `false` | no | Enable using policy check tools other than Conftest | | autoplan | [Autoplan](#autoplan) | none | no | A custom autoplan configuration. If not specified, will use the autoplan config. See [Autoplanning](autoplanning.html). | | terraform_version | string | none | no | A specific Terraform version to use when running commands for this project. Must be [Semver compatible](https://semver.org/), ex. `v0.11.0`, `0.12.0-beta1`. | -| plan_requirements
*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis plan` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | +| plan_requirements
*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis plan` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | | apply_requirements
*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis apply` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | | import_requirements
*(restricted)* | array[string] | none | no | Requirements that must be satisfied before `atlantis import` can be run. Currently the only supported requirements are `approved`, `mergeable`, and `undiverged`. See [Command Requirements](command-requirements.html) for more details. | | workflow
*(restricted)* | string | none | no | A custom workflow. If not specified, Atlantis will use its default workflow. | From 2263d5fd91cfce06b3a877ead8e4da0f17f5f21b Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Tue, 10 Oct 2023 02:12:52 +0100 Subject: [PATCH 27/79] Sort the Server Configuration flags into alphabetical order (#3837) Co-authored-by: PePe Amengual --- runatlantis.io/docs/server-configuration.md | 395 ++++++++++---------- 1 file changed, 198 insertions(+), 197 deletions(-) diff --git a/runatlantis.io/docs/server-configuration.md b/runatlantis.io/docs/server-configuration.md index e4370c7046..e486fbb99b 100644 --- a/runatlantis.io/docs/server-configuration.md +++ b/runatlantis.io/docs/server-configuration.md @@ -208,6 +208,22 @@ and set `--autoplan-modules` to `false`. ``` Azure DevOps hostname to support cloud and self hosted instances. Defaults to `dev.azure.com`. +### `--azuredevops-token` + ```bash + atlantis server --azuredevops-token="RandomStringProducedByAzureDevOps" + # or (recommended) + ATLANTIS_AZUREDEVOPS_TOKEN="RandomStringProducedByAzureDevOps" + ``` + Azure DevOps token of API user. + +### `--azuredevops-user` + ```bash + atlantis server --azuredevops-user="username@example.com" + # or + ATLANTIS_AZUREDEVOPS_USER="username@example.com" + ``` + Azure DevOps username of API user. + ### `--azuredevops-webhook-password` ```bash atlantis server --azuredevops-webhook-password="password123" @@ -233,22 +249,6 @@ and set `--autoplan-modules` to `false`. ``` Azure DevOps basic authentication username for inbound webhooks. -### `--azuredevops-token` - ```bash - atlantis server --azuredevops-token="RandomStringProducedByAzureDevOps" - # or (recommended) - ATLANTIS_AZUREDEVOPS_TOKEN="RandomStringProducedByAzureDevOps" - ``` - Azure DevOps token of API user. - -### `--azuredevops-user` - ```bash - atlantis server --azuredevops-user="username@example.com" - # or - ATLANTIS_AZUREDEVOPS_USER="username@example.com" - ``` - Azure DevOps username of API user. - ### `--bitbucket-base-url` ```bash atlantis server --bitbucket-base-url="http://bitbucket.corp:7990/basepath" @@ -390,6 +390,16 @@ and set `--autoplan-modules` to `false`. The emoji reaction to use for marking processed comments. Currently supported on Azure DevOps, GitHub and GitLab. Defaults to `eyes`. +### `--enable-diff-markdown-format` + ```bash + atlantis server --enable-diff-markdown-format + # or + ATLANTIS_ENABLE_DIFF_MARKDOWN_FORMAT=true + ``` + Enable Atlantis to format Terraform plan output into a markdown-diff friendly format for color-coding purposes. + + Useful to enable for use with GitHub. + ### `--enable-policy-checks` ```bash atlantis server --enable-policy-checks @@ -419,16 +429,6 @@ and set `--autoplan-modules` to `false`. The command `atlantis apply -p .*` will bypass the restriction and run apply on every projects. ::: -### `--enable-diff-markdown-format` - ```bash - atlantis server --enable-diff-markdown-format - # or - ATLANTIS_ENABLE_DIFF_MARKDOWN_FORMAT=true - ``` - Enable Atlantis to format Terraform plan output into a markdown-diff friendly format for color-coding purposes. - - Useful to enable for use with GitHub. - ### `--executable-name` ```bash atlantis server --executable-name="atlantis" @@ -448,61 +448,13 @@ and set `--autoplan-modules` to `false`. Fail and do not run the requested Atlantis command if any of the pre workflow hooks error. -### `--hide-unchanged-plan-comments` - ```bash - atlantis server --hide-unchanged-plan-comments - # or - ATLANTIS_HIDE_UNCHANGED_PLAN_COMMENTS=true - ``` -Remove no-changes plan comments from the pull request. - -This is useful when you have many projects and want to keep the pull request clean from useless comments. - -### `--gh-hostname` - ```bash - atlantis server --gh-hostname="my.github.enterprise.com" - # or - ATLANTIS_GH_HOSTNAME="my.github.enterprise.com" - ``` - Hostname of your GitHub Enterprise installation. If using [GitHub.com](https://github.com), - don't set. Defaults to `github.com`. - -### `--gh-token` - ```bash - atlantis server --gh-token="token" - # or (recommended) - ATLANTIS_GH_TOKEN="token" - ``` - GitHub token of API user. - -### `--gh-user` - ```bash - atlantis server --gh-user="myuser" - # or - ATLANTIS_GH_USER="myuser" - ``` - GitHub username of API user. - -### `--gh-webhook-secret` - ```bash - atlantis server --gh-webhook-secret="secret" - # or (recommended) - ATLANTIS_GH_WEBHOOK_SECRET="secret" - ``` - Secret used to validate GitHub webhooks (see [https://developer.github.com/webhooks/securing/](https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks)). - - ::: warning SECURITY WARNING - If not specified, Atlantis won't be able to validate that the incoming webhook call came from GitHub. - This means that an attacker could spoof calls to Atlantis and cause it to perform malicious actions. - ::: - -### `--gh-org` +### `--gh-allow-mergeable-bypass-apply` ```bash - atlantis server --gh-org="myorgname" + atlantis server --gh-allow-mergeable-bypass-apply # or - ATLANTIS_GH_ORG="myorgname" + ATLANTIS_GH_ALLOW_MERGEABLE_BYPASS_APPLY=true ``` - GitHub organization name. Set to enable creating a private GitHub app for this organization. + Feature flag to enable ability to use `mergeable` mode with required apply status check. ### `--gh-app-id` ```bash @@ -528,13 +480,17 @@ This is useful when you have many projects and want to keep the pull request cle After which Atlantis will display your new app's credentials: your app's ID, its generated `--gh-webhook-secret` and the contents of the file for `--gh-app-key-file`. Update your Atlantis config accordingly, and restart the server. ::: -### `--gh-app-slug` +### `--gh-app-key` ```bash - atlantis server --gh-app-slug="myappslug" + atlantis server --gh-app-key="-----BEGIN RSA PRIVATE KEY-----(...)" # or - ATLANTIS_GH_APP_SLUG="myappslug" + ATLANTIS_GH_APP_KEY="-----BEGIN RSA PRIVATE KEY-----(...)" ``` - A slugged version of GitHub app name shown in pull requests comments, etc (not `Atlantis App` but something like `atlantis-app`). Atlantis uses the value of this parameter to identify the comments it has left on GitHub pull requests. This is used for functions such as `--hide-prev-plan-comments`. You need to obtain this value from your GitHub app, one way is to go to your App settings and open "Public page" from the left sidebar. Your `--gh-app-slug` value will be the last part of the URL, e.g `https://github.com/apps/`. + The PEM encoded private key for the GitHub App. + + ::: warning SECURITY WARNING + The contents of the private key will be visible by anyone that can run `ps` or look at the shell history of the machine where Atlantis is running. Use `--gh-app-key-file` to mitigate that risk. + ::: ### `--gh-app-key-file` ```bash @@ -544,17 +500,30 @@ This is useful when you have many projects and want to keep the pull request cle ``` Path to a GitHub App PEM encoded private key file. If set, GitHub authentication will be performed as [an installation](https://docs.github.com/en/rest/apps/installations). -### `--gh-app-key` +### `--gh-app-slug` ```bash - atlantis server --gh-app-key="-----BEGIN RSA PRIVATE KEY-----(...)" + atlantis server --gh-app-slug="myappslug" # or - ATLANTIS_GH_APP_KEY="-----BEGIN RSA PRIVATE KEY-----(...)" + ATLANTIS_GH_APP_SLUG="myappslug" ``` - The PEM encoded private key for the GitHub App. + A slugged version of GitHub app name shown in pull requests comments, etc (not `Atlantis App` but something like `atlantis-app`). Atlantis uses the value of this parameter to identify the comments it has left on GitHub pull requests. This is used for functions such as `--hide-prev-plan-comments`. You need to obtain this value from your GitHub app, one way is to go to your App settings and open "Public page" from the left sidebar. Your `--gh-app-slug` value will be the last part of the URL, e.g `https://github.com/apps/`. - ::: warning SECURITY WARNING - The contents of the private key will be visible by anyone that can run `ps` or look at the shell history of the machine where Atlantis is running. Use `--gh-app-key-file` to mitigate that risk. - ::: +### `--gh-hostname` + ```bash + atlantis server --gh-hostname="my.github.enterprise.com" + # or + ATLANTIS_GH_HOSTNAME="my.github.enterprise.com" + ``` + Hostname of your GitHub Enterprise installation. If using [GitHub.com](https://github.com), + don't set. Defaults to `github.com`. + +### `--gh-org` + ```bash + atlantis server --gh-org="myorgname" + # or + ATLANTIS_GH_ORG="myorgname" + ``` + GitHub organization name. Set to enable creating a private GitHub app for this organization. ### `--gh-team-allowlist` ```bash @@ -575,13 +544,34 @@ This is useful when you have many projects and want to keep the pull request cle i.e., "Engineering Team:plan, Infrastructure Team:apply" ::: -### `--gh-allow-mergeable-bypass-apply` +### `--gh-token` ```bash - atlantis server --gh-allow-mergeable-bypass-apply + atlantis server --gh-token="token" + # or (recommended) + ATLANTIS_GH_TOKEN="token" + ``` + GitHub token of API user. + +### `--gh-user` + ```bash + atlantis server --gh-user="myuser" # or - ATLANTIS_GH_ALLOW_MERGEABLE_BYPASS_APPLY=true + ATLANTIS_GH_USER="myuser" ``` - Feature flag to enable ability to use `mergeable` mode with required apply status check. + GitHub username of API user. + +### `--gh-webhook-secret` + ```bash + atlantis server --gh-webhook-secret="secret" + # or (recommended) + ATLANTIS_GH_WEBHOOK_SECRET="secret" + ``` + Secret used to validate GitHub webhooks (see [https://developer.github.com/webhooks/securing/](https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks)). + + ::: warning SECURITY WARNING + If not specified, Atlantis won't be able to validate that the incoming webhook call came from GitHub. + This means that an attacker could spoof calls to Atlantis and cause it to perform malicious actions. + ::: ### `--gitlab-hostname` ```bash @@ -636,6 +626,16 @@ This is useful when you have many projects and want to keep the pull request cle Hide previous plan comments to declutter PRs. This is only supported in GitHub and GitLab currently. This is not enabled by default. +### `--hide-unchanged-plan-comments` + ```bash + atlantis server --hide-unchanged-plan-comments + # or + ATLANTIS_HIDE_UNCHANGED_PLAN_COMMENTS=true + ``` +Remove no-changes plan comments from the pull request. + +This is useful when you have many projects and want to keep the pull request clean from useless comments. + ### `--include-git-untracked-files` ```bash atlantis server --include-git-untracked-files @@ -685,13 +685,13 @@ This is useful when you have many projects and want to keep the pull request cle Defaults to the atlantis home directory `/home/atlantis/.markdown_templates/` in `/$HOME/.markdown_templates`. -### `--parallel-pool-size` +### `--parallel-apply` ```bash - atlantis server --parallel-pool-size=100 + atlantis server --parallel-apply # or - ATLANTIS_PARALLEL_POOL_SIZE=100 + ATLANTIS_PARALLEL_APPLY=true ``` - Max size of the wait group that runs parallel plans and applies (if enabled). Defaults to `15` + Whether to run apply operations in parallel. Defaults to `false`. Explicit declaration in [repo config](repo-level-atlantis-yaml.html#run-plans-and-applies-in-parallel) takes precedence. ### `--parallel-plan` ```bash @@ -701,13 +701,13 @@ This is useful when you have many projects and want to keep the pull request cle ``` Whether to run plan operations in parallel. Defaults to `false`. Explicit declaration in [repo config](repo-level-atlantis-yaml.html#run-plans-and-applies-in-parallel) takes precedence. -### `--parallel-apply` +### `--parallel-pool-size` ```bash - atlantis server --parallel-apply + atlantis server --parallel-pool-size=100 # or - ATLANTIS_PARALLEL_APPLY=true + ATLANTIS_PARALLEL_POOL_SIZE=100 ``` - Whether to run apply operations in parallel. Defaults to `false`. Explicit declaration in [repo config](repo-level-atlantis-yaml.html#run-plans-and-applies-in-parallel) takes precedence. + Max size of the wait group that runs parallel plans and applies (if enabled). Defaults to `15` ### `--port` ```bash @@ -725,6 +725,14 @@ This is useful when you have many projects and want to keep the pull request cle ``` Exclude policy check comments from pull requests unless there's an actual error from conftest. This also excludes warnings. Defaults to `false`. +### `--redis-db` + ```bash + atlantis server --redis-db=0 + # or + ATLANTIS_REDIS_DB=0 + ``` + The Redis Database to use when using a Locking DB type of `redis`. Defaults to `0`. + ### `--redis-host` ```bash atlantis server --redis-host="localhost" @@ -733,6 +741,18 @@ This is useful when you have many projects and want to keep the pull request cle ``` The Redis Hostname for when using a Locking DB type of `redis`. +### `--redis-insecure-skip-verify` + ```bash + atlantis server --redis-insecure-skip-verify=false + # or + ATLANTIS_REDIS_INSECURE_SKIP_VERIFY=false + ``` + Controls whether the Redis client verifies the Redis server's certificate chain and host name. If true, accepts any certificate presented by the server and any host name in that certificate. Defaults to `false`. + + ::: warning SECURITY WARNING + If this is enabled, TLS is susceptible to machine-in-the-middle attacks unless custom verification is used. + ::: + ### `--redis-password` ```bash atlantis server --redis-password="password123" @@ -749,14 +769,6 @@ This is useful when you have many projects and want to keep the pull request cle ``` The Redis Port for when using a Locking DB type of `redis`. Defaults to `6379`. -### `--redis-db` - ```bash - atlantis server --redis-db=0 - # or - ATLANTIS_REDIS_DB=0 - ``` - The Redis Database to use when using a Locking DB type of `redis`. Defaults to `0`. - ### `--redis-tls-enabled` ```bash atlantis server --redis-tls-enabled=false @@ -765,17 +777,38 @@ This is useful when you have many projects and want to keep the pull request cle ``` Enables a TLS connection, with min version of 1.2, to Redis when using a Locking DB type of `redis`. Defaults to `false`. -### `--redis-insecure-skip-verify` +### `--repo-allowlist` ```bash - atlantis server --redis-insecure-skip-verify=false + # NOTE: Use single quotes to avoid shell expansion of *. + atlantis server --repo-allowlist='github.com/myorg/*' # or - ATLANTIS_REDIS_INSECURE_SKIP_VERIFY=false + ATLANTIS_REPO_ALLOWLIST='github.com/myorg/*' ``` - Controls whether the Redis client verifies the Redis server's certificate chain and host name. If true, accepts any certificate presented by the server and any host name in that certificate. Defaults to `false`. + Atlantis requires you to specify an allowlist of repositories it will accept webhooks from. - ::: warning SECURITY WARNING - If this is enabled, TLS is susceptible to machine-in-the-middle attacks unless custom verification is used. - ::: + Notes: + * Accepts a comma separated list, ex. `definition1,definition2` + * Format is `{hostname}/{owner}/{repo}`, ex. `github.com/runatlantis/atlantis` + * `*` matches any characters, ex. `github.com/runatlantis/*` will match all repos in the runatlantis organization + * An entry beginning with `!` negates it, ex. `github.com/foo/*,!github.com/foo/bar` will match all github repos in the `foo` owner *except* `bar`. + * For Bitbucket Server: `{hostname}` is the domain without scheme and port, `{owner}` is the name of the project (not the key), and `{repo}` is the repo name + * User (not project) repositories take on the format: `{hostname}/{full name}/{repo}` (e.g., `bitbucket.example.com/Jane Doe/myatlantis` for username `jdoe` and full name `Jane Doe`, which is not very intuitive) + * For Azure DevOps the allowlist takes one of two forms: `{owner}.visualstudio.com/{project}/{repo}` or `dev.azure.com/{owner}/{project}/{repo}` + * Microsoft is in the process of changing Azure DevOps to the latter form, so it may be safest to always specify both formats in your repo allowlist for each repository until the change is complete. + + Examples: + * Allowlist `myorg/repo1` and `myorg/repo2` on `github.com` + * `--repo-allowlist=github.com/myorg/repo1,github.com/myorg/repo2` + * Allowlist all repos under `myorg` on `github.com` + * `--repo-allowlist='github.com/myorg/*'` + * Allowlist all repos under `myorg` on `github.com`, excluding `myorg/untrusted-repo` + * `--repo-allowlist='github.com/myorg/*,!github.com/myorg/untrusted-repo'` + * Allowlist all repos in my GitHub Enterprise installation + * `--repo-allowlist='github.yourcompany.com/*'` + * Allowlist all repos under `myorg` project `myproject` on Azure DevOps + * `--repo-allowlist='myorg.visualstudio.com/myproject/*,dev.azure.com/myorg/myproject/*'` + * Allowlist all repositories + * `--repo-allowlist='*'` ### `--repo-config` ```bash @@ -821,47 +854,16 @@ This is useful when you have many projects and want to keep the pull request cle ``` ::: -### `--repo-allowlist` - ```bash - # NOTE: Use single quotes to avoid shell expansion of *. - atlantis server --repo-allowlist='github.com/myorg/*' - # or - ATLANTIS_REPO_ALLOWLIST='github.com/myorg/*' - ``` - Atlantis requires you to specify an allowlist of repositories it will accept webhooks from. - - Notes: - * Accepts a comma separated list, ex. `definition1,definition2` - * Format is `{hostname}/{owner}/{repo}`, ex. `github.com/runatlantis/atlantis` - * `*` matches any characters, ex. `github.com/runatlantis/*` will match all repos in the runatlantis organization - * An entry beginning with `!` negates it, ex. `github.com/foo/*,!github.com/foo/bar` will match all github repos in the `foo` owner *except* `bar`. - * For Bitbucket Server: `{hostname}` is the domain without scheme and port, `{owner}` is the name of the project (not the key), and `{repo}` is the repo name - * User (not project) repositories take on the format: `{hostname}/{full name}/{repo}` (e.g., `bitbucket.example.com/Jane Doe/myatlantis` for username `jdoe` and full name `Jane Doe`, which is not very intuitive) - * For Azure DevOps the allowlist takes one of two forms: `{owner}.visualstudio.com/{project}/{repo}` or `dev.azure.com/{owner}/{project}/{repo}` - * Microsoft is in the process of changing Azure DevOps to the latter form, so it may be safest to always specify both formats in your repo allowlist for each repository until the change is complete. - - Examples: - * Allowlist `myorg/repo1` and `myorg/repo2` on `github.com` - * `--repo-allowlist=github.com/myorg/repo1,github.com/myorg/repo2` - * Allowlist all repos under `myorg` on `github.com` - * `--repo-allowlist='github.com/myorg/*'` - * Allowlist all repos under `myorg` on `github.com`, excluding `myorg/untrusted-repo` - * `--repo-allowlist='github.com/myorg/*,!github.com/myorg/untrusted-repo'` - * Allowlist all repos in my GitHub Enterprise installation - * `--repo-allowlist='github.yourcompany.com/*'` - * Allowlist all repos under `myorg` project `myproject` on Azure DevOps - * `--repo-allowlist='myorg.visualstudio.com/myproject/*,dev.azure.com/myorg/myproject/*'` - * Allowlist all repositories - * `--repo-allowlist='*'` - -### `--silence-fork-pr-errors` +### `--restrict-file-list` ```bash - atlantis server --silence-fork-pr-errors - # or - ATLANTIS_SILENCE_FORK_PR_ERRORS=true + atlantis server --restrict-file-list + # or (recommended) + ATLANTIS_RESTRICT_FILE_LIST=true ``` - Normally, if Atlantis receives a pull request webhook from a fork and --allow-fork-prs is not set, - it will comment back with an error. This flag disables that commenting. + `--restrict-file-list` will block plan requests from projects outside the files modified in the pull request. + This will not block plan requests with regex if using the `--enable-regexp-cmd` flag, in these cases commands + like `atlantis plan -p .*` will still work if used. normal commands will stil be blocked if necessary. + Defaults to `false`. ### `--silence-allowlist-errors` ```bash @@ -876,6 +878,15 @@ This is useful when you have many projects and want to keep the pull request cle Some users find this useful because they prefer to add the Atlantis webhook at an organization level rather than on each repo. +### `--silence-fork-pr-errors` + ```bash + atlantis server --silence-fork-pr-errors + # or + ATLANTIS_SILENCE_FORK_PR_ERRORS=true + ``` + Normally, if Atlantis receives a pull request webhook from a fork and --allow-fork-prs is not set, + it will comment back with an error. This flag disables that commenting. + ### `--silence-no-projects` ```bash atlantis server --silence-no-projects @@ -932,17 +943,6 @@ This is useful when you have many projects and want to keep the pull request cle ``` File containing x509 private key matching `--ssl-cert-file`. -### `--restrict-file-list` - ```bash - atlantis server --restrict-file-list - # or (recommended) - ATLANTIS_RESTRICT_FILE_LIST=true - ``` - `--restrict-file-list` will block plan requests from projects outside the files modified in the pull request. - This will not block plan requests with regex if using the `--enable-regexp-cmd` flag, in these cases commands - like `atlantis plan -p .*` will still work if used. normal commands will stil be blocked if necessary. - Defaults to `false`. - ### `--stats-namespace` ```bash atlantis server --stats-namespace="myatlantis" @@ -1035,29 +1035,6 @@ The effect of the race condition is more evident when using parallel configurati This is useful when running multiple Atlantis servers against a single repository so you can give each Atlantis server its own unique name to prevent the statuses clashing. -### `--write-git-creds` - ```bash - atlantis server --write-git-creds - # or - ATLANTIS_WRITE_GIT_CREDS=true - ``` - Write out a .git-credentials file with the provider user and token to allow - cloning private modules over HTTPS or SSH. See [here](https://git-scm.com/docs/git-credential-store) for more information. - - Follow the `git::ssh` syntax to avoid using a custom `.gitconfig` with an `insteadOf`. - - ```hcl - module "private_submodule" { - source = "git::ssh://git@github.com////modules/?ref=v1.2.3" - - # ... - } - ``` - - ::: warning SECURITY WARNING - This does write secrets to disk and should only be enabled in a secure environment. - ::: - ### `--web-basic-auth` ```bash atlantis server --web-basic-auth @@ -1066,14 +1043,6 @@ The effect of the race condition is more evident when using parallel configurati ``` Enable Basic Authentication on the Atlantis web service. -### `--web-username` - ```bash - atlantis server --web-username="atlantis" - # or - ATLANTIS_WEB_USERNAME="atlantis" - ``` - Username used for Basic Authentication on the Atlantis web service. Defaults to `atlantis`. - ### `--web-password` ```bash atlantis server --web-password="atlantis" @@ -1082,6 +1051,14 @@ The effect of the race condition is more evident when using parallel configurati ``` Password used for Basic Authentication on the Atlantis web service. Defaults to `atlantis`. +### `--web-username` + ```bash + atlantis server --web-username="atlantis" + # or + ATLANTIS_WEB_USERNAME="atlantis" + ``` + Username used for Basic Authentication on the Atlantis web service. Defaults to `atlantis`. + ### `--websocket-check-origin` ```bash atlantis server --websocket-check-origin @@ -1089,3 +1066,27 @@ The effect of the race condition is more evident when using parallel configurati ATLANTIS_WEBSOCKET_CHECK_ORIGIN=true ``` Only allow websockets connection when they originate from the running Atlantis web server + +### `--write-git-creds` + ```bash + atlantis server --write-git-creds + # or + ATLANTIS_WRITE_GIT_CREDS=true + ``` + Write out a .git-credentials file with the provider user and token to allow + cloning private modules over HTTPS or SSH. See [here](https://git-scm.com/docs/git-credential-store) for more information. + + Follow the `git::ssh` syntax to avoid using a custom `.gitconfig` with an `insteadOf`. + + ```hcl + module "private_submodule" { + source = "git::ssh://git@github.com////modules/?ref=v1.2.3" + + # ... + } + ``` + + ::: warning SECURITY WARNING + This does write secrets to disk and should only be enabled in a secure environment. + ::: + From 786e57c1d6ff610404b728c32c04d8dd0ff0cc0c Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 10 Oct 2023 17:02:26 +0200 Subject: [PATCH 28/79] feat: Added disable-unlock-label config option (#3799) * Added disable-unlock-label config option * Fixed tests * Wrote tests + fixed mistakes * Added docs * added defaults to docs --------- Co-authored-by: PePe Amengual --- cmd/server.go | 7 ++- cmd/server_test.go | 1 + runatlantis.io/docs/server-configuration.md | 8 +++ .../events/events_controller_e2e_test.go | 5 +- server/events/command_runner.go | 6 +- server/events/command_runner_test.go | 62 +++++++++++++++++++ server/events/unlock_command_runner.go | 41 +++++++++--- server/events/vcs/mocks/mock_client.go | 7 +++ server/server.go | 1 + server/user_config.go | 3 +- 10 files changed, 127 insertions(+), 14 deletions(-) diff --git a/cmd/server.go b/cmd/server.go index 5aeecbb909..d9e37a7c62 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -75,6 +75,7 @@ const ( DisableAutoplanLabelFlag = "disable-autoplan-label" DisableMarkdownFoldingFlag = "disable-markdown-folding" DisableRepoLockingFlag = "disable-repo-locking" + DisableUnlockLabelFlag = "disable-unlock-label" DiscardApprovalOnPlanFlag = "discard-approval-on-plan" EmojiReaction = "emoji-reaction" EnablePolicyChecksFlag = "enable-policy-checks" @@ -135,7 +136,7 @@ const ( RestrictFileList = "restrict-file-list" TFDownloadFlag = "tf-download" TFDownloadURLFlag = "tf-download-url" - UseTFPluginCache = "use-tf-plugin-cache" + UseTFPluginCache = "use-tf-plugin-cache" VarFileAllowlistFlag = "var-file-allowlist" VCSStatusName = "vcs-status-name" TFEHostnameFlag = "tfe-hostname" @@ -262,6 +263,10 @@ var stringFlags = map[string]stringFlag{ description: "Pull request label to disable atlantis auto planning feature only if present.", defaultValue: "", }, + DisableUnlockLabelFlag: { + description: "Pull request label to disable atlantis unlock feature only if present.", + defaultValue: "", + }, EmojiReaction: { description: "Emoji Reaction to use to react to comments", defaultValue: DefaultEmojiReaction, diff --git a/cmd/server_test.go b/cmd/server_test.go index b5bfba2574..3ed524df77 100644 --- a/cmd/server_test.go +++ b/cmd/server_test.go @@ -116,6 +116,7 @@ var testFlags = map[string]interface{}{ WriteGitCredsFlag: true, DisableAutoplanFlag: true, DisableAutoplanLabelFlag: "no-auto-plan", + DisableUnlockLabelFlag: "do-not-unlock", EnablePolicyChecksFlag: false, EnableRegExpCmdFlag: false, EnableDiffMarkdownFormat: false, diff --git a/runatlantis.io/docs/server-configuration.md b/runatlantis.io/docs/server-configuration.md index e486fbb99b..f87ec83144 100644 --- a/runatlantis.io/docs/server-configuration.md +++ b/runatlantis.io/docs/server-configuration.md @@ -381,6 +381,14 @@ and set `--autoplan-modules` to `false`. ``` Stops atlantis from locking projects and or workspaces when running terraform. +### `--disable-unlock-label` + ```bash + atlantis server --disable-unlock-label do-not-unlock + # or + ATLANTIS_DISABLE_UNLOCK_LABEL="do-not-unlock" + ``` + Stops atlantis from unlocking a pull request with this label. Defaults to "" (feature disabled). + ### `--emoji-reaction` ```bash atlantis server --emoji-reaction thumbsup diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go index 14b1f02c0d..93c63df3bd 100644 --- a/server/controllers/events/events_controller_e2e_test.go +++ b/server/controllers/events/events_controller_e2e_test.go @@ -1275,6 +1275,8 @@ func setupE2E(t *testing.T, repoDir string, opt setupOption) (events_controllers parallelPoolSize := 1 silenceNoProjects := false + disableUnlockLabel := "do-not-unlock" + statusUpdater := runtimemocks.NewMockStatusUpdater() commitStatusUpdater := mocks.NewMockCommitStatusUpdater() asyncTfExec := runtimemocks.NewMockAsyncTFExec() @@ -1460,6 +1462,7 @@ func setupE2E(t *testing.T, repoDir string, opt setupOption) (events_controllers mocks.NewMockDeleteLockCommand(), e2eVCSClient, silenceNoProjects, + disableUnlockLabel, ) versionCommandRunner := events.NewVersionCommandRunner( @@ -1739,7 +1742,7 @@ func ensureRunningConftest(t *testing.T) { _, err := exec.LookPath(conftestCommand) if err != nil { t.Logf(`%s must be installed to run this test -- on local, please install contest command or run 'make docker/test-all' +- on local, please install conftest command or run 'make docker/test-all' - on CI, please check testing-env docker image contains conftest command. see testing/Dockerfile `, conftestCommand) t.FailNow() diff --git a/server/events/command_runner.go b/server/events/command_runner.go index 24d697392b..f339ad9129 100644 --- a/server/events/command_runner.go +++ b/server/events/command_runner.go @@ -98,9 +98,9 @@ type DefaultCommandRunner struct { AzureDevopsPullGetter AzureDevopsPullGetter GitlabMergeRequestGetter GitlabMergeRequestGetter // User config option: Disables autoplan when a pull request is opened or updated. - DisableAutoplan bool - DisableAutoplanLabel string - EventParser EventParsing + DisableAutoplan bool + DisableAutoplanLabel string + EventParser EventParsing // User config option: Fail and do not run the Atlantis command request if any of the pre workflow hooks error FailOnPreWorkflowHookError bool Logger logging.SimpleLogging diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go index 59b6a6b21d..8f1a3a77c5 100644 --- a/server/events/command_runner_test.go +++ b/server/events/command_runner_test.go @@ -77,6 +77,7 @@ type TestConfig struct { StatusName string discardApprovalOnPlan bool backend locking.Backend + DisableUnlockLabel string } func setup(t *testing.T, options ...func(testConfig *TestConfig)) *vcsmocks.MockClient { @@ -93,6 +94,7 @@ func setup(t *testing.T, options ...func(testConfig *TestConfig)) *vcsmocks.Mock StatusName: "atlantis-test", discardApprovalOnPlan: false, backend: defaultBoltDB, + DisableUnlockLabel: "do-not-unlock", } for _, op := range options { @@ -195,6 +197,7 @@ func setup(t *testing.T, options ...func(testConfig *TestConfig)) *vcsmocks.Mock deleteLockCommand, vcsClient, testConfig.SilenceNoProjects, + testConfig.DisableUnlockLabel, ) versionCommandRunner := events.NewVersionCommandRunner( @@ -670,6 +673,65 @@ func TestRunUnlockCommandFail_VCSComment(t *testing.T) { vcsClient.VerifyWasCalledOnce().CreateComment(testdata.GithubRepo, testdata.Pull.Num, "Failed to delete PR locks", "unlock") } +func TestRunUnlockCommandFail_DisableUnlockLabel(t *testing.T) { + t.Log("if PR has label equal to disable-unlock-label unlock should fail") + + doNotUnlock := "do-not-unlock" + + vcsClient := setup(t) + pull := &github.PullRequest{ + State: github.String("open"), + } + modelPull := models.PullRequest{BaseRepo: testdata.GithubRepo, State: models.OpenPullState, Num: testdata.Pull.Num} + When(githubGetter.GetPullRequest(testdata.GithubRepo, testdata.Pull.Num)).ThenReturn(pull, nil) + When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, modelPull.BaseRepo, testdata.GithubRepo, nil) + When(deleteLockCommand.DeleteLocksByPull(testdata.GithubRepo.FullName, testdata.Pull.Num)).ThenReturn(0, errors.New("err")) + When(ch.VCSClient.GetPullLabels(testdata.GithubRepo, modelPull)).ThenReturn([]string{doNotUnlock, "need-help"}, nil) + + ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, &events.CommentCommand{Name: command.Unlock}) + + vcsClient.VerifyWasCalledOnce().CreateComment(testdata.GithubRepo, testdata.Pull.Num, "Not allowed to unlock PR with "+doNotUnlock+" label", "unlock") +} + +func TestRunUnlockCommandFail_GetLabelsFail(t *testing.T) { + t.Log("if GetPullLabels fails do not unlock PR") + + vcsClient := setup(t) + pull := &github.PullRequest{ + State: github.String("open"), + } + modelPull := models.PullRequest{BaseRepo: testdata.GithubRepo, State: models.OpenPullState, Num: testdata.Pull.Num} + When(githubGetter.GetPullRequest(testdata.GithubRepo, testdata.Pull.Num)).ThenReturn(pull, nil) + When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, modelPull.BaseRepo, testdata.GithubRepo, nil) + When(deleteLockCommand.DeleteLocksByPull(testdata.GithubRepo.FullName, testdata.Pull.Num)).ThenReturn(0, errors.New("err")) + When(ch.VCSClient.GetPullLabels(testdata.GithubRepo, modelPull)).ThenReturn(nil, errors.New("err")) + + ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, &events.CommentCommand{Name: command.Unlock}) + + vcsClient.VerifyWasCalledOnce().CreateComment(testdata.GithubRepo, testdata.Pull.Num, "Failed to retrieve PR labels... Not unlocking", "unlock") +} + +func TestRunUnlockCommandDoesntRetrieveLabelsIfDisableUnlockLabelNotSet(t *testing.T) { + t.Log("if disable-unlock-label is not set do not call GetPullLabels") + + doNotUnlock := "do-not-unlock" + + vcsClient := setup(t) + pull := &github.PullRequest{ + State: github.String("open"), + } + modelPull := models.PullRequest{BaseRepo: testdata.GithubRepo, State: models.OpenPullState, Num: testdata.Pull.Num} + When(githubGetter.GetPullRequest(testdata.GithubRepo, testdata.Pull.Num)).ThenReturn(pull, nil) + When(eventParsing.ParseGithubPull(pull)).ThenReturn(modelPull, modelPull.BaseRepo, testdata.GithubRepo, nil) + When(deleteLockCommand.DeleteLocksByPull(testdata.GithubRepo.FullName, testdata.Pull.Num)).ThenReturn(0, errors.New("err")) + When(ch.VCSClient.GetPullLabels(testdata.GithubRepo, modelPull)).ThenReturn([]string{doNotUnlock, "need-help"}, nil) + unlockCommandRunner.DisableUnlockLabel = "" + + ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, &events.CommentCommand{Name: command.Unlock}) + + vcsClient.VerifyWasNotCalled().GetPullLabels(testdata.GithubRepo, modelPull) +} + func TestRunAutoplanCommand_DeletePlans(t *testing.T) { setup(t) tmp := t.TempDir() diff --git a/server/events/unlock_command_runner.go b/server/events/unlock_command_runner.go index 012da284ee..648f829b9b 100644 --- a/server/events/unlock_command_runner.go +++ b/server/events/unlock_command_runner.go @@ -3,17 +3,20 @@ package events import ( "github.com/runatlantis/atlantis/server/events/command" "github.com/runatlantis/atlantis/server/events/vcs" + "slices" ) func NewUnlockCommandRunner( deleteLockCommand DeleteLockCommand, vcsClient vcs.Client, SilenceNoProjects bool, + DisableUnlockLabel string, ) *UnlockCommandRunner { return &UnlockCommandRunner{ - deleteLockCommand: deleteLockCommand, - vcsClient: vcsClient, - SilenceNoProjects: SilenceNoProjects, + deleteLockCommand: deleteLockCommand, + vcsClient: vcsClient, + SilenceNoProjects: SilenceNoProjects, + DisableUnlockLabel: DisableUnlockLabel, } } @@ -22,7 +25,8 @@ type UnlockCommandRunner struct { deleteLockCommand DeleteLockCommand // SilenceNoProjects is whether Atlantis should respond to PRs if no projects // are found - SilenceNoProjects bool + SilenceNoProjects bool + DisableUnlockLabel string } func (u *UnlockCommandRunner) Run( @@ -31,13 +35,34 @@ func (u *UnlockCommandRunner) Run( ) { baseRepo := ctx.Pull.BaseRepo pullNum := ctx.Pull.Num + disableUnlockLabel := u.DisableUnlockLabel ctx.Log.Info("Unlocking all locks") vcsMessage := "All Atlantis locks for this PR have been unlocked and plans discarded" - numLocks, err := u.deleteLockCommand.DeleteLocksByPull(baseRepo.FullName, pullNum) - if err != nil { - vcsMessage = "Failed to delete PR locks" - ctx.Log.Err("failed to delete locks by pull %s", err.Error()) + + var hasLabel bool + var err error + if disableUnlockLabel != "" { + var labels []string + labels, err = u.vcsClient.GetPullLabels(baseRepo, ctx.Pull) + if err != nil { + vcsMessage = "Failed to retrieve PR labels... Not unlocking" + ctx.Log.Err("Failed to retrieve PR labels for pull %s", err.Error()) + } + hasLabel = slices.Contains(labels, disableUnlockLabel) + if hasLabel { + vcsMessage = "Not allowed to unlock PR with " + disableUnlockLabel + " label" + ctx.Log.Info("Not allowed to unlock PR with %v label", disableUnlockLabel) + } + } + + var numLocks int + if err == nil && !hasLabel { + numLocks, err = u.deleteLockCommand.DeleteLocksByPull(baseRepo.FullName, pullNum) + if err != nil { + vcsMessage = "Failed to delete PR locks" + ctx.Log.Err("failed to delete locks by pull %s", err.Error()) + } } // if there are no locks to delete, no errors, and SilenceNoProjects is enabled, don't comment diff --git a/server/events/vcs/mocks/mock_client.go b/server/events/vcs/mocks/mock_client.go index 7583e22fac..4150e5ffeb 100644 --- a/server/events/vcs/mocks/mock_client.go +++ b/server/events/vcs/mocks/mock_client.go @@ -286,6 +286,13 @@ func (mock *MockClient) UpdateStatus(repo models.Repo, pull models.PullRequest, return ret0 } +func (mock *MockClient) VerifyWasNotCalled() *VerifierMockClient { + return &VerifierMockClient{ + mock: mock, + invocationCountMatcher: pegomock.Times(0), + } +} + func (mock *MockClient) VerifyWasCalledOnce() *VerifierMockClient { return &VerifierMockClient{ mock: mock, diff --git a/server/server.go b/server/server.go index 1fbbce19f3..6f80cb420f 100644 --- a/server/server.go +++ b/server/server.go @@ -746,6 +746,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) { deleteLockCommand, vcsClient, userConfig.SilenceNoProjects, + userConfig.DisableUnlockLabel, ) versionCommandRunner := events.NewVersionCommandRunner( diff --git a/server/user_config.go b/server/user_config.go index 81fb7bef7a..49e3ed6fba 100644 --- a/server/user_config.go +++ b/server/user_config.go @@ -37,6 +37,7 @@ type UserConfig struct { DisableAutoplanLabel string `mapstructure:"disable-autoplan-label"` DisableMarkdownFolding bool `mapstructure:"disable-markdown-folding"` DisableRepoLocking bool `mapstructure:"disable-repo-locking"` + DisableUnlockLabel string `mapstructure:"disable-unlock-label"` DiscardApprovalOnPlanFlag bool `mapstructure:"discard-approval-on-plan"` EmojiReaction string `mapstructure:"emoji-reaction"` EnablePolicyChecksFlag bool `mapstructure:"enable-policy-checks"` @@ -126,7 +127,7 @@ type UserConfig struct { WebPassword string `mapstructure:"web-password"` WriteGitCreds bool `mapstructure:"write-git-creds"` WebsocketCheckOrigin bool `mapstructure:"websocket-check-origin"` - UseTFPluginCache bool `mapstructure:"use-tf-plugin-cache"` + UseTFPluginCache bool `mapstructure:"use-tf-plugin-cache"` } // ToAllowCommandNames parse AllowCommands into a slice of CommandName From 90f63247add6ceda4f154494d56d0b06cb58a1d6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Oct 2023 01:11:47 +0000 Subject: [PATCH 29/79] chore(deps): update dependency node to v18.18.1 in .node-version (#3842) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .node-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.node-version b/.node-version index 02c8b485ed..f6610cade8 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -18.18.0 +18.18.1 From 41de34a8d920bdf920df4de945261b5417301c77 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Oct 2023 04:23:14 +0000 Subject: [PATCH 30/79] chore(deps): update golang docker tag to v1.21.3 in testing/dockerfile (#3843) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- testing/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6354beebc3..1b28677cb8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG DEFAULT_CONFTEST_VERSION=0.46.0 # Stage 1: build artifact and download deps -FROM golang:1.21.2-alpine AS builder +FROM golang:1.21.3-alpine AS builder ARG ATLANTIS_VERSION=dev ENV ATLANTIS_VERSION=${ATLANTIS_VERSION} diff --git a/testing/Dockerfile b/testing/Dockerfile index 22a64589c8..af5e3c26bb 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.2 +FROM golang:1.21.3 RUN apt-get update && apt-get --no-install-recommends -y install unzip \ && apt-get clean \ From 6e37887d6901c54feb9bdeed5d52f3f4bb7bad6e Mon Sep 17 00:00:00 2001 From: inFame Date: Fri, 13 Oct 2023 02:50:13 +1000 Subject: [PATCH 31/79] Update testing-locally.md (#3848) --- runatlantis.io/guide/testing-locally.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/runatlantis.io/guide/testing-locally.md b/runatlantis.io/guide/testing-locally.md index ee254acdbf..054b0d9c2a 100644 --- a/runatlantis.io/guide/testing-locally.md +++ b/runatlantis.io/guide/testing-locally.md @@ -173,11 +173,12 @@ TOKEN="{YOUR_TOKEN}" ### Bitbucket Server (aka Stash) Access Token - Click on your avatar in the top right and select **Manage account** -- Click **Personal access tokens** in the sidebar -- Click **Create a token** +- Click **HTTP access tokens** in the sidebar +- Click **Create token** - Name the token **atlantis** - Give the token **Read** Project permissions and **Write** Pull request permissions -- Click **create** and set the token as an environment variable +- Choose an Expiry option **Do not expire** or **Expire automatically** +- Click **Create** and set the token as an environment variable ``` TOKEN="{YOUR_TOKEN}" ``` From afc2a57c663f641b77d6a90afbbca2e2e865acdc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Oct 2023 16:55:02 +0000 Subject: [PATCH 32/79] chore(deps): update module golang.org/x/net to v0.17.0 [security] (#3849) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- e2e/go.mod | 6 +++--- e2e/go.sum | 12 ++++++------ go.mod | 4 ++-- go.sum | 8 ++++---- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index f085bc0676..7be406a1b0 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -13,10 +13,10 @@ require ( github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect - golang.org/x/crypto v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect - golang.org/x/sys v0.11.0 // indirect + golang.org/x/sys v0.13.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.31.0 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 00e9017760..fc070fd7e0 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -23,20 +23,20 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= diff --git a/go.mod b/go.mod index 986208dc37..0ab995bcf8 100644 --- a/go.mod +++ b/go.mod @@ -124,9 +124,9 @@ require ( github.com/yuin/gopher-lua v1.1.0 // indirect github.com/zclconf/go-cty v1.13.2 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.13.0 // indirect + golang.org/x/crypto v0.14.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect - golang.org/x/net v0.15.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index 25bee662ce..0006beb7ec 100644 --- a/go.sum +++ b/go.sum @@ -499,8 +499,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= -golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -580,8 +580,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= From 53bc84c1d7c0241bb2a900ef24778132175dd731 Mon Sep 17 00:00:00 2001 From: PePe Amengual Date: Thu, 12 Oct 2023 12:25:11 -0700 Subject: [PATCH 33/79] Updating curl (#3850) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1b28677cb8..b885383c51 100644 --- a/Dockerfile +++ b/Dockerfile @@ -182,7 +182,7 @@ COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh # We place this last as it will bust less docker layer caches when packages update RUN apk add --no-cache \ ca-certificates~=20230506 \ - curl~=8.3 \ + curl~=8.4 \ git~=2.40 \ unzip~=6.0 \ bash~=5.2 \ From 5b33f9f5fcc96f76708c2423b7273dcd21858cc4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Oct 2023 20:01:47 +0000 Subject: [PATCH 34/79] fix(deps): update module github.com/uber-go/tally/v4 to v4.1.10 in go.mod (#3847) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0ab995bcf8..a3c1d59cd2 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.17.0 github.com/stretchr/testify v1.8.4 - github.com/uber-go/tally/v4 v4.1.9 + github.com/uber-go/tally/v4 v4.1.10 github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 github.com/xanzy/go-gitlab v0.93.1 diff --git a/go.sum b/go.sum index 0006beb7ec..c59a216df9 100644 --- a/go.sum +++ b/go.sum @@ -449,8 +449,8 @@ github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSW github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg= github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= -github.com/uber-go/tally/v4 v4.1.9 h1:AorgM0Ix5aCjSSE0SyKLC4JUQE439d64i3ayxEEYeTs= -github.com/uber-go/tally/v4 v4.1.9/go.mod h1:pPR56rjthjtLB8xQlEx2I1VwAwRGCh/i4xMUcmG+6z4= +github.com/uber-go/tally/v4 v4.1.10 h1:2GSX7Tmq26wjAvOtQEc5EvRROIkX2OX4vpROt6mlRLM= +github.com/uber-go/tally/v4 v4.1.10/go.mod h1:pPR56rjthjtLB8xQlEx2I1VwAwRGCh/i4xMUcmG+6z4= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/JhU= From 27010d35dd005f3a49a0cfcb2de39147d618e48d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Oct 2023 01:15:37 +0000 Subject: [PATCH 35/79] fix(deps): update module github.com/microcosm-cc/bluemonday to v1.0.26 in go.mod (#3854) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a3c1d59cd2..75f9ffacfc 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d github.com/kr/pretty v0.3.1 github.com/mcdafydd/go-azuredevops v0.12.1 - github.com/microcosm-cc/bluemonday v1.0.25 + github.com/microcosm-cc/bluemonday v1.0.26 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db github.com/mitchellh/go-homedir v1.1.0 github.com/moby/patternmatcher v0.6.0 diff --git a/go.sum b/go.sum index c59a216df9..eebea80411 100644 --- a/go.sum +++ b/go.sum @@ -319,8 +319,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zk github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mcdafydd/go-azuredevops v0.12.1 h1:WxwLVyGuJ8oL7uWQp1/J6GefX1wMQQZUHWRGsrm+uE8= github.com/mcdafydd/go-azuredevops v0.12.1/go.mod h1:B4UDyn7WEj1/97f45j3VnzEfkWKe05+/dCcAPdOET4A= -github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg= -github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE= +github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58= +github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= From 10289c6eefac3f09f020eb3dd4e7befa94b97141 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 14 Oct 2023 02:06:19 +0000 Subject: [PATCH 36/79] chore(deps): update dependency node to v18.18.2 in .node-version (#3857) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .node-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.node-version b/.node-version index f6610cade8..87ec8842b1 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -18.18.1 +18.18.2 From c11873eee10c3733826b24a835cb2f01ab6ad132 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 15 Oct 2023 01:11:34 +0000 Subject: [PATCH 37/79] chore(deps): update debian docker tag to v12.2 in dockerfile (#3859) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b885383c51..65f809f601 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # what distro is the image being built for ARG ALPINE_TAG=3.18.4 -ARG DEBIAN_TAG=12.1-slim +ARG DEBIAN_TAG=12.2-slim ARG DEFAULT_TERRAFORM_VERSION=1.5.7 ARG DEFAULT_CONFTEST_VERSION=0.46.0 From 8158de0699e437e8b4cad3a23347d317ce9a4194 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Oct 2023 01:08:31 +0000 Subject: [PATCH 38/79] fix(deps): update module github.com/alicebob/miniredis/v2 to v2.31.0 in go.mod (#3861) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 75f9ffacfc..bf33715272 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/Masterminds/sprig/v3 v3.2.3 - github.com/alicebob/miniredis/v2 v2.30.5 + github.com/alicebob/miniredis/v2 v2.31.0 github.com/bradleyfalzon/ghinstallation/v2 v2.7.0 github.com/briandowns/spinner v1.23.0 github.com/cactus/go-statsd-client/v5 v5.1.0 diff --git a/go.sum b/go.sum index eebea80411..57228a5be4 100644 --- a/go.sum +++ b/go.sum @@ -38,6 +38,7 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DmitriyVTitov/size v1.5.0/go.mod h1:le6rNI4CoLQV1b9gzp1+3d7hMAD/uu2QcJ+aYbNgiU0= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= @@ -57,8 +58,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.30.5 h1:3r6kTHdKnuP4fkS8k2IrvSfxpxUTcW1SOL0wN7b7Dt0= -github.com/alicebob/miniredis/v2 v2.30.5/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg= +github.com/alicebob/miniredis/v2 v2.31.0 h1:ObEFUNlJwoIiyjxdrYF0QIDE7qXcLc7D3WpSH4c22PU= +github.com/alicebob/miniredis/v2 v2.31.0/go.mod h1:UB/T2Uztp7MlFSDakaX1sTXUv5CASoprx0wulRT6HBg= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= @@ -161,6 +162,7 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= From c9fe0d76cd8c2ae41c887ac7081342536c16de0e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Oct 2023 04:06:34 +0000 Subject: [PATCH 39/79] chore(deps): update dependency hashicorp/terraform to v1.6.1 in .circleci/config.yml (#3860) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .circleci/config.yml | 2 +- testdrive/utils.go | 2 +- testing/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e3f186eaf5..95d22116b7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,7 @@ jobs: # that flag starts the download asynchronously so we'd have a race # condition. # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp - TERRAFORM_VERSION: 1.5.7 + TERRAFORM_VERSION: 1.6.1 steps: - checkout - run: make build-service diff --git a/testdrive/utils.go b/testdrive/utils.go index 15ce864c94..cd2fb4b89e 100644 --- a/testdrive/utils.go +++ b/testdrive/utils.go @@ -35,7 +35,7 @@ import ( ) const hashicorpReleasesURL = "https://releases.hashicorp.com" -const terraformVersion = "1.5.7" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp +const terraformVersion = "1.6.1" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp const ngrokDownloadURL = "https://bin.equinox.io/c/4VmDzA7iaHb" const ngrokAPIURL = "localhost:41414" // We hope this isn't used. const atlantisPort = 4141 diff --git a/testing/Dockerfile b/testing/Dockerfile index af5e3c26bb..0b1ac313ee 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && apt-get --no-install-recommends -y install unzip \ # Install Terraform # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp -ENV TERRAFORM_VERSION=1.5.7 +ENV TERRAFORM_VERSION=1.6.1 RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \ wget -nv -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip && \ mkdir -p /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \ From 44d4c714090e723a1f46391f931428a9b64f657b Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Mon, 16 Oct 2023 14:10:13 -0400 Subject: [PATCH 40/79] deps: bump to use node20 (#3864) Signed-off-by: Rui Chen --- .node-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.node-version b/.node-version index 87ec8842b1..6569dfa4f3 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -18.18.2 +20.8.1 From 16c373d211a706dab00a54112f21a774bccddf6d Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Mon, 16 Oct 2023 15:26:44 -0400 Subject: [PATCH 41/79] ci: add slack alerting per gotest job failed on main branch (#2975) update condition Signed-off-by: Rui Chen --- .github/workflows/test.yml | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ea37bc2544..a5e3cdc137 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -43,6 +43,45 @@ jobs: - uses: actions/checkout@v4 - run: make test-all - run: make check-fmt + ########################################################### + # Notifying #contributors about test failure on main branch + ########################################################### + - name: Slack failure notification + if: ${{ github.ref == 'refs/heads/main' && failure() }} + uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 + with: + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": ":x: Failed GitHub Action:" + } + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>" + }, + { + "type": "mrkdwn", + "text": "*Job:*\n${{ github.job }}" + }, + { + "type": "mrkdwn", + "text": "*Repo:*\n${{ github.repository }}" + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK skip-test: needs: [changes] From 23b373e8a64424cd2f52fb647bed71ca13810083 Mon Sep 17 00:00:00 2001 From: Rui Chen Date: Mon, 16 Oct 2023 16:17:57 -0400 Subject: [PATCH 42/79] fix: add misspell check for linting codebase (#3865) * add misspell check * lint: fix misspell issues ``` server/events/vcs/instrumented_client.go:46:26: `soley` is a misspelling of `solely` (misspell) // methods and implement soley any github specific interfaces. ^ server/events/project_command_context_builder.go:49:5: `Conciously` is a misspelling of `Consciously` (misspell) // Conciously making this global since it gets flushed periodically anyways ^ server/controllers/events/gitlab_request_parser_validator.go:87:32: `noteable` is a misspelling of `notable` (misspell) NoteableType string `json:"noteable_type"` ^ server/controllers/events/gitlab_request_parser_validator_test.go:351:6: `noteable` is a misspelling of `notable` (misspell) "noteable_type": "MergeRequest", ^ server/controllers/events/gitlab_request_parser_validator_test.go:359:6: `noteable` is a misspelling of `notable` (misspell) "noteable_id": 7, ^ server/controllers/events/gitlab_request_parser_validator_test.go:467:6: `noteable` is a misspelling of `notable` (misspell) "noteable_type": "Commit", ^ server/controllers/events/gitlab_request_parser_validator_test.go:475:6: `noteable` is a misspelling of `notable` (misspell) "noteable_id": null, ^ server/events/event_parser_test.go:1012:23: `seperate` is a misspelling of `separate` (misspell) // If sha changes in seperate PR, ^ ``` Signed-off-by: Rui Chen * add locale setting Signed-off-by: Rui Chen * Revert "lint: fix misspell issues" This reverts commit 7cc56afa8e1d957d0db091c347a3e48aac394178. * lint: fix some misspell issues Signed-off-by: Rui Chen --------- Signed-off-by: Rui Chen Co-authored-by: PePe Amengual --- .golangci.yml | 15 ++++++++++++--- server/events/event_parser_test.go | 2 +- server/events/project_command_context_builder.go | 2 +- server/events/vcs/instrumented_client.go | 2 +- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b6a224f249..63732fc9ac 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,14 +1,23 @@ +linters-settings: + misspell: + # Correct spellings using locale preferences for US or UK. + # Default is to use a neutral variety of English. + # Setting locale to US will correct the British spelling of 'colour' to 'color'. + # locale: US + ignore-words: + # for gitlab notes api + - noteable + linters: enable: - errcheck - gochecknoinits -# We don't use goconst because it gives false positives in the tests. -# - goconst - gofmt - - revive - gosec - gosimple - ineffassign + - misspell + - revive - staticcheck - typecheck - unconvert diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go index d1ec65182a..c25ce7f87f 100644 --- a/server/events/event_parser_test.go +++ b/server/events/event_parser_test.go @@ -1009,7 +1009,7 @@ func TestBitBucketNonCodeChangesAreIgnored(t *testing.T) { act = parser.GetBitbucketCloudPullEventType("pullrequest:updated", "fakeSha2", "https://github.com/fakeorg/fakerepo/pull/1") Equals(t, models.UpdatedPullEvent, act) - // If sha changes in seperate PR, + // If sha changes in separate PR, act = parser.GetBitbucketCloudPullEventType("pullrequest:updated", "otherPRSha", "https://github.com/fakeorg/fakerepo/pull/2") Equals(t, models.UpdatedPullEvent, act) // We will still ignore same shas in first PR diff --git a/server/events/project_command_context_builder.go b/server/events/project_command_context_builder.go index 16714f841a..0b4bf00f29 100644 --- a/server/events/project_command_context_builder.go +++ b/server/events/project_command_context_builder.go @@ -46,7 +46,7 @@ type ProjectCommandContextBuilder interface { // object relevant to the command it applies to. type CommandScopedStatsProjectCommandContextBuilder struct { ProjectCommandContextBuilder - // Conciously making this global since it gets flushed periodically anyways + // Consciously making this global since it gets flushed periodically anyways ProjectCounter tally.Counter } diff --git a/server/events/vcs/instrumented_client.go b/server/events/vcs/instrumented_client.go index 436b75e160..e77d2b7980 100644 --- a/server/events/vcs/instrumented_client.go +++ b/server/events/vcs/instrumented_client.go @@ -43,7 +43,7 @@ type IGithubClient interface { } // InstrumentedGithubClient should delegate to the underlying InstrumentedClient for vcs provider-agnostic -// methods and implement soley any github specific interfaces. +// methods and implement solely any github specific interfaces. type InstrumentedGithubClient struct { *InstrumentedClient PullRequestGetter GithubPullRequestGetter From cd604c23f6757f5f21ed62959860b88b48234a02 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 01:19:14 +0000 Subject: [PATCH 43/79] fix(deps): update module github.com/hashicorp/hcl/v2 to v2.19.0 in go.mod (#3869) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index bf33715272..f86977df47 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/hashicorp/hcl/v2 v2.18.1 + github.com/hashicorp/hcl/v2 v2.19.0 github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29 // indirect diff --git a/go.sum b/go.sum index 57228a5be4..3ceed405fa 100644 --- a/go.sum +++ b/go.sum @@ -267,8 +267,8 @@ github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl/v2 v2.18.1 h1:6nxnOJFku1EuSawSD81fuviYUV8DxFr3fp2dUi3ZYSo= -github.com/hashicorp/hcl/v2 v2.18.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= +github.com/hashicorp/hcl/v2 v2.19.0 h1:vq9ncaL/+JtHe2JFQo6h/D7HqkfrYQn+nRYG/WDKmLo= +github.com/hashicorp/hcl/v2 v2.19.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d h1:g6kHlvZrFPFKeWRj5q/zyJA5gu7rlJGPf17h8hX7LHY= github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d/go.mod h1:l8HcFPm9cQh6Q0KSWoYPiePqMvRFenybP1CH2MjKdlg= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= From 5b3f0575cabf2883e728d7a03758924a9608aece Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Oct 2023 00:41:41 +0000 Subject: [PATCH 44/79] fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.8.0 in go.mod (#3871) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 20 ++++---------------- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index f86977df47..5af2a21ae5 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/alicebob/miniredis/v2 v2.31.0 - github.com/bradleyfalzon/ghinstallation/v2 v2.7.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.8.0 github.com/briandowns/spinner v1.23.0 github.com/cactus/go-statsd-client/v5 v5.1.0 github.com/go-ozzo/ozzo-validation v3.6.0+incompatible @@ -84,7 +84,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-cmp v0.5.9 // indirect - github.com/google/go-github/v55 v55.0.0 // indirect + github.com/google/go-github/v56 v56.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect diff --git a/go.sum b/go.sum index 3ceed405fa..75ec7b5027 100644 --- a/go.sum +++ b/go.sum @@ -46,7 +46,6 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 h1:JMDGhoQvXNTqH6Y3MC0IUw6tcZvaUdujNqzK2HYWZc8= github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= @@ -74,15 +73,14 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= -github.com/bradleyfalzon/ghinstallation/v2 v2.7.0 h1:ranXaC3Zz/F6G/f0Joj3LrFp2OzOKfJZev5Q7OaMc88= -github.com/bradleyfalzon/ghinstallation/v2 v2.7.0/go.mod h1:ymxfmloxXBFXvvF1KpeUhOQM6Dfz9NYtfvTiJyk82UE= +github.com/bradleyfalzon/ghinstallation/v2 v2.8.0 h1:yUmoVv70H3J4UOqxqsee39+KlXxNEDfTbAp8c/qULKk= +github.com/bradleyfalzon/ghinstallation/v2 v2.8.0/go.mod h1:fmPmvCiBWhJla3zDv9ZTQSZc8AbwyRnGW1yg5ep1Pcs= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE= github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs= github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cactus/go-statsd-client/v5 v5.0.0/go.mod h1:COEvJ1E+/E2L4q6QE5CkjWPi4eeDw9maJBMIuMPBZbY= github.com/cactus/go-statsd-client/v5 v5.1.0 h1:sbbdfIl9PgisjEoXzvXI1lwUKWElngsjJKaZeC021P4= @@ -96,7 +94,6 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -205,8 +202,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v54 v54.0.0 h1:OZdXwow4EAD5jEo5qg+dGFH2DpkyZvVsAehjvJuUL/c= github.com/google/go-github/v54 v54.0.0/go.mod h1:Sw1LXWHhXRZtzJ9LI5fyJg9wbQzYvFhW8W5P2yaAQ7s= -github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= -github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= +github.com/google/go-github/v56 v56.0.0 h1:TysL7dMa/r7wsQi44BjqlwaHvwlFlqkK8CtBWCX3gb4= +github.com/google/go-github/v56 v56.0.0/go.mod h1:D8cdcX98YWJvi7TLo7zM4/h8ZTx6u6fwGEkCdisopo0= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -500,7 +497,6 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -581,7 +577,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -654,7 +649,6 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -665,8 +659,6 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -674,8 +666,6 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -689,8 +679,6 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From f34e5dbb8752cd444a69d446efa2644f2585f856 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Oct 2023 00:25:54 +0000 Subject: [PATCH 45/79] chore(deps): update dependency hashicorp/terraform to v1.6.2 in .circleci/config.yml (#3872) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .circleci/config.yml | 2 +- testdrive/utils.go | 2 +- testing/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 95d22116b7..f1cd8886db 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,7 @@ jobs: # that flag starts the download asynchronously so we'd have a race # condition. # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp - TERRAFORM_VERSION: 1.6.1 + TERRAFORM_VERSION: 1.6.2 steps: - checkout - run: make build-service diff --git a/testdrive/utils.go b/testdrive/utils.go index cd2fb4b89e..31a7cd6b1e 100644 --- a/testdrive/utils.go +++ b/testdrive/utils.go @@ -35,7 +35,7 @@ import ( ) const hashicorpReleasesURL = "https://releases.hashicorp.com" -const terraformVersion = "1.6.1" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp +const terraformVersion = "1.6.2" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp const ngrokDownloadURL = "https://bin.equinox.io/c/4VmDzA7iaHb" const ngrokAPIURL = "localhost:41414" // We hope this isn't used. const atlantisPort = 4141 diff --git a/testing/Dockerfile b/testing/Dockerfile index 0b1ac313ee..2b1938d144 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && apt-get --no-install-recommends -y install unzip \ # Install Terraform # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp -ENV TERRAFORM_VERSION=1.6.1 +ENV TERRAFORM_VERSION=1.6.2 RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \ wget -nv -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip && \ mkdir -p /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \ From 22ab01e433de96b7a6ef66ea21d5ea7d75e81375 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Oct 2023 01:19:08 +0000 Subject: [PATCH 46/79] fix(deps): update module github.com/hashicorp/hcl/v2 to v2.19.1 in go.mod (#3878) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5af2a21ae5..a291a33c3a 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/hashicorp/hcl/v2 v2.19.0 + github.com/hashicorp/hcl/v2 v2.19.1 github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29 // indirect diff --git a/go.sum b/go.sum index 75ec7b5027..414de1d98f 100644 --- a/go.sum +++ b/go.sum @@ -264,8 +264,8 @@ github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl/v2 v2.19.0 h1:vq9ncaL/+JtHe2JFQo6h/D7HqkfrYQn+nRYG/WDKmLo= -github.com/hashicorp/hcl/v2 v2.19.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= +github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= +github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d h1:g6kHlvZrFPFKeWRj5q/zyJA5gu7rlJGPf17h8hX7LHY= github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d/go.mod h1:l8HcFPm9cQh6Q0KSWoYPiePqMvRFenybP1CH2MjKdlg= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= From edc9bd9262867e27c36d775611cae3f5484f7df1 Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Fri, 20 Oct 2023 16:49:57 +0100 Subject: [PATCH 47/79] feat: Improve GitHub and GitLab Debug Logging (#3876) * Improve GitHub and GitLab Debug Logging * Fix formatting * Fix g.client.Repositories.Get debug message * Update gitlab_client_test with logger --------- Co-authored-by: PePe Amengual --- server/events/vcs/github_client.go | 49 +++++++++++++++---------- server/events/vcs/gitlab_client.go | 46 ++++++++++++++++------- server/events/vcs/gitlab_client_test.go | 6 +++ 3 files changed, 68 insertions(+), 33 deletions(-) diff --git a/server/events/vcs/github_client.go b/server/events/vcs/github_client.go index 76ad3bf421..ab075fba03 100644 --- a/server/events/vcs/github_client.go +++ b/server/events/vcs/github_client.go @@ -140,8 +140,8 @@ listloop: time.Sleep(attemptDelay) attemptDelay = 2*attemptDelay + 1*time.Second - g.logger.Debug("[attempt %d] GET /repos/%v/%v/pulls/%d/files", i+1, repo.Owner, repo.Name, pull.Num) pageFiles, resp, err := g.client.PullRequests.ListFiles(g.ctx, repo.Owner, repo.Name, pull.Num, &opts) + g.logger.Debug("[attempt %d] GET /repos/%v/%v/pulls/%d/files returned: %v", i+1, repo.Owner, repo.Name, pull.Num, resp.StatusCode) if err != nil { ghErr, ok := err.(*github.ErrorResponse) if ok && ghErr.Response.StatusCode == 404 { @@ -189,8 +189,8 @@ func (g *GithubClient) CreateComment(repo models.Repo, pullNum int, comment stri comments := common.SplitComment(comment, maxCommentLength, sepEnd, sepStart) for i := range comments { - g.logger.Debug("POST /repos/%v/%v/issues/%d/comments", repo.Owner, repo.Name, pullNum) - _, _, err := g.client.Issues.CreateComment(g.ctx, repo.Owner, repo.Name, pullNum, &github.IssueComment{Body: &comments[i]}) + _, resp, err := g.client.Issues.CreateComment(g.ctx, repo.Owner, repo.Name, pullNum, &github.IssueComment{Body: &comments[i]}) + g.logger.Debug("POST /repos/%v/%v/issues/%d/comments returned: %v", repo.Owner, repo.Name, pullNum, resp.StatusCode) if err != nil { return err } @@ -200,8 +200,8 @@ func (g *GithubClient) CreateComment(repo models.Repo, pullNum int, comment stri // ReactToComment adds a reaction to a comment. func (g *GithubClient) ReactToComment(repo models.Repo, pullNum int, commentID int64, reaction string) error { - g.logger.Debug("POST /repos/%v/%v/issues/comments/%d/reactions", repo.Owner, repo.Name, commentID) - _, _, err := g.client.Reactions.CreateIssueCommentReaction(g.ctx, repo.Owner, repo.Name, commentID, reaction) + _, resp, err := g.client.Reactions.CreateIssueCommentReaction(g.ctx, repo.Owner, repo.Name, commentID, reaction) + g.logger.Debug("POST /repos/%v/%v/issues/comments/%d/reactions returned: %v", repo.Owner, repo.Name, commentID, resp.StatusCode) return err } @@ -209,12 +209,12 @@ func (g *GithubClient) HidePrevCommandComments(repo models.Repo, pullNum int, co var allComments []*github.IssueComment nextPage := 0 for { - g.logger.Debug("GET /repos/%v/%v/issues/%d/comments", repo.Owner, repo.Name, pullNum) comments, resp, err := g.client.Issues.ListComments(g.ctx, repo.Owner, repo.Name, pullNum, &github.IssueListCommentsOptions{ Sort: github.String("created"), Direction: github.String("asc"), ListOptions: github.ListOptions{Page: nextPage}, }) + g.logger.Debug("GET /repos/%v/%v/issues/%d/comments returned: %v", repo.Owner, repo.Name, pullNum, resp.StatusCode) if err != nil { return errors.Wrap(err, "listing comments") } @@ -327,8 +327,8 @@ func (g *GithubClient) PullIsApproved(repo models.Repo, pull models.PullRequest) if nextPage != 0 { opts.Page = nextPage } - g.logger.Debug("GET /repos/%v/%v/pulls/%d/reviews", repo.Owner, repo.Name, pull.Num) pageReviews, resp, err := g.client.PullRequests.ListReviews(g.ctx, repo.Owner, repo.Name, pull.Num, &opts) + g.logger.Debug("GET /repos/%v/%v/pulls/%d/reviews returned: %v", repo.Owner, repo.Name, pull.Num, resp.StatusCode) if err != nil { return approvalStatus, errors.Wrap(err, "getting reviews") } @@ -397,7 +397,8 @@ func isRequiredCheck(check string, required []string) bool { // GetCombinedStatusMinusApply checks Statuses for PR, excluding atlantis apply. Returns true if all other statuses are not in failure. func (g *GithubClient) GetCombinedStatusMinusApply(repo models.Repo, pull *github.PullRequest, vcstatusname string) (bool, error) { //check combined status api - status, _, err := g.client.Repositories.GetCombinedStatus(g.ctx, *pull.Head.Repo.Owner.Login, repo.Name, *pull.Head.Ref, nil) + status, resp, err := g.client.Repositories.GetCombinedStatus(g.ctx, *pull.Head.Repo.Owner.Login, repo.Name, *pull.Head.Ref, nil) + g.logger.Debug("GET /repos/%v/%v/commits/%s/status returned: %v", *pull.Head.Repo.Owner.Login, repo.Name, *pull.Head.Ref, resp.StatusCode) if err != nil { return false, errors.Wrap(err, "getting combined status") } @@ -413,7 +414,8 @@ func (g *GithubClient) GetCombinedStatusMinusApply(repo models.Repo, pull *githu } //get required status checks - required, _, err := g.client.Repositories.GetBranchProtection(context.Background(), repo.Owner, repo.Name, *pull.Base.Ref) + required, resp, err := g.client.Repositories.GetBranchProtection(context.Background(), repo.Owner, repo.Name, *pull.Base.Ref) + g.logger.Debug("GET /repos/%v/%v/branches/%s/protection returned: %v", repo.Owner, repo.Name, *pull.Base.Ref, resp.StatusCode) if err != nil { return false, errors.Wrap(err, "getting required status checks") } @@ -423,7 +425,8 @@ func (g *GithubClient) GetCombinedStatusMinusApply(repo models.Repo, pull *githu } //check check suite/check run api - checksuites, _, err := g.client.Checks.ListCheckSuitesForRef(context.Background(), *pull.Head.Repo.Owner.Login, repo.Name, *pull.Head.Ref, nil) + checksuites, resp, err := g.client.Checks.ListCheckSuitesForRef(context.Background(), *pull.Head.Repo.Owner.Login, repo.Name, *pull.Head.Ref, nil) + g.logger.Debug("GET /repos/%v/%v/commits/%s/check-suites returned: %v", *pull.Head.Repo.Owner.Login, repo.Name, *pull.Head.Ref, resp.StatusCode) if err != nil { return false, errors.Wrap(err, "getting check suites for ref") } @@ -432,7 +435,8 @@ func (g *GithubClient) GetCombinedStatusMinusApply(repo models.Repo, pull *githu for _, c := range checksuites.CheckSuites { if *c.Status == "completed" { //iterate over the runs inside the suite - suite, _, err := g.client.Checks.ListCheckRunsCheckSuite(context.Background(), *pull.Head.Repo.Owner.Login, repo.Name, *c.ID, nil) + suite, resp, err := g.client.Checks.ListCheckRunsCheckSuite(context.Background(), *pull.Head.Repo.Owner.Login, repo.Name, *c.ID, nil) + g.logger.Debug("GET /repos/%v/%v/check-suites/%d/check-runs returned: %v", *pull.Head.Repo.Owner.Login, repo.Name, *c.ID, resp.StatusCode) if err != nil { return false, errors.Wrap(err, "getting check runs for check suite") } @@ -546,7 +550,8 @@ func (g *GithubClient) GetPullRequest(repo models.Repo, num int) (*github.PullRe time.Sleep(attemptDelay) attemptDelay = 2*attemptDelay + 1*time.Second - pull, _, err = g.client.PullRequests.Get(g.ctx, repo.Owner, repo.Name, num) + pull, resp, err := g.client.PullRequests.Get(g.ctx, repo.Owner, repo.Name, num) + g.logger.Debug("GET /repos/%v/%v/pulls/%d returned: %v", repo.Owner, repo.Name, num, resp.StatusCode) if err == nil { return pull, nil } @@ -577,7 +582,8 @@ func (g *GithubClient) UpdateStatus(repo models.Repo, pull models.PullRequest, s Context: github.String(src), TargetURL: &url, } - _, _, err := g.client.Repositories.CreateStatus(g.ctx, repo.Owner, repo.Name, pull.HeadCommit, status) + _, resp, err := g.client.Repositories.CreateStatus(g.ctx, repo.Owner, repo.Name, pull.HeadCommit, status) + g.logger.Debug("POST /repos/%v/%v/statuses/%s returned: %v", repo.Owner, repo.Name, pull.HeadCommit, resp.StatusCode) return err } @@ -585,8 +591,8 @@ func (g *GithubClient) UpdateStatus(repo models.Repo, pull models.PullRequest, s func (g *GithubClient) MergePull(pull models.PullRequest, pullOptions models.PullRequestOptions) error { // Users can set their repo to disallow certain types of merging. // We detect which types aren't allowed and use the type that is. - g.logger.Debug("GET /repos/%v/%v", pull.BaseRepo.Owner, pull.BaseRepo.Name) - repo, _, err := g.client.Repositories.Get(g.ctx, pull.BaseRepo.Owner, pull.BaseRepo.Name) + repo, resp, err := g.client.Repositories.Get(g.ctx, pull.BaseRepo.Owner, pull.BaseRepo.Name) + g.logger.Debug("GET /repos/%v/%v returned: %v", pull.BaseRepo.Owner, pull.BaseRepo.Name, resp.StatusCode) if err != nil { return errors.Wrap(err, "fetching repo info") } @@ -609,7 +615,7 @@ func (g *GithubClient) MergePull(pull models.PullRequest, pullOptions models.Pul MergeMethod: method, } g.logger.Debug("PUT /repos/%v/%v/pulls/%d/merge", repo.Owner, repo.Name, pull.Num) - mergeResult, _, err := g.client.PullRequests.Merge( + mergeResult, resp, err := g.client.PullRequests.Merge( g.ctx, pull.BaseRepo.Owner, pull.BaseRepo.Name, @@ -618,6 +624,7 @@ func (g *GithubClient) MergePull(pull models.PullRequest, pullOptions models.Pul // the commit message as it normally would. "", options) + g.logger.Debug("POST /repos/%v/%v/pulls/%d/merge returned: %v", repo.Owner, repo.Name, pull.Num, resp.StatusCode) if err != nil { return errors.Wrap(err, "merging pull request") } @@ -678,7 +685,8 @@ func (g *GithubClient) GetTeamNamesForUser(repo models.Repo, user models.User) ( // ExchangeCode returns a newly created app's info func (g *GithubClient) ExchangeCode(code string) (*GithubAppTemporarySecrets, error) { ctx := context.Background() - cfg, _, err := g.client.Apps.CompleteAppManifest(ctx, code) + cfg, resp, err := g.client.Apps.CompleteAppManifest(ctx, code) + g.logger.Debug("POST /app-manifests/%s/conversions returned: %v", code, resp.StatusCode) data := &GithubAppTemporarySecrets{ ID: cfg.GetID(), Key: cfg.GetPEM(), @@ -696,6 +704,7 @@ func (g *GithubClient) ExchangeCode(code string) (*GithubAppTemporarySecrets, er func (g *GithubClient) GetFileContent(pull models.PullRequest, fileName string) (bool, []byte, error) { opt := github.RepositoryContentGetOptions{Ref: pull.HeadBranch} fileContent, _, resp, err := g.client.Repositories.GetContents(g.ctx, pull.BaseRepo.Owner, pull.BaseRepo.Name, fileName, &opt) + g.logger.Debug("GET /repos/%v/%v/contents/%s returned: %v", pull.BaseRepo.Owner, pull.BaseRepo.Name, fileName, resp.StatusCode) if resp.StatusCode == http.StatusNotFound { return false, []byte{}, nil @@ -718,7 +727,8 @@ func (g *GithubClient) SupportsSingleFileDownload(repo models.Repo) bool { func (g *GithubClient) GetCloneURL(VCSHostType models.VCSHostType, repo string) (string, error) { parts := strings.Split(repo, "/") - repository, _, err := g.client.Repositories.Get(g.ctx, parts[0], parts[1]) + repository, resp, err := g.client.Repositories.Get(g.ctx, parts[0], parts[1]) + g.logger.Debug("GET /repos/%v/%v returned: %v", parts[0], parts[1], resp.StatusCode) if err != nil { return "", err } @@ -726,7 +736,8 @@ func (g *GithubClient) GetCloneURL(VCSHostType models.VCSHostType, repo string) } func (g *GithubClient) GetPullLabels(repo models.Repo, pull models.PullRequest) ([]string, error) { - pullDetails, _, err := g.client.PullRequests.Get(g.ctx, repo.Owner, repo.Name, pull.Num) + pullDetails, resp, err := g.client.PullRequests.Get(g.ctx, repo.Owner, repo.Name, pull.Num) + g.logger.Debug("GET /repos/%v/%v/pulls/%d returned: %v", repo.Owner, repo.Name, pull.Num, resp.StatusCode) if err != nil { return nil, err } diff --git a/server/events/vcs/gitlab_client.go b/server/events/vcs/gitlab_client.go index b98c4513c8..d5d89ab529 100644 --- a/server/events/vcs/gitlab_client.go +++ b/server/events/vcs/gitlab_client.go @@ -139,6 +139,7 @@ func (g *GitlabClient) GetModifiedFiles(repo models.Repo, pull models.PullReques pollingStart := time.Now() for { resp, err = g.Client.Do(req, mr) + g.logger.Debug("GET %s returned: %d", apiURL, resp.StatusCode) if err != nil { return nil, err } @@ -177,7 +178,9 @@ func (g *GitlabClient) CreateComment(repo models.Repo, pullNum int, comment stri "```diff\n" comments := common.SplitComment(comment, gitlabMaxCommentLength, sepEnd, sepStart) for _, c := range comments { - if _, _, err := g.Client.Notes.CreateMergeRequestNote(repo.FullName, pullNum, &gitlab.CreateMergeRequestNoteOptions{Body: gitlab.String(c)}); err != nil { + _, resp, err := g.Client.Notes.CreateMergeRequestNote(repo.FullName, pullNum, &gitlab.CreateMergeRequestNoteOptions{Body: gitlab.String(c)}) + g.logger.Debug("POST /projects/%s/merge_requests/%d/notes returned: %d", repo.FullName, pullNum, resp.StatusCode) + if err != nil { return err } } @@ -186,7 +189,8 @@ func (g *GitlabClient) CreateComment(repo models.Repo, pullNum int, comment stri // ReactToComment adds a reaction to a comment. func (g *GitlabClient) ReactToComment(repo models.Repo, pullNum int, commentID int64, reaction string) error { - _, _, err := g.Client.AwardEmoji.CreateMergeRequestAwardEmojiOnNote(repo.FullName, pullNum, int(commentID), &gitlab.CreateAwardEmojiOptions{Name: reaction}) + _, resp, err := g.Client.AwardEmoji.CreateMergeRequestAwardEmojiOnNote(repo.FullName, pullNum, int(commentID), &gitlab.CreateAwardEmojiOptions{Name: reaction}) + g.logger.Debug("POST /projects/%s/merge_requests/%d/notes/%d/award_emoji returned: %d", repo.FullName, pullNum, commentID, resp.StatusCode) return err } @@ -202,6 +206,7 @@ func (g *GitlabClient) HidePrevCommandComments(repo models.Repo, pullNum int, co OrderBy: gitlab.String("created_at"), ListOptions: gitlab.ListOptions{Page: nextPage}, }) + g.logger.Debug("GET /projects/%s/merge_requests/%d/notes returned: %d", repo.FullName, pullNum, resp.StatusCode) if err != nil { return errors.Wrap(err, "listing comments") } @@ -240,8 +245,9 @@ func (g *GitlabClient) HidePrevCommandComments(repo models.Repo, pullNum int, co g.logger.Debug("Updating merge request note: Repo: '%s', MR: '%d', comment ID: '%d'", repo.FullName, pullNum, comment.ID) supersededComment := summaryHeader + lineFeed + comment.Body + lineFeed + summaryFooter + lineFeed - if _, _, err := g.Client.Notes.UpdateMergeRequestNote(repo.FullName, pullNum, comment.ID, - &gitlab.UpdateMergeRequestNoteOptions{Body: &supersededComment}); err != nil { + _, resp, err := g.Client.Notes.UpdateMergeRequestNote(repo.FullName, pullNum, comment.ID, &gitlab.UpdateMergeRequestNoteOptions{Body: &supersededComment}) + g.logger.Debug("PUT /projects/%s/merge_requests/%d/notes/%d returned: %d", repo.FullName, pullNum, comment.ID, resp.StatusCode) + if err != nil { return errors.Wrapf(err, "updating comment %d", comment.ID) } } @@ -251,7 +257,8 @@ func (g *GitlabClient) HidePrevCommandComments(repo models.Repo, pullNum int, co // PullIsApproved returns true if the merge request was approved. func (g *GitlabClient) PullIsApproved(repo models.Repo, pull models.PullRequest) (approvalStatus models.ApprovalStatus, err error) { - approvals, _, err := g.Client.MergeRequests.GetMergeRequestApprovals(repo.FullName, pull.Num) + approvals, resp, err := g.Client.MergeRequests.GetMergeRequestApprovals(repo.FullName, pull.Num) + g.logger.Debug("GET /projects/%s/merge_requests/%d/approvals returned: %d", repo.FullName, pull.Num, resp.StatusCode) if err != nil { return approvalStatus, err } @@ -275,7 +282,8 @@ func (g *GitlabClient) PullIsApproved(repo models.Repo, pull models.PullRequest) // - https://gitlab.com/gitlab-org/gitlab-ee/issues/3169 // - https://gitlab.com/gitlab-org/gitlab-ce/issues/42344 func (g *GitlabClient) PullIsMergeable(repo models.Repo, pull models.PullRequest, vcsstatusname string) (bool, error) { - mr, _, err := g.Client.MergeRequests.GetMergeRequest(repo.FullName, pull.Num, nil) + mr, resp, err := g.Client.MergeRequests.GetMergeRequest(repo.FullName, pull.Num, nil) + g.logger.Debug("GET /projects/%s/merge_requests/%d returned: %d", repo.FullName, pull.Num, resp.StatusCode) if err != nil { return false, err } @@ -290,13 +298,15 @@ func (g *GitlabClient) PullIsMergeable(repo models.Repo, pull models.PullRequest } // Get project configuration - project, _, err := g.Client.Projects.GetProject(mr.ProjectID, nil) + project, resp, err := g.Client.Projects.GetProject(mr.ProjectID, nil) + g.logger.Debug("GET /projects/%d returned: %d", mr.ProjectID, resp.StatusCode) if err != nil { return false, err } // Get Commit Statuses statuses, _, err := g.Client.Commits.GetCommitStatuses(mr.ProjectID, commit, nil) + g.logger.Debug("GET /projects/%d/commits/%s/statuses returned: %d", mr.ProjectID, commit, resp.StatusCode) if err != nil { return false, err } @@ -367,18 +377,20 @@ func (g *GitlabClient) UpdateStatus(repo models.Repo, pull models.PullRequest, s refTarget = fmt.Sprintf("refs/merge-requests/%d/head", pull.Num) } } - _, _, err = g.Client.Commits.SetCommitStatus(repo.FullName, pull.HeadCommit, &gitlab.SetCommitStatusOptions{ + _, resp, err := g.Client.Commits.SetCommitStatus(repo.FullName, pull.HeadCommit, &gitlab.SetCommitStatusOptions{ State: gitlabState, Context: gitlab.String(src), Description: gitlab.String(description), TargetURL: &url, Ref: gitlab.String(refTarget), }) + g.logger.Debug("POST /projects/%s/statuses/%s returned: %d", repo.FullName, pull.HeadCommit, resp.StatusCode) return err } func (g *GitlabClient) GetMergeRequest(repoFullName string, pullNum int) (*gitlab.MergeRequest, error) { - mr, _, err := g.Client.MergeRequests.GetMergeRequest(repoFullName, pullNum, nil) + mr, resp, err := g.Client.MergeRequests.GetMergeRequest(repoFullName, pullNum, nil) + g.logger.Debug("GET /projects/%s/merge_requests/%d returned: %d", repoFullName, pullNum, resp.StatusCode) return mr, err } @@ -413,7 +425,8 @@ func (g *GitlabClient) MergePull(pull models.PullRequest, pullOptions models.Pul return errors.Wrap( err, "unable to merge merge request, it was not possible to retrieve the merge request") } - project, _, err := g.Client.Projects.GetProject(mr.ProjectID, nil) + project, resp, err := g.Client.Projects.GetProject(mr.ProjectID, nil) + g.logger.Debug("GET /projects/%d returned: %d", mr.ProjectID, resp.StatusCode) if err != nil { return errors.Wrap( err, "unable to merge merge request, it was not possible to check the project requirements") @@ -423,13 +436,14 @@ func (g *GitlabClient) MergePull(pull models.PullRequest, pullOptions models.Pul g.WaitForSuccessPipeline(context.Background(), pull) } - _, _, err = g.Client.MergeRequests.AcceptMergeRequest( + _, resp, err = g.Client.MergeRequests.AcceptMergeRequest( pull.BaseRepo.FullName, pull.Num, &gitlab.AcceptMergeRequestOptions{ MergeCommitMessage: &commitMsg, ShouldRemoveSourceBranch: &pullOptions.DeleteSourceBranchOnMerge, }) + g.logger.Debug("PUT /projects/%s/merge_requests/%d/merge returned: %d", pull.BaseRepo.FullName, pull.Num, resp.StatusCode) return errors.Wrap(err, "unable to merge merge request, it may not be in a mergeable state") } @@ -445,7 +459,8 @@ func (g *GitlabClient) DiscardReviews(repo models.Repo, pull models.PullRequest) // GetVersion returns the version of the Gitlab server this client is using. func (g *GitlabClient) GetVersion() (*version.Version, error) { - versionResp, _, err := g.Client.Version.GetVersion() + versionResp, resp, err := g.Client.Version.GetVersion() + g.logger.Debug("GET /version returned: %d", resp.StatusCode) if err != nil { return nil, err } @@ -493,6 +508,7 @@ func (g *GitlabClient) GetFileContent(pull models.PullRequest, fileName string) opt := gitlab.GetRawFileOptions{Ref: gitlab.String(pull.HeadBranch)} bytes, resp, err := g.Client.RepositoryFiles.GetRawFile(pull.BaseRepo.FullName, fileName, &opt) + g.logger.Debug("GET /projects/%s/repository/files/%s/raw returned: %d", pull.BaseRepo.FullName, fileName, resp.StatusCode) if resp.StatusCode == http.StatusNotFound { return false, []byte{}, nil } @@ -509,7 +525,8 @@ func (g *GitlabClient) SupportsSingleFileDownload(repo models.Repo) bool { } func (g *GitlabClient) GetCloneURL(VCSHostType models.VCSHostType, repo string) (string, error) { - project, _, err := g.Client.Projects.GetProject(repo, nil) + project, resp, err := g.Client.Projects.GetProject(repo, nil) + g.logger.Debug("GET /projects/%s returned: %d", repo, resp.StatusCode) if err != nil { return "", err } @@ -517,7 +534,8 @@ func (g *GitlabClient) GetCloneURL(VCSHostType models.VCSHostType, repo string) } func (g *GitlabClient) GetPullLabels(repo models.Repo, pull models.PullRequest) ([]string, error) { - mr, _, err := g.Client.MergeRequests.GetMergeRequest(repo.FullName, pull.Num, nil) + mr, resp, err := g.Client.MergeRequests.GetMergeRequest(repo.FullName, pull.Num, nil) + g.logger.Debug("GET /projects/%s/merge_requests/%d returned: %d", repo.FullName, pull.Num, resp.StatusCode) if err != nil { return nil, err diff --git a/server/events/vcs/gitlab_client_test.go b/server/events/vcs/gitlab_client_test.go index fdadf5da8b..be2ac3b9c8 100644 --- a/server/events/vcs/gitlab_client_test.go +++ b/server/events/vcs/gitlab_client_test.go @@ -146,6 +146,7 @@ func TestGitlabClient_GetModifiedFiles(t *testing.T) { Version: nil, PollingInterval: time.Second * 0, PollingTimeout: time.Second * 10, + logger: logging.NewNoopLogger(t), } filenames, err := client.GetModifiedFiles( @@ -225,6 +226,7 @@ func TestGitlabClient_MergePull(t *testing.T) { client := &GitlabClient{ Client: internalClient, Version: nil, + logger: logging.NewNoopLogger(t), } err = client.MergePull(models.PullRequest{ @@ -297,6 +299,7 @@ func TestGitlabClient_UpdateStatus(t *testing.T) { client := &GitlabClient{ Client: internalClient, Version: nil, + logger: logging.NewNoopLogger(t), } repo := models.Repo{ @@ -451,6 +454,7 @@ func TestGitlabClient_PullIsMergeable(t *testing.T) { client := &GitlabClient{ Client: internalClient, Version: nil, + logger: logging.NewNoopLogger(t), } repo := models.Repo{ @@ -623,6 +627,7 @@ func TestGithubClient_GetPullLabels(t *testing.T) { client := &GitlabClient{ Client: internalClient, Version: nil, + logger: logging.NewNoopLogger(t), } labels, err := client.GetPullLabels(models.Repo{ @@ -652,6 +657,7 @@ func TestGithubClient_GetPullLabels_EmptyResponse(t *testing.T) { client := &GitlabClient{ Client: internalClient, Version: nil, + logger: logging.NewNoopLogger(t), } labels, err := client.GetPullLabels(models.Repo{ From 5f1f580a907a8ca23e57891f376494247369a316 Mon Sep 17 00:00:00 2001 From: snorlaX-sleeps Date: Fri, 20 Oct 2023 23:26:24 +0100 Subject: [PATCH 48/79] docs: Update the GitHub app installation instructions to include a section on manually creating a GitHub app and using it with Atlantis. Add notes on differences with the app created by Atlantis (#3882) Signed-off-by: snorlaX-sleeps <21spock@gmail.com> Committer: snorlaX-sleeps <21spock@gmail.com> --- runatlantis.io/docs/access-credentials.md | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/runatlantis.io/docs/access-credentials.md b/runatlantis.io/docs/access-credentials.md index dcf9464972..731557ed9f 100644 --- a/runatlantis.io/docs/access-credentials.md +++ b/runatlantis.io/docs/access-credentials.md @@ -34,6 +34,7 @@ Your Atlantis user must also have "Write permissions" (for repos in an organizat ### GitHub app +#### Create the GitHub App Using Atlantis ::: warning Available in Atlantis versions **newer** than 0.13.0. ::: @@ -55,6 +56,32 @@ Only a single installation per GitHub App is supported at the moment. GitHub App handles the webhook calls by itself, hence there is no need to create wehbooks separately. If webhooks were created manually, those should be removed when using GitHub App. Otherwise, there would be 2 calls to Atlantis resulting in locking errors on path/workspace. ::: +#### Manually Creating the GitHub app + +- Create the GitHub app as an Administrator + - Ensure the app is registered / installed with the organization / user + - See the GitHub app [documentation](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps) +- Create a file with the contents of the GitHub App Key, e.g. `atlantis-app-key.pem` +- Start Atlantis with the following flags: `atlantis server --gh-app-id --gh-installation-id --gh-app-key-file atlantis-app-key.pem --gh-webhook-secret --write-git-creds --repo-allowlist 'github.com/your-org/*' --atlantis-url https://$ATLANTIS_HOST`. + + NOTE: Instead of using a file for the GitHub App Key you can also pass the key value directly using `--gh-app-key`. You can also create a config file instead of using flags. See [Server Configuration](/docs/server-configuration.html#config-file). + +::: tip NOTE +Manually installing the GitHub app means that the credentials can be shared by many Atlantis installations. This has the benefit of centralizing repository access for shared modules / code. +::: + +::: tip NOTE +Repositories must be manually registered with the created GitHub app to allow Atlantis to interact with Pull Requests. +::: + +::: tip NOTE +Webhooks must be created manually for repositories that trigger Atlantis. +::: + +::: tip NOTE +Passing the additional flag `--gh-app-slug` will modify the name of the App when posting comments on a Pull Request. +::: + #### Permissions GitHub App needs these permissions. These are automatically set when a GitHub app is created. From a542aa8f2015e67957c5fdb6ec994080561aa1ec Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 00:36:47 +0000 Subject: [PATCH 49/79] fix(deps): update module github.com/xanzy/go-gitlab to v0.93.2 in go.mod (#3890) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a291a33c3a..0a7c2546f9 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/uber-go/tally/v4 v4.1.10 github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 - github.com/xanzy/go-gitlab v0.93.1 + github.com/xanzy/go-gitlab v0.93.2 go.etcd.io/bbolt v1.3.7 go.uber.org/zap v1.26.0 golang.org/x/term v0.13.0 diff --git a/go.sum b/go.sum index 414de1d98f..beffc5bfcf 100644 --- a/go.sum +++ b/go.sum @@ -456,8 +456,8 @@ github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/J github.com/urfave/negroni/v3 v3.0.0/go.mod h1:jWvnX03kcSjDBl/ShB0iHvx5uOs7mAzZXW+JvJ5XYAs= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 h1:be5WC0FHdhimAhe2G3DPhduX117RM8qdTMYCMHDt4DM= github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997/go.mod h1:saryXNaL624mlulV138FP+HhVw7IpvETUXLS3nTvH1g= -github.com/xanzy/go-gitlab v0.93.1 h1:f7J33cw/P9b/8paIOoH0F3H+TFrswvWHs6yUgoTp9LY= -github.com/xanzy/go-gitlab v0.93.1/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.93.2 h1:kNNf3BYNYn/Zkig0B89fma12l36VLcYSGu7OnaRlRDg= +github.com/xanzy/go-gitlab v0.93.2/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From ed73d4942bbda3c78fd8463ede52a1a4875ac929 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 24 Oct 2023 02:14:19 +0000 Subject: [PATCH 50/79] chore(deps): update actions/setup-node action to v4 in .github/workflows/website.yml (#3892) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate-config.yml | 2 +- .github/workflows/website.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/renovate-config.yml b/.github/workflows/renovate-config.yml index 4e25c9875c..b41002086a 100644 --- a/.github/workflows/renovate-config.yml +++ b/.github/workflows/renovate-config.yml @@ -16,5 +16,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 - run: npx --package renovate -c 'renovate-config-validator' diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml index 5acacb5127..6db5acdf5d 100644 --- a/.github/workflows/website.yml +++ b/.github/workflows/website.yml @@ -37,7 +37,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version-file: .node-version From 5e1f50b073efeaa88422ae5217055869973df94f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Oct 2023 01:32:56 +0000 Subject: [PATCH 51/79] chore(deps): update dependency node to v20.9.0 in .node-version (#3896) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .node-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.node-version b/.node-version index 6569dfa4f3..f3f52b42d3 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -20.8.1 +20.9.0 From d17665fee911a91415a216f918eec3db1e28b078 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 01:17:42 +0000 Subject: [PATCH 52/79] fix(deps): update module go.etcd.io/bbolt to v1.3.8 in go.mod (#3901) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0a7c2546f9..d8baa2273a 100644 --- a/go.mod +++ b/go.mod @@ -43,7 +43,7 @@ require ( github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 github.com/xanzy/go-gitlab v0.93.2 - go.etcd.io/bbolt v1.3.7 + go.etcd.io/bbolt v1.3.8 go.uber.org/zap v1.26.0 golang.org/x/term v0.13.0 golang.org/x/text v0.13.0 diff --git a/go.sum b/go.sum index beffc5bfcf..e75bd567d6 100644 --- a/go.sum +++ b/go.sum @@ -467,8 +467,8 @@ github.com/yuin/gopher-lua v1.1.0 h1:BojcDhfyDWgU2f2TOzYK/g5p2gxMrku8oupLDqlnSqE github.com/yuin/gopher-lua v1.1.0/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0= github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= -go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= -go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= +go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= From febed33c49fe76e3b0f01a6acf17bdb633cf8a39 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 04:00:16 +0000 Subject: [PATCH 53/79] fix(deps): update module github.com/google/uuid to v1.4.0 in go.mod (#3902) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d8baa2273a..fce7e13ef8 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/golang-jwt/jwt/v5 v5.0.0 github.com/google/go-github/v54 v54.0.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 - github.com/google/uuid v1.3.1 + github.com/google/uuid v1.4.0 github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 github.com/hashicorp/go-getter/v2 v2.2.1 diff --git a/go.sum b/go.sum index e75bd567d6..23de6a0fb4 100644 --- a/go.sum +++ b/go.sum @@ -228,8 +228,8 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= From f519638d1b88e1afe805685b7f056cf44a5bc6c8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 02:01:32 +0000 Subject: [PATCH 54/79] fix(deps): update module github.com/redis/go-redis/v9 to v9.3.0 in go.mod (#3906) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fce7e13ef8..4f886cb54d 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/petergtz/pegomock/v4 v4.0.0 github.com/pkg/errors v0.9.1 - github.com/redis/go-redis/v9 v9.2.1 + github.com/redis/go-redis/v9 v9.3.0 github.com/remeh/sizedwaitgroup v1.0.0 github.com/shurcooL/githubv4 v0.0.0-20230704064427-599ae7bbf278 github.com/slack-go/slack v0.12.3 diff --git a/go.sum b/go.sum index 23de6a0fb4..ef849e5bab 100644 --- a/go.sum +++ b/go.sum @@ -388,8 +388,8 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/redis/go-redis/v9 v9.2.1 h1:WlYJg71ODF0dVspZZCpYmoF1+U1Jjk9Rwd7pq6QmlCg= -github.com/redis/go-redis/v9 v9.2.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= +github.com/redis/go-redis/v9 v9.3.0 h1:RiVDjmig62jIWp7Kk4XVLs0hzV6pI3PyTnnL0cnn0u0= +github.com/redis/go-redis/v9 v9.3.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= From 8a87d2ef0980f1124732bc6d58b47027e99cd931 Mon Sep 17 00:00:00 2001 From: Luke Massa Date: Wed, 1 Nov 2023 02:16:34 -0400 Subject: [PATCH 55/79] fix: Better determine number of expected comments and webhooks in e2e test (#3907) * fix: Better determine number of expected comments and webhooks in e2e test * Cleanup --- .../events/events_controller_e2e_test.go | 32 +++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go index 93c63df3bd..d1e8280f9a 100644 --- a/server/controllers/events/events_controller_e2e_test.go +++ b/server/controllers/events/events_controller_e2e_test.go @@ -111,7 +111,28 @@ func TestGitHubWorkflow(t *testing.T) { ExpAllowResponseCommentBack bool // ExpParseFailedCount represents how many times test sends invalid commands ExpParseFailedCount int + // ExpNoLocksToDelete whether we expect that there are no locks at the end to delete + ExpNoLocksToDelete bool }{ + { + Description: "no comment or change", + RepoDir: "simple", + ModifiedFiles: []string{}, + Comments: []string{}, + ExpReplies: [][]string{}, + ExpNoLocksToDelete: true, + }, + { + Description: "no comment", + RepoDir: "simple", + ModifiedFiles: []string{"main.tf"}, + Comments: []string{}, + ExpReplies: [][]string{ + {"exp-output-autoplan.txt"}, + {"exp-output-merge.txt"}, + }, + ExpAutoplan: true, + }, { Description: "simple", RepoDir: "simple", @@ -208,6 +229,7 @@ func TestGitHubWorkflow(t *testing.T) { }, ExpAllowResponseCommentBack: true, ExpParseFailedCount: 1, + ExpNoLocksToDelete: true, }, { Description: "simple with atlantis.yaml", @@ -618,9 +640,13 @@ func TestGitHubWorkflow(t *testing.T) { // Now we're ready to verify Atlantis made all the comments back (or // replies) that we expect. We expect each plan to have 1 comment, - // and apply have 1 for each comment plus one for the locks deleted at the - // end. - expNumReplies := len(c.Comments) + 1 - c.ExpParseFailedCount + // and apply have 1 for each comment + expNumReplies := len(c.Comments) + + // If there are locks to delete at the end, that will take a comment + if !c.ExpNoLocksToDelete { + expNumReplies++ + } if c.ExpAutoplan { expNumReplies++ From 63739a8bcf0d0128d70c6997d926227dd353593b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 2 Nov 2023 00:32:22 +0000 Subject: [PATCH 56/79] chore(deps): update dependency hashicorp/terraform to v1.6.3 in .circleci/config.yml (#3910) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .circleci/config.yml | 2 +- testdrive/utils.go | 2 +- testing/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f1cd8886db..13926baada 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,7 @@ jobs: # that flag starts the download asynchronously so we'd have a race # condition. # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp - TERRAFORM_VERSION: 1.6.2 + TERRAFORM_VERSION: 1.6.3 steps: - checkout - run: make build-service diff --git a/testdrive/utils.go b/testdrive/utils.go index 31a7cd6b1e..b0f8a54312 100644 --- a/testdrive/utils.go +++ b/testdrive/utils.go @@ -35,7 +35,7 @@ import ( ) const hashicorpReleasesURL = "https://releases.hashicorp.com" -const terraformVersion = "1.6.2" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp +const terraformVersion = "1.6.3" // renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp const ngrokDownloadURL = "https://bin.equinox.io/c/4VmDzA7iaHb" const ngrokAPIURL = "localhost:41414" // We hope this isn't used. const atlantisPort = 4141 diff --git a/testing/Dockerfile b/testing/Dockerfile index 2b1938d144..a57ec9af3d 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && apt-get --no-install-recommends -y install unzip \ # Install Terraform # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp -ENV TERRAFORM_VERSION=1.6.2 +ENV TERRAFORM_VERSION=1.6.3 RUN case $(uname -m) in x86_64|amd64) ARCH="amd64" ;; aarch64|arm64|armv7l) ARCH="arm64" ;; esac && \ wget -nv -O terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${ARCH}.zip && \ mkdir -p /usr/local/bin/tf/versions/${TERRAFORM_VERSION} && \ From 9e6a4d7321f9f0a1191a477593848b3f8c19e561 Mon Sep 17 00:00:00 2001 From: Rush Soni <17338080+rushrs@users.noreply.github.com> Date: Thu, 2 Nov 2023 20:40:56 +0000 Subject: [PATCH 57/79] Update Terraform Version for Atlantis (#3914) --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 65f809f601..e87dcbc32b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG ALPINE_TAG=3.18.4 ARG DEBIAN_TAG=12.2-slim -ARG DEFAULT_TERRAFORM_VERSION=1.5.7 +ARG DEFAULT_TERRAFORM_VERSION=1.6.3 ARG DEFAULT_CONFTEST_VERSION=0.46.0 # Stage 1: build artifact and download deps @@ -135,7 +135,7 @@ ENV DEFAULT_TERRAFORM_VERSION=${DEFAULT_TERRAFORM_VERSION} # In the official Atlantis image, we only have the latest of each Terraform version. # Each binary is about 80 MB so we limit it to the 4 latest minor releases or fewer -RUN AVAILABLE_TERRAFORM_VERSIONS="1.2.9 1.3.10 1.4.6 ${DEFAULT_TERRAFORM_VERSION}" && \ +RUN AVAILABLE_TERRAFORM_VERSIONS="1.3.10 1.4.6 1.5.7 ${DEFAULT_TERRAFORM_VERSION}" && \ case "${TARGETPLATFORM}" in \ "linux/amd64") TERRAFORM_ARCH=amd64 ;; \ "linux/arm64") TERRAFORM_ARCH=arm64 ;; \ From 1dcf234a6b5198571300f40af1a5f21338beb295 Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Fri, 3 Nov 2023 22:13:19 -0400 Subject: [PATCH 58/79] chore: enable cherry-pick-bot.yml (#3918) https://github.com/googleapis/repo-automation-bots/tree/main/packages/cherry-pick-bot#configuring --- .github/cherry-pick-bot.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/cherry-pick-bot.yml diff --git a/.github/cherry-pick-bot.yml b/.github/cherry-pick-bot.yml new file mode 100644 index 0000000000..1f62315d79 --- /dev/null +++ b/.github/cherry-pick-bot.yml @@ -0,0 +1,2 @@ +enabled: true +preservePullRequestTitle: true From 3056701c6bf8f59fa504469bac9505d679727cff Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Sat, 4 Nov 2023 02:22:12 +0000 Subject: [PATCH 59/79] fix: Update GitLab Pipeline Type Detection to use Head Pipeline Property (#3887) * Fix GitLab Mulitple Pipelines * Add logger to tests and fix test ref * Add retry to GetMergeRequest * Update retries --------- Co-authored-by: PePe Amengual --- server/events/vcs/gitlab_client.go | 39 ++++++++++++++++++------- server/events/vcs/gitlab_client_test.go | 2 +- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/server/events/vcs/gitlab_client.go b/server/events/vcs/gitlab_client.go index d5d89ab529..b159e3d83b 100644 --- a/server/events/vcs/gitlab_client.go +++ b/server/events/vcs/gitlab_client.go @@ -364,19 +364,38 @@ func (g *GitlabClient) UpdateStatus(repo models.Repo, pull models.PullRequest, s gitlabState = gitlab.Success } - mr, err := g.GetMergeRequest(pull.BaseRepo.FullName, pull.Num) - if err != nil { - return err - } - // refTarget is set to current branch if no pipeline is assigned to the commit, - // otherwise it is set to the pipeline created by the merge_request_event rule + // refTarget is set to the head pipeline of the MR if it exists, or else it is set to the head branch + // of the MR. This is needed because the commit status is only shown in the MR if the pipeline is + // assigned to an MR reference. + // Try to get the MR details a couple of times in case the pipeline is not yet assigned to the MR refTarget := pull.HeadBranch - if mr.Pipeline != nil { - switch mr.Pipeline.Source { - case "merge_request_event": - refTarget = fmt.Sprintf("refs/merge-requests/%d/head", pull.Num) + + retries := 1 + delay := 2 * time.Second + var mr *gitlab.MergeRequest + var err error + + for i := 0; i <= retries; i++ { + mr, err = g.GetMergeRequest(pull.BaseRepo.FullName, pull.Num) + if err != nil { + return err + } + if mr.HeadPipeline != nil { + g.logger.Debug("Head pipeline found for merge request %d, source '%s'. refTarget '%s'", + pull.Num, mr.HeadPipeline.Source, mr.HeadPipeline.Ref) + refTarget = mr.HeadPipeline.Ref + break + } + if i != retries { + g.logger.Debug("Head pipeline not found for merge request %d, source '%s'. Retrying in %s", + pull.Num, mr.HeadPipeline.Source, delay) + time.Sleep(delay) + } else { + g.logger.Debug("Head pipeline not found for merge request %d, source '%s'.", + pull.Num, mr.HeadPipeline.Source) } } + _, resp, err := g.Client.Commits.SetCommitStatus(repo.FullName, pull.HeadCommit, &gitlab.SetCommitStatusOptions{ State: gitlabState, Context: gitlab.String(src), diff --git a/server/events/vcs/gitlab_client_test.go b/server/events/vcs/gitlab_client_test.go index be2ac3b9c8..112f35bcc5 100644 --- a/server/events/vcs/gitlab_client_test.go +++ b/server/events/vcs/gitlab_client_test.go @@ -278,7 +278,7 @@ func TestGitlabClient_UpdateStatus(t *testing.T) { body, err := io.ReadAll(r.Body) Ok(t, err) - exp := fmt.Sprintf(`{"state":"%s","ref":"test","context":"src","target_url":"https://google.com","description":"description"}`, c.expState) + exp := fmt.Sprintf(`{"state":"%s","ref":"patch-1-merger","context":"src","target_url":"https://google.com","description":"description"}`, c.expState) Equals(t, exp, string(body)) defer r.Body.Close() // nolint: errcheck w.Write([]byte("{}")) // nolint: errcheck From 1b45fb1ae13032a8a83acd6b026e3dc3df7f1fc9 Mon Sep 17 00:00:00 2001 From: Simon Heather <32168619+X-Guardian@users.noreply.github.com> Date: Sat, 4 Nov 2023 02:41:16 +0000 Subject: [PATCH 60/79] fix: When GitHub/GitLab Auto-Merge Is Used with Atlantis Pre Workflow Hooks, the PR will be Merged Prematurely (#3880) * Fix Premature Auto-Merge * Add CommitStatusUpdater to commandRunner --- server/events/command_runner.go | 29 ++++++++++++++++++- .../pre_workflow_hooks_command_runner.go | 18 ++++++++++-- server/server.go | 1 + 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/server/events/command_runner.go b/server/events/command_runner.go index f339ad9129..085d846a9a 100644 --- a/server/events/command_runner.go +++ b/server/events/command_runner.go @@ -15,7 +15,6 @@ package events import ( "fmt" - "github.com/runatlantis/atlantis/server/utils" "strconv" "github.com/google/go-github/v54/github" @@ -28,6 +27,7 @@ import ( "github.com/runatlantis/atlantis/server/logging" "github.com/runatlantis/atlantis/server/metrics" "github.com/runatlantis/atlantis/server/recovery" + "github.com/runatlantis/atlantis/server/utils" tally "github.com/uber-go/tally/v4" gitlab "github.com/xanzy/go-gitlab" ) @@ -128,6 +128,7 @@ type DefaultCommandRunner struct { PullStatusFetcher PullStatusFetcher TeamAllowlistChecker *TeamAllowlistChecker VarFileAllowlistChecker *VarFileAllowlistChecker + CommitStatusUpdater CommitStatusUpdater } // RunAutoplanCommand runs plan and policy_checks when a pull request is opened or updated. @@ -186,6 +187,19 @@ func (c *DefaultCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo if c.FailOnPreWorkflowHookError { ctx.Log.Err("'fail-on-pre-workflow-hook-error' set, so not running %s command.", command.Plan) + + // Update the plan or apply commit status to pending whilst the pre workflow hook is running so that the PR can't be merged. + switch cmd.Name { + case command.Plan: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Plan); err != nil { + ctx.Log.Warn("unable to update plan commit status: %s", err) + } + case command.Apply: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Apply); err != nil { + ctx.Log.Warn("unable to update apply commit status: %s", err) + } + } + return } @@ -317,6 +331,19 @@ func (c *DefaultCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHead if c.FailOnPreWorkflowHookError { ctx.Log.Err("'fail-on-pre-workflow-hook-error' set, so not running %s command.", cmd.Name.String()) + + // Update the plan or apply commit status to pending whilst the pre workflow hook is running so that the PR can't be merged. + switch cmd.Name { + case command.Plan: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Plan); err != nil { + ctx.Log.Warn("unable to update plan commit status: %s", err) + } + case command.Apply: + if err := c.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.FailedCommitStatus, command.Apply); err != nil { + ctx.Log.Warn("unable to update apply commit status: %s", err) + } + } + return } diff --git a/server/events/pre_workflow_hooks_command_runner.go b/server/events/pre_workflow_hooks_command_runner.go index 970d280b9b..daa50df8ba 100644 --- a/server/events/pre_workflow_hooks_command_runner.go +++ b/server/events/pre_workflow_hooks_command_runner.go @@ -75,6 +75,18 @@ func (w *DefaultPreWorkflowHooksCommandRunner) RunPreHooks(ctx *command.Context, escapedArgs = escapeArgs(cmd.Flags) } + // Update the plan or apply commit status to pending whilst the pre workflow hook is running + switch cmd.Name { + case command.Plan: + if err := w.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.PendingCommitStatus, command.Plan); err != nil { + ctx.Log.Warn("unable to update plan commit status: %s", err) + } + case command.Apply: + if err := w.CommitStatusUpdater.UpdateCombined(ctx.Pull.BaseRepo, ctx.Pull, models.PendingCommitStatus, command.Apply); err != nil { + ctx.Log.Warn("unable to update apply commit status: %s", err) + } + } + err = w.runHooks( models.WorkflowHookCommandContext{ BaseRepo: baseRepo, @@ -132,7 +144,7 @@ func (w *DefaultPreWorkflowHooksCommandRunner) runHooks( } if err := w.CommitStatusUpdater.UpdatePreWorkflowHook(ctx.Pull, models.PendingCommitStatus, hookDescription, "", url); err != nil { - ctx.Log.Warn("unable to pre workflow hook status: %s", err) + ctx.Log.Warn("unable to update pre workflow hook status: %s", err) return err } @@ -140,13 +152,13 @@ func (w *DefaultPreWorkflowHooksCommandRunner) runHooks( if err != nil { if err := w.CommitStatusUpdater.UpdatePreWorkflowHook(ctx.Pull, models.FailedCommitStatus, hookDescription, runtimeDesc, url); err != nil { - ctx.Log.Warn("unable to pre workflow hook status: %s", err) + ctx.Log.Warn("unable to update pre workflow hook status: %s", err) } return err } if err := w.CommitStatusUpdater.UpdatePreWorkflowHook(ctx.Pull, models.SuccessCommitStatus, hookDescription, runtimeDesc, url); err != nil { - ctx.Log.Warn("unable to pre workflow hook status: %s", err) + ctx.Log.Warn("unable to update pre workflow hook status: %s", err) return err } } diff --git a/server/server.go b/server/server.go index 6f80cb420f..d5c54e8e9e 100644 --- a/server/server.go +++ b/server/server.go @@ -813,6 +813,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) { PullStatusFetcher: backend, TeamAllowlistChecker: githubTeamAllowlistChecker, VarFileAllowlistChecker: varFileAllowlistChecker, + CommitStatusUpdater: commitStatusUpdater, } repoAllowlist, err := events.NewRepoAllowlistChecker(userConfig.RepoAllowlist) if err != nil { From 721313f4d8f2503d3c012eaddef1efb759037800 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 5 Nov 2023 01:06:35 +0000 Subject: [PATCH 61/79] fix(deps): update module github.com/go-playground/validator/v10 to v10.16.0 in go.mod (#3920) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4f886cb54d..e1f7822c62 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/briandowns/spinner v1.23.0 github.com/cactus/go-statsd-client/v5 v5.1.0 github.com/go-ozzo/ozzo-validation v3.6.0+incompatible - github.com/go-playground/validator/v10 v10.15.5 + github.com/go-playground/validator/v10 v10.16.0 github.com/go-test/deep v1.1.0 github.com/golang-jwt/jwt/v5 v5.0.0 github.com/google/go-github/v54 v54.0.0 diff --git a/go.sum b/go.sum index ef849e5bab..f8f329d638 100644 --- a/go.sum +++ b/go.sum @@ -142,8 +142,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24= -github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= +github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE= +github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= From 9c6b8d0a963efda9c08b449f9eb8f1924ea4c729 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 5 Nov 2023 04:06:28 +0000 Subject: [PATCH 62/79] fix(deps): update module github.com/gorilla/mux to v1.8.1 in go.mod (#3921) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e1f7822c62..31ae56e5ec 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/google/go-github/v54 v54.0.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.4.0 - github.com/gorilla/mux v1.8.0 + github.com/gorilla/mux v1.8.1 github.com/gorilla/websocket v1.5.0 github.com/hashicorp/go-getter/v2 v2.2.1 github.com/hashicorp/go-multierror v1.1.1 diff --git a/go.sum b/go.sum index f8f329d638..7e9c1099ec 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= From 886dd96299f3548bcccb546f8fdfa59be7e9fbca Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Sun, 5 Nov 2023 21:41:32 -0500 Subject: [PATCH 63/79] refactor(ci): reduce complexity in required workflows (#3925) * refactor(ci): builds upon work in tests to reduce complexity in requiring workflows * fix: tweaks and missing outputs * fix: make sure the new workflows actually run * fix: consistency with non-required testing image --- .github/workflows/atlantis-image-required.yml | 26 ---------- .github/workflows/atlantis-image.yml | 42 +++++++++++++--- .github/workflows/codeql-required.yml | 40 --------------- .github/workflows/codeql.yml | 45 +++++++++++++---- .github/workflows/lint-required.yml | 32 ------------ .github/workflows/lint.yml | 36 +++++++++++--- .github/workflows/pr-lint.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/test.yml | 10 ++-- .github/workflows/testing-env-image.yml | 38 +++++++++++--- .github/workflows/website-required.yml | 38 -------------- .github/workflows/website.yml | 49 +++++++++++++------ 12 files changed, 173 insertions(+), 187 deletions(-) delete mode 100644 .github/workflows/atlantis-image-required.yml delete mode 100644 .github/workflows/codeql-required.yml delete mode 100644 .github/workflows/lint-required.yml delete mode 100644 .github/workflows/website-required.yml diff --git a/.github/workflows/atlantis-image-required.yml b/.github/workflows/atlantis-image-required.yml deleted file mode 100644 index 28a47bc4c0..0000000000 --- a/.github/workflows/atlantis-image-required.yml +++ /dev/null @@ -1,26 +0,0 @@ -# For required checks when path filtering doesn't trigger the other job -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: atlantis-image - -on: - pull_request: - paths-ignore: - - 'Dockerfile' - - 'docker-entrypoint.sh' - - '.github/workflows/atlantis-image.yml' - - '**.go' - - 'go.*' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - build: - strategy: - matrix: - image_type: [alpine, debian] - runs-on: ubuntu-latest - steps: - - run: 'echo "No build required"' diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index 02829ed319..beb9a7b41e 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -4,16 +4,14 @@ on: push: branches: - 'main' + - 'releases-**' tags: - v*.*.* # stable release like, v0.19.2 - v*.*.*-pre.* # pre release like, v0.19.0-pre.calendardate pull_request: - paths: - - 'Dockerfile' - - 'docker-entrypoint.sh' - - '.github/workflows/atlantis-image.yml' - - '**.go' - - 'go.*' + branches: + - 'main' + - 'releases-**' workflow_dispatch: concurrency: @@ -21,7 +19,28 @@ concurrency: cancel-in-progress: true jobs: + changes: + outputs: + should-run-build: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - 'Dockerfile' + - 'docker-entrypoint.sh' + - '.github/workflows/atlantis-image.yml' + - '**.go' + - 'go.*' + build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'true' + name: Build Image strategy: matrix: image_type: [alpine, debian] @@ -123,3 +142,14 @@ jobs: target: ${{ matrix.image_type }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} + + skip-build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'false' + name: Build Image + strategy: + matrix: + image_type: [alpine, debian] + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' \ No newline at end of file diff --git a/.github/workflows/codeql-required.yml b/.github/workflows/codeql-required.yml deleted file mode 100644 index 05736bb69a..0000000000 --- a/.github/workflows/codeql-required.yml +++ /dev/null @@ -1,40 +0,0 @@ -# For required checks when path filtering doesn;'t trigger the other job -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: "CodeQL" - -on: - push: - branches: [ "main" ] - paths-ignore: - - '**.go' - - '**.js' - pull_request: - # The branches below must be a subset of the branches above - types: - - opened - - reopened - - synchronize - - ready_for_review - branches: [ "main" ] - paths-ignore: - - '**.go' - - '**.js' - -jobs: - analyze: - name: Analyze - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'go', 'javascript' ] - - steps: - - run: 'echo "No build required"' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 57eb362445..5903b805de 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,10 +13,9 @@ name: "CodeQL" on: push: - branches: [ "main" ] - paths: - - '**.go' - - '**.js' + branches: + - 'main' + - 'releases-**' pull_request: # The branches below must be a subset of the branches above types: @@ -24,19 +23,34 @@ on: - reopened - synchronize - ready_for_review - branches: [ "main" ] - paths: - - '**.go' - - '**.js' + branches: + - 'main' + - 'releases-**' schedule: - cron: '17 9 * * 5' jobs: + changes: + outputs: + should-run-analyze: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - '**.go' + - '**.js4' + analyze: + needs: [changes] name: Analyze - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest + if: github.event.pull_request.draft == false && needs.changes.outputs.should-run-analyze == 'true' + runs-on: ubuntu-22.04 permissions: actions: read contents: read @@ -87,3 +101,14 @@ jobs: uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}" + + skip-analyze: + needs: [changes] + if: needs.changes.outputs.should-run-analyze == 'false' + name: Analyze + strategy: + matrix: + language: [ 'go', 'javascript' ] + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' diff --git a/.github/workflows/lint-required.yml b/.github/workflows/lint-required.yml deleted file mode 100644 index 6f5451f8d8..0000000000 --- a/.github/workflows/lint-required.yml +++ /dev/null @@ -1,32 +0,0 @@ -# For required checks when path filtering doesn;'t trigger the other job -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: linter - -on: - pull_request: - types: - - opened - - reopened - - synchronize - - ready_for_review - branches: - - "main" - paths-ignore: - - '**.go' - - 'go.*' - - '.github/workflows/lint.yml' - - '.github/workflows/lint-required.yml' - - '.golangci.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - golangci-lint: - if: github.event.pull_request.draft == false - name: runner / golangci-lint - runs-on: ubuntu-22.04 - steps: - - run: 'echo "No build required"' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2b39dec606..805586e53d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,20 +9,34 @@ on: - ready_for_review branches: - "main" - paths: - - '**.go' - - 'go.*' - - '.github/workflows/lint.yml' - - '.golangci.yml' + - 'releases-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: - golangci-lint: + changes: + outputs: + should-run-linting: ${{ steps.changes.outputs.go == 'true' }} if: github.event.pull_request.draft == false - name: runner / golangci-lint + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + go: + - '**.go' + - 'go.*' + - '.github/workflows/lint.yml' + - '.golangci.yml' + + golangci-lint: + needs: [changes] + if: github.event.pull_request.draft == false && needs.changes.outputs.should-run-linting == 'true' + name: Linting runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -30,3 +44,11 @@ jobs: uses: reviewdog/action-golangci-lint@v2 with: tool_name: golangci-lint + + skip-lint: + needs: [changes] + if: needs.changes.outputs.should-run-linting == 'false' + name: Linting + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index d54e174965..e3a5b647ac 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -13,7 +13,7 @@ permissions: jobs: main: name: Validate PR title - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: amannn/action-semantic-pull-request@v5 env: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 979b3428ed..e2ff5c4635 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,7 +4,7 @@ on: - cron: '30 1 * * *' jobs: stale: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/stale@v8 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a5e3cdc137..120dcee826 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,7 +3,8 @@ name: tester on: push: branches: - - "main" + - 'main' + - 'releases-**' pull_request: types: - opened @@ -11,7 +12,8 @@ on: - synchronize - ready_for_review branches: - - "main" + - 'main' + - 'releases-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -36,7 +38,7 @@ jobs: test: needs: [changes] if: needs.changes.outputs.should-run-tests == 'true' - name: runner / gotest + name: Tests runs-on: ubuntu-22.04 container: ghcr.io/runatlantis/testing-env:latest steps: @@ -86,7 +88,7 @@ jobs: skip-test: needs: [changes] if: needs.changes.outputs.should-run-tests == 'false' - name: runner / gotest + name: Tests runs-on: ubuntu-22.04 steps: - run: 'echo "No build required"' diff --git a/.github/workflows/testing-env-image.yml b/.github/workflows/testing-env-image.yml index 4c37a4587a..9658c72877 100644 --- a/.github/workflows/testing-env-image.yml +++ b/.github/workflows/testing-env-image.yml @@ -2,15 +2,13 @@ name: testing-env-image on: push: - paths: - - "testing/**" - - ".github/workflows/testing-env-image.yml" branches: - - "main" + - 'main' + - 'release-**' pull_request: - paths: - - 'testing/**' - - '.github/workflows/testing-env-image.yml' + branches: + - 'main' + - 'release-**' workflow_dispatch: concurrency: @@ -18,7 +16,25 @@ concurrency: cancel-in-progress: true jobs: + changes: + outputs: + should-run-build: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - 'testing/**' + - '.github/workflows/testing-env-image.yml' + build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'true' + name: Build Testing Env Image runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 @@ -51,3 +67,11 @@ jobs: tags: | ghcr.io/runatlantis/testing-env:${{env.TODAY}} ghcr.io/runatlantis/testing-env:latest + + skip-build: + needs: [changes] + if: needs.changes.outputs.should-run-build == 'false' + name: Build Testing Env Image + runs-on: ubuntu-22.04 + steps: + - run: 'echo "No build required"' \ No newline at end of file diff --git a/.github/workflows/website-required.yml b/.github/workflows/website-required.yml deleted file mode 100644 index de35d5c068..0000000000 --- a/.github/workflows/website-required.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: website - -on: - push: - branches: - - "main" - paths-ignore: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' - pull_request: - types: - - opened - - reopened - - synchronize - - ready_for_review - branches: - - "main" - paths-ignore: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - # Check that there's no missing links for the website. - # This job builds the website, starts a server to serve it, and then uses - # muffet (https://github.com/raviqqe/muffet) to perform the link check. - link_check: - if: github.event.pull_request.draft == false - runs-on: ubuntu-22.04 - steps: - - run: 'echo "No testing required"' diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml index 6db5acdf5d..7f8c110336 100644 --- a/.github/workflows/website.yml +++ b/.github/workflows/website.yml @@ -3,12 +3,8 @@ name: website on: push: branches: - - "main" - paths: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' + - 'main' + - 'release-**' pull_request: types: - opened @@ -16,24 +12,39 @@ on: - synchronize - ready_for_review branches: - - "main" - paths: - - '**.js' - - 'yarn.lock' - - 'package.json' - - '.github/workflows/website.yml' + - 'main' + - 'release-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: + changes: + outputs: + should-run-link-check: ${{ steps.changes.outputs.src == 'true' }} + if: github.event.pull_request.draft == false + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + src: + - '**.js' + - 'yarn.lock' + - 'package.json' + - '.github/workflows/website.yml' + # Check that the website builds and there's no missing links. # This job builds the website, starts a server to serve it, and then uses # muffet (https://github.com/raviqqe/muffet) to perform the link check. - link_check: - if: github.event.pull_request.draft == false - runs-on: ubuntu-22.04 + link-check: + needs: [changes] + if: github.event.pull_request.draft == false && needs.changes.outputs.should-run-link-check == 'true' + name: Website Link Check + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -68,3 +79,11 @@ jobs: --header 'Accept-Encoding:deflate, gzip' \ --buffer-size 8192 \ http://localhost:8080/ + + skip-link-check: + needs: [changes] + if: needs.changes.outputs.should-run-link-check == 'false' + name: Website Link Check + runs-on: ubuntu-latest + steps: + - run: 'echo "No build required"' \ No newline at end of file From 06e83e8d08d85d90da3a9c4e56b8f868368a64cc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 03:00:00 +0000 Subject: [PATCH 64/79] fix(deps): update module github.com/gorilla/websocket to v1.5.1 in go.mod (#3926) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 31ae56e5ec..b44eaffba5 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.4.0 github.com/gorilla/mux v1.8.1 - github.com/gorilla/websocket v1.5.0 + github.com/gorilla/websocket v1.5.1 github.com/hashicorp/go-getter/v2 v2.2.1 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-version v1.6.0 diff --git a/go.sum b/go.sum index 7e9c1099ec..e6c5f009d0 100644 --- a/go.sum +++ b/go.sum @@ -238,8 +238,8 @@ github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= From 1f2f3531e56bb7fb652f926d35e86de2e9f08f44 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 03:07:52 +0000 Subject: [PATCH 65/79] fix(deps): update module github.com/spf13/cobra to v1.8.0 in go.mod (#3927) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index b44eaffba5..ba0e308847 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( github.com/remeh/sizedwaitgroup v1.0.0 github.com/shurcooL/githubv4 v0.0.0-20230704064427-599ae7bbf278 github.com/slack-go/slack v0.12.3 - github.com/spf13/cobra v1.7.0 + github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.17.0 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index e6c5f009d0..93941c9451 100644 --- a/go.sum +++ b/go.sum @@ -99,7 +99,7 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -423,8 +423,8 @@ github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI= From 5818334a9a3d72a9d1b1690d50e798a6b10d677c Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Sun, 5 Nov 2023 23:20:15 -0500 Subject: [PATCH 66/79] fix(renovate): add release branches to renovate (#3924) * fix(renovate): This fixes renovate to also autoMerge fixes to our release branches so we don't have to cherry-pick them. * fix(renovate): run config validator on release branches too --- .github/renovate.json5 | 1 + .github/workflows/renovate-config.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 3236c6cd7c..1d9b1c1bb9 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -6,6 +6,7 @@ commitMessageSuffix: " in {{packageFile}}", dependencyDashboardAutoclose: true, automerge: true, + baseBranches: ["main", "/^release\-.*/"], platformAutomerge: true, labels: ["dependencies"], postUpdateOptions: [ diff --git a/.github/workflows/renovate-config.yml b/.github/workflows/renovate-config.yml index b41002086a..bb5258df99 100644 --- a/.github/workflows/renovate-config.yml +++ b/.github/workflows/renovate-config.yml @@ -6,6 +6,7 @@ on: - '.github/renovate.json5' branches: - main + - 'releases-**' pull_request: paths: - '.github/renovate.json5' @@ -13,7 +14,7 @@ on: jobs: validate: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 From 1a9714a91c21a41169d38af701dafa2e87765fb7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Nov 2023 00:47:57 +0000 Subject: [PATCH 67/79] fix(deps): update github.com/warrensbox/terraform-switcher digest to d7dfd1b in go.mod (#3928) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ba0e308847..28e5a7febf 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/uber-go/tally/v4 v4.1.10 github.com/urfave/negroni/v3 v3.0.0 - github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 + github.com/warrensbox/terraform-switcher v0.1.1-0.20230206012955-d7dfd1b44605 github.com/xanzy/go-gitlab v0.93.2 go.etcd.io/bbolt v1.3.8 go.uber.org/zap v1.26.0 diff --git a/go.sum b/go.sum index 93941c9451..e1bdb22b7d 100644 --- a/go.sum +++ b/go.sum @@ -454,8 +454,8 @@ github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/JhU= github.com/urfave/negroni/v3 v3.0.0/go.mod h1:jWvnX03kcSjDBl/ShB0iHvx5uOs7mAzZXW+JvJ5XYAs= -github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997 h1:be5WC0FHdhimAhe2G3DPhduX117RM8qdTMYCMHDt4DM= -github.com/warrensbox/terraform-switcher v0.1.1-0.20221027055942-201c8e92e997/go.mod h1:saryXNaL624mlulV138FP+HhVw7IpvETUXLS3nTvH1g= +github.com/warrensbox/terraform-switcher v0.1.1-0.20230206012955-d7dfd1b44605 h1:bRt3KvPapqnO3s9XenyU4COpU9X7cNW3BMELyHRxuSs= +github.com/warrensbox/terraform-switcher v0.1.1-0.20230206012955-d7dfd1b44605/go.mod h1:saryXNaL624mlulV138FP+HhVw7IpvETUXLS3nTvH1g= github.com/xanzy/go-gitlab v0.93.2 h1:kNNf3BYNYn/Zkig0B89fma12l36VLcYSGu7OnaRlRDg= github.com/xanzy/go-gitlab v0.93.2/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From b965f9ac1aa686b69b769ea9ba12867dee2ef1bb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 04:23:21 +0000 Subject: [PATCH 68/79] chore(deps): update golang docker tag to v1.21.4 in testing/dockerfile (#3963) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- Dockerfile | 2 +- testing/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e87dcbc32b..37df2d7ad5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG DEFAULT_CONFTEST_VERSION=0.46.0 # Stage 1: build artifact and download deps -FROM golang:1.21.3-alpine AS builder +FROM golang:1.21.4-alpine AS builder ARG ATLANTIS_VERSION=dev ENV ATLANTIS_VERSION=${ATLANTIS_VERSION} diff --git a/testing/Dockerfile b/testing/Dockerfile index a57ec9af3d..170bb29e1d 100644 --- a/testing/Dockerfile +++ b/testing/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.3 +FROM golang:1.21.4 RUN apt-get update && apt-get --no-install-recommends -y install unzip \ && apt-get clean \ From e9c0d72578aea6e02fd82d79943dc372d4626eca Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen <58337159+bschaatsbergen@users.noreply.github.com> Date: Thu, 9 Nov 2023 05:25:08 +0100 Subject: [PATCH 69/79] fix: use the non-root atlantis user instead of root (#3886) * feat: use Atlantis user by default and get rid of gosu * chore: set `DOCKER_CONTENT_TRUST=1` * chore: fix chmod and chown * feat: add a healthcheck to the debian and alpine images * feat: removing setuid and setgid permissions prevents container privilege escalation and improve comments * chore: remove setgid/setuid as we chown an entire directory * chore: keep deps comment generic * chore: grammar * chore: remove redundant comment * chore: rm DOCKER_CONTENT_TRUST * chore: set uid and gid and remove passwd entry * chore: revert gid and uid set as it's conflicting --------- Co-authored-by: PePe Amengual --- Dockerfile | 72 +++++++++++++++++--------------------------- docker-entrypoint.sh | 14 --------- 2 files changed, 28 insertions(+), 58 deletions(-) diff --git a/Dockerfile b/Dockerfile index 37df2d7ad5..fbc22a992f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,7 +41,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \ FROM debian:${DEBIAN_TAG} as debian-base -# Install packages needed for running Atlantis. +# Install packages needed to run Atlantis. # We place this last as it will bust less docker layer caches when packages update # hadolint ignore explanation # DL3008 (pin versions using "=") - Ignored to avoid failing the build @@ -89,30 +89,6 @@ RUN AVAILABLE_CONFTEST_VERSIONS=${DEFAULT_CONFTEST_VERSION} && \ rm checksums.txt; \ done -# install gosu -# We use gosu to step down from root and run as the atlantis user -# renovate: datasource=github-releases depName=tianon/gosu -ENV GOSU_VERSION=1.16 - -RUN case ${TARGETPLATFORM} in \ - "linux/amd64") GOSU_ARCH=amd64 ;; \ - "linux/arm64") GOSU_ARCH=arm64 ;; \ - "linux/arm/v7") GOSU_ARCH=armhf ;; \ - esac && \ - curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}" && \ - curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}.asc" && \ - for server in $(shuf -e ipv4.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done && \ - gpg --batch --verify gosu.asc gosu && \ - chmod +x gosu && \ - cp gosu /bin && \ - gosu --version - # install git-lfs # renovate: datasource=github-releases depName=git-lfs/git-lfs ENV GIT_LFS_VERSION=3.4.0 @@ -159,26 +135,27 @@ RUN AVAILABLE_TERRAFORM_VERSIONS="1.3.10 1.4.6 1.5.7 ${DEFAULT_TERRAFORM_VERSION # Creating the individual distro builds using targets FROM alpine:${ALPINE_TAG} AS alpine -# atlantis user for gosu and OpenShift compatibility +EXPOSE ${ATLANTIS_PORT:-4141} + +HEALTHCHECK --interval=5m --timeout=3s \ + CMD curl -f http://localhost:${ATLANTIS_PORT:-4141}/healthz || exit 1 + +# Set up the 'atlantis' user and adjust permissions RUN addgroup atlantis && \ adduser -S -G atlantis atlantis && \ - adduser atlantis root && \ chown atlantis:root /home/atlantis/ && \ - chmod g=u /home/atlantis/ && \ - chmod g=u /etc/passwd + chmod u+rwx /home/atlantis/ -# copy binary +# copy atlantis binary COPY --from=builder /app/atlantis /usr/local/bin/atlantis -# copy terraform +# copy terraform binaries COPY --from=deps /usr/local/bin/terraform* /usr/local/bin/ -# copy deps +# copy dependencies COPY --from=deps /usr/local/bin/conftest /usr/local/bin/conftest -COPY --from=deps /bin/gosu /bin/gosu COPY --from=deps /usr/bin/git-lfs /usr/bin/git-lfs -# copy docker entrypoint COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh -# Install packages needed for running Atlantis. +# Install packages needed to run Atlantis. # We place this last as it will bust less docker layer caches when packages update RUN apk add --no-cache \ ca-certificates~=20230506 \ @@ -191,29 +168,36 @@ RUN apk add --no-cache \ dumb-init~=1.2 \ gcompat~=1.1 + +# Set the entry point to the atlantis user and run the atlantis command +USER atlantis ENTRYPOINT ["docker-entrypoint.sh"] CMD ["server"] # Stage 2 - Debian FROM debian-base AS debian -# Add atlantis user to Debian as well +EXPOSE ${ATLANTIS_PORT:-4141} + +HEALTHCHECK --interval=5m --timeout=3s \ + CMD curl -f http://localhost:${ATLANTIS_PORT:-4141}/healthz || exit 1 + +# Set up the 'atlantis' user and adjust permissions RUN useradd --create-home --user-group --shell /bin/bash atlantis && \ - adduser atlantis root && \ chown atlantis:root /home/atlantis/ && \ - chmod g=u /home/atlantis/ && \ - chmod g=u /etc/passwd + chmod u+rwx /home/atlantis/ -# copy binary +# copy atlantis binary COPY --from=builder /app/atlantis /usr/local/bin/atlantis -# copy terraform +# copy terraform binaries COPY --from=deps /usr/local/bin/terraform* /usr/local/bin/ -# copy deps +# copy dependencies COPY --from=deps /usr/local/bin/conftest /usr/local/bin/conftest -COPY --from=deps /bin/gosu /bin/gosu COPY --from=deps /usr/bin/git-lfs /usr/bin/git-lfs -# copy docker entrypoint +# copy docker-entrypoint.sh COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh +# Set the entry point to the atlantis user and run the atlantis command +USER atlantis ENTRYPOINT ["docker-entrypoint.sh"] CMD ["server"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index dd4e15e7bf..bdb00e4cf8 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -29,18 +29,4 @@ if ! whoami > /dev/null 2>&1; then fi fi -# If we're running as root and we're trying to execute atlantis then we use -# gosu to step down from root and run as the atlantis user. -# In OpenShift, containers are run as a random users so we don't need to use gosu. -if [ "$(id -u)" = 0 ] && [ "$1" = 'atlantis' ]; then - # If requested, set the capability to bind to privileged ports before - # we drop to the non-root user. Note that this doesn't work with all - # storage drivers (it won't work with AUFS). - if [ -n "${ATLANTIS_ALLOW_PRIVILEGED_PORTS+x}" ]; then - setcap "cap_net_bind_service=+ep" /bin/atlantis - fi - - set -- gosu atlantis "$@" -fi - exec "$@" From ea1dbbdabb5fba218e1fda43f255fb5d3de1d7bc Mon Sep 17 00:00:00 2001 From: Dylan Page Date: Thu, 9 Nov 2023 14:13:01 -0600 Subject: [PATCH 70/79] fix: actually run GHA workflows on s/releases/release branches (#3966) --- .github/workflows/atlantis-image.yml | 4 ++-- .github/workflows/codeql.yml | 4 ++-- .github/workflows/lint.yml | 2 +- .github/workflows/test.yml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/atlantis-image.yml b/.github/workflows/atlantis-image.yml index beb9a7b41e..87d2875766 100644 --- a/.github/workflows/atlantis-image.yml +++ b/.github/workflows/atlantis-image.yml @@ -4,14 +4,14 @@ on: push: branches: - 'main' - - 'releases-**' + - 'release-**' tags: - v*.*.* # stable release like, v0.19.2 - v*.*.*-pre.* # pre release like, v0.19.0-pre.calendardate pull_request: branches: - 'main' - - 'releases-**' + - 'release-**' workflow_dispatch: concurrency: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5903b805de..e4cb1a139d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -15,7 +15,7 @@ on: push: branches: - 'main' - - 'releases-**' + - 'release-**' pull_request: # The branches below must be a subset of the branches above types: @@ -25,7 +25,7 @@ on: - ready_for_review branches: - 'main' - - 'releases-**' + - 'release-**' schedule: - cron: '17 9 * * 5' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 805586e53d..3d60559b66 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,7 +9,7 @@ on: - ready_for_review branches: - "main" - - 'releases-**' + - 'release-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 120dcee826..ff4838b906 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,7 +4,7 @@ on: push: branches: - 'main' - - 'releases-**' + - 'release-**' pull_request: types: - opened @@ -13,7 +13,7 @@ on: - ready_for_review branches: - 'main' - - 'releases-**' + - 'release-**' concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} From 9bc94dee140fbf78c7d2ca36389cb643299417c9 Mon Sep 17 00:00:00 2001 From: Luke Massa Date: Thu, 9 Nov 2023 17:36:35 -0500 Subject: [PATCH 71/79] feat: remove silence whitelist errors flag (#3923) Co-authored-by: PePe Amengual --- cmd/server.go | 13 ------------ cmd/server_test.go | 40 ------------------------------------- server/user_config.go | 46 +++++++++++++++++++++---------------------- 3 files changed, 22 insertions(+), 77 deletions(-) diff --git a/cmd/server.go b/cmd/server.go index d9e37a7c62..d0aa2dfcc7 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -127,8 +127,6 @@ const ( SilenceForkPRErrorsFlag = "silence-fork-pr-errors" SilenceVCSStatusNoPlans = "silence-vcs-status-no-plans" SilenceAllowlistErrorsFlag = "silence-allowlist-errors" - // SilenceWhitelistErrorsFlag is deprecated for SilenceAllowlistErrorsFlag. - SilenceWhitelistErrorsFlag = "silence-whitelist-errors" SkipCloneNoChanges = "skip-clone-no-changes" SlackTokenFlag = "slack-token" SSLCertFileFlag = "ssl-cert-file" @@ -537,11 +535,6 @@ var boolFlags = map[string]boolFlag{ description: "Silences the posting of allowlist error comments.", defaultValue: false, }, - SilenceWhitelistErrorsFlag: { - description: "[Deprecated for --silence-allowlist-errors].", - defaultValue: false, - hidden: true, - }, DisableMarkdownFoldingFlag: { description: "Toggle off folding in markdown output.", defaultValue: false, @@ -938,9 +931,6 @@ func (s *ServerCmd) validate(userConfig server.UserConfig) error { if strings.Contains(userConfig.RepoAllowlist, "://") { return fmt.Errorf("--%s cannot contain ://, should be hostnames only", RepoAllowlistFlag) } - if userConfig.SilenceAllowlistErrors && userConfig.SilenceWhitelistErrors { - return fmt.Errorf("both --%s and --%s cannot be set–use --%s", SilenceAllowlistErrorsFlag, SilenceWhitelistErrorsFlag, SilenceAllowlistErrorsFlag) - } if userConfig.BitbucketBaseURL == DefaultBitbucketBaseURL && userConfig.BitbucketWebhookSecret != "" { return fmt.Errorf("--%s cannot be specified for Bitbucket Cloud because it is not supported by Bitbucket", BitbucketWebhookSecretFlag) @@ -1143,9 +1133,6 @@ func (s *ServerCmd) deprecationWarnings(userConfig *server.UserConfig) error { } // Handle repo whitelist deprecation. - if userConfig.SilenceWhitelistErrors { - userConfig.SilenceAllowlistErrors = true - } if userConfig.RepoWhitelist != "" { userConfig.RepoAllowlist = userConfig.RepoWhitelist } diff --git a/cmd/server_test.go b/cmd/server_test.go index 3ed524df77..387acf3de0 100644 --- a/cmd/server_test.go +++ b/cmd/server_test.go @@ -752,18 +752,6 @@ func TestExecute_TFEHostnameOnly(t *testing.T) { ErrEquals(t, "if setting --tfe-hostname, must set --tfe-token", err) } -// Can't use both --repo-allowlist and --repo-whitelist -func TestExecute_BothAllowAndWhitelist(t *testing.T) { - c := setup(map[string]interface{}{ - GHUserFlag: "user", - GHTokenFlag: "token", - RepoAllowlistFlag: "github.com", - RepoWhitelistFlag: "github.com", - }, t) - err := c.Execute() - ErrEquals(t, "both --repo-allowlist and --repo-whitelist cannot be set–use --repo-allowlist", err) -} - // Must set allow or whitelist. func TestExecute_AllowAndWhitelist(t *testing.T) { c := setup(map[string]interface{}{ @@ -774,19 +762,6 @@ func TestExecute_AllowAndWhitelist(t *testing.T) { ErrEquals(t, "--repo-allowlist must be set for security purposes", err) } -// Can't use both --silence-whitelist-errors and --silence-allowlist-errors -func TestExecute_BothSilenceAllowAndWhitelistErrors(t *testing.T) { - c := setup(map[string]interface{}{ - GHUserFlag: "user", - GHTokenFlag: "token", - RepoAllowlistFlag: "*", - SilenceWhitelistErrorsFlag: true, - SilenceAllowlistErrorsFlag: true, - }, t) - err := c.Execute() - ErrEquals(t, "both --silence-allowlist-errors and --silence-whitelist-errors cannot be set–use --silence-allowlist-errors", err) -} - func TestExecute_DisableApplyDeprecation(t *testing.T) { c := setupWithDefaults(map[string]interface{}{ DisableApplyFlag: true, @@ -797,21 +772,6 @@ func TestExecute_DisableApplyDeprecation(t *testing.T) { Equals(t, "plan,unlock", passedConfig.AllowCommands) } -// Test that we set the corresponding allow list values on the userConfig -// struct if the deprecated whitelist flags are used. -func TestExecute_RepoWhitelistDeprecation(t *testing.T) { - c := setup(map[string]interface{}{ - GHUserFlag: "user", - GHTokenFlag: "token", - RepoWhitelistFlag: "*", - SilenceWhitelistErrorsFlag: true, - }, t) - err := c.Execute() - Ok(t, err) - Equals(t, true, passedConfig.SilenceAllowlistErrors) - Equals(t, "*", passedConfig.RepoAllowlist) -} - func TestExecute_AutoDetectModulesFromProjects_Env(t *testing.T) { t.Setenv("ATLANTIS_AUTOPLAN_MODULES_FROM_PROJECTS", "**/init.tf") c := setupWithDefaults(map[string]interface{}{}, t) diff --git a/server/user_config.go b/server/user_config.go index 49e3ed6fba..45a6d4c5dd 100644 --- a/server/user_config.go +++ b/server/user_config.go @@ -104,30 +104,28 @@ type UserConfig struct { SilenceVCSStatusNoPlans bool `mapstructure:"silence-vcs-status-no-plans"` // SilenceVCSStatusNoProjects is whether autoplan should set commit status if no projects // are found. - SilenceVCSStatusNoProjects bool `mapstructure:"silence-vcs-status-no-projects"` - SilenceAllowlistErrors bool `mapstructure:"silence-allowlist-errors"` - // SilenceWhitelistErrors is deprecated in favour of SilenceAllowlistErrors - SilenceWhitelistErrors bool `mapstructure:"silence-whitelist-errors"` - SkipCloneNoChanges bool `mapstructure:"skip-clone-no-changes"` - SlackToken string `mapstructure:"slack-token"` - SSLCertFile string `mapstructure:"ssl-cert-file"` - SSLKeyFile string `mapstructure:"ssl-key-file"` - RestrictFileList bool `mapstructure:"restrict-file-list"` - TFDownload bool `mapstructure:"tf-download"` - TFDownloadURL string `mapstructure:"tf-download-url"` - TFEHostname string `mapstructure:"tfe-hostname"` - TFELocalExecutionMode bool `mapstructure:"tfe-local-execution-mode"` - TFEToken string `mapstructure:"tfe-token"` - VarFileAllowlist string `mapstructure:"var-file-allowlist"` - VCSStatusName string `mapstructure:"vcs-status-name"` - DefaultTFVersion string `mapstructure:"default-tf-version"` - Webhooks []WebhookConfig `mapstructure:"webhooks"` - WebBasicAuth bool `mapstructure:"web-basic-auth"` - WebUsername string `mapstructure:"web-username"` - WebPassword string `mapstructure:"web-password"` - WriteGitCreds bool `mapstructure:"write-git-creds"` - WebsocketCheckOrigin bool `mapstructure:"websocket-check-origin"` - UseTFPluginCache bool `mapstructure:"use-tf-plugin-cache"` + SilenceVCSStatusNoProjects bool `mapstructure:"silence-vcs-status-no-projects"` + SilenceAllowlistErrors bool `mapstructure:"silence-allowlist-errors"` + SkipCloneNoChanges bool `mapstructure:"skip-clone-no-changes"` + SlackToken string `mapstructure:"slack-token"` + SSLCertFile string `mapstructure:"ssl-cert-file"` + SSLKeyFile string `mapstructure:"ssl-key-file"` + RestrictFileList bool `mapstructure:"restrict-file-list"` + TFDownload bool `mapstructure:"tf-download"` + TFDownloadURL string `mapstructure:"tf-download-url"` + TFEHostname string `mapstructure:"tfe-hostname"` + TFELocalExecutionMode bool `mapstructure:"tfe-local-execution-mode"` + TFEToken string `mapstructure:"tfe-token"` + VarFileAllowlist string `mapstructure:"var-file-allowlist"` + VCSStatusName string `mapstructure:"vcs-status-name"` + DefaultTFVersion string `mapstructure:"default-tf-version"` + Webhooks []WebhookConfig `mapstructure:"webhooks"` + WebBasicAuth bool `mapstructure:"web-basic-auth"` + WebUsername string `mapstructure:"web-username"` + WebPassword string `mapstructure:"web-password"` + WriteGitCreds bool `mapstructure:"write-git-creds"` + WebsocketCheckOrigin bool `mapstructure:"websocket-check-origin"` + UseTFPluginCache bool `mapstructure:"use-tf-plugin-cache"` } // ToAllowCommandNames parse AllowCommands into a slice of CommandName From 543c37ce51545264918a4431b60a88b7acab89c8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Nov 2023 01:52:00 +0000 Subject: [PATCH 72/79] fix(deps): update module github.com/golang-jwt/jwt/v5 to v5.1.0 in go.mod (#3967) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 28e5a7febf..e0e7448e7d 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/go-ozzo/ozzo-validation v3.6.0+incompatible github.com/go-playground/validator/v10 v10.16.0 github.com/go-test/deep v1.1.0 - github.com/golang-jwt/jwt/v5 v5.0.0 + github.com/golang-jwt/jwt/v5 v5.1.0 github.com/google/go-github/v54 v54.0.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.4.0 diff --git a/go.sum b/go.sum index e1bdb22b7d..e5fd8312cc 100644 --- a/go.sum +++ b/go.sum @@ -153,8 +153,8 @@ github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncV github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= -github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.1.0 h1:UGKbA/IPjtS6zLcdB7i5TyACMgSbOTiR8qzXgw8HWQU= +github.com/golang-jwt/jwt/v5 v5.1.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= From 8ebb504528f8565cbbf4091e0317d020cccb76d6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 Nov 2023 03:33:35 +0000 Subject: [PATCH 73/79] fix(deps): update module golang.org/x/term to v0.14.0 in go.mod (#3968) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index e0e7448e7d..c30a499b24 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/xanzy/go-gitlab v0.93.2 go.etcd.io/bbolt v1.3.8 go.uber.org/zap v1.26.0 - golang.org/x/term v0.13.0 + golang.org/x/term v0.14.0 golang.org/x/text v0.13.0 gopkg.in/yaml.v2 v2.4.0 ) @@ -128,7 +128,7 @@ require ( golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.13.0 // indirect + golang.org/x/sys v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.31.0 // indirect diff --git a/go.sum b/go.sum index e5fd8312cc..5d6f9d6c8f 100644 --- a/go.sum +++ b/go.sum @@ -659,15 +659,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 46c1d757f80c41c81447c33e756f60d9ebcdbe09 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 11 Nov 2023 02:41:40 +0000 Subject: [PATCH 74/79] chore(deps): update dependency @vuepress/plugin-google-analytics to v2.0.0-beta.68 in package.json (#3971) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 525 ++++++++++++++++++++++++++++++--------------------- 2 files changed, 315 insertions(+), 212 deletions(-) diff --git a/package.json b/package.json index 9b5907ea0f..db3bc0957e 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "license": "Apache-2.0", "devDependencies": { "@vuepress/plugin-docsearch": "2.0.0-beta.66", - "@vuepress/plugin-google-analytics": "2.0.0-beta.67", + "@vuepress/plugin-google-analytics": "2.0.0-beta.68", "vuepress": "2.0.0-beta.66" }, "scripts": { diff --git a/yarn.lock b/yarn.lock index 1943cd4764..63228d77ea 100644 --- a/yarn.lock +++ b/yarn.lock @@ -133,10 +133,10 @@ "@algolia/logger-common" "4.19.1" "@algolia/requester-common" "4.19.1" -"@babel/parser@^7.20.15", "@babel/parser@^7.21.3": - version "7.22.16" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.22.16.tgz#180aead7f247305cce6551bea2720934e2fa2c95" - integrity sha512-+gPfKv8UWeKKeJTUxe59+OobVcrYHETCsORl61EmSkmgymguYk/X5bp7GuUIXaFsc6y++v8ZxPsLSSuujqDphA== +"@babel/parser@^7.23.0": + version "7.23.3" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.23.3.tgz#0ce0be31a4ca4f1884b5786057cadcb6c3be58f9" + integrity sha512-uVsWNvlVsIninV2prNz/3lHCb+5CJ+e+IUBfbjToAHODtfGYLfCFuY4AU7TskI+dAKk+njsPiBjq1gKTvZOBaw== "@docsearch/css@3.5.2", "@docsearch/css@^3.5.1": version "3.5.2" @@ -276,7 +276,7 @@ resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== -"@mdit-vue/plugin-component@^0.12.0", "@mdit-vue/plugin-component@^0.12.1": +"@mdit-vue/plugin-component@^0.12.0": version "0.12.1" resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-component/-/plugin-component-0.12.1.tgz#ed04c94c767e4ba1f6fc16ab458da82750b401f6" integrity sha512-L3elbvuKUufXwPLHrmJGd/ijd/QKxfcHXy3kRy4O+P7UIV7HSWePpfB0k+wWee+by3MviYYxjVAi392z+DGy3Q== @@ -284,7 +284,15 @@ "@types/markdown-it" "^13.0.0" markdown-it "^13.0.1" -"@mdit-vue/plugin-frontmatter@^0.12.0", "@mdit-vue/plugin-frontmatter@^0.12.1": +"@mdit-vue/plugin-component@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-component/-/plugin-component-1.0.0.tgz#fdc41e58ef8b2207c94864657b27bb52f891bea9" + integrity sha512-ZXsJwxkG5yyTHARIYbR74cT4AZ0SfMokFFjiHYCbypHIeYWgJhso4+CZ8+3V9EWFG3EHlGoKNGqKp9chHnqntQ== + dependencies: + "@types/markdown-it" "^13.0.1" + markdown-it "^13.0.1" + +"@mdit-vue/plugin-frontmatter@^0.12.0": version "0.12.1" resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-frontmatter/-/plugin-frontmatter-0.12.1.tgz#af02ebc6622fa24d71343fde627a0e49d4ffbab5" integrity sha512-C6ycNjrJ+T4JgbVxwo9cUkfLacOO841Yl8ogqd5PJmAVpc5cM2OLBkqqkZxNRXos3g9xM1VvIQ7gK/047UNADg== @@ -294,7 +302,17 @@ gray-matter "^4.0.3" markdown-it "^13.0.1" -"@mdit-vue/plugin-headers@^0.12.0", "@mdit-vue/plugin-headers@^0.12.1": +"@mdit-vue/plugin-frontmatter@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-frontmatter/-/plugin-frontmatter-1.0.0.tgz#c968335a96c0c65e623ba3e4cc6fb89a8e5a012b" + integrity sha512-MMA7Ny+YPZA7eDOY1t4E+rKuEWO39mzDdP/M68fKdXJU6VfcGkPr7gnpnJfW2QBJ5qIvMrK/3lDAA2JBy5TfpA== + dependencies: + "@mdit-vue/types" "1.0.0" + "@types/markdown-it" "^13.0.1" + gray-matter "^4.0.3" + markdown-it "^13.0.1" + +"@mdit-vue/plugin-headers@^0.12.0": version "0.12.1" resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-headers/-/plugin-headers-0.12.1.tgz#2ab8c446fca6d39ce951819b5e18fef614a227aa" integrity sha512-DXAw/iWW8f3qUYMDHgQmamL+XGjnaoeRzdvDseLRyr7gXX4xpYO9OIhe/pv9LzSvUoY7UGYmn4kFeI+0qpWJ+g== @@ -304,7 +322,17 @@ "@types/markdown-it" "^13.0.0" markdown-it "^13.0.1" -"@mdit-vue/plugin-sfc@^0.12.0", "@mdit-vue/plugin-sfc@^0.12.1": +"@mdit-vue/plugin-headers@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-headers/-/plugin-headers-1.0.0.tgz#4e3d9f13d69ec2de325a5502ba08da09f62f2cd6" + integrity sha512-0rK/iKy6x13d/Pp5XxdLBshTD0+YjZvtHIaIV+JO+/H2WnOv7oaRgs48G5d44z3XJVUE2u6fNnTlI169fef0/A== + dependencies: + "@mdit-vue/shared" "1.0.0" + "@mdit-vue/types" "1.0.0" + "@types/markdown-it" "^13.0.1" + markdown-it "^13.0.1" + +"@mdit-vue/plugin-sfc@^0.12.0": version "0.12.1" resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-sfc/-/plugin-sfc-0.12.1.tgz#49d6060e71e4016252ac35140f6960eb9a50cb6f" integrity sha512-6j332CsSqumy1+StIM3XphdXG1zj9NXuWestDJrKgS3OLy5P0EAioXScUYiZYysw61ZG+2pP37MW7Hg+eHbyIg== @@ -313,7 +341,16 @@ "@types/markdown-it" "^13.0.0" markdown-it "^13.0.1" -"@mdit-vue/plugin-title@^0.12.0", "@mdit-vue/plugin-title@^0.12.1": +"@mdit-vue/plugin-sfc@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-sfc/-/plugin-sfc-1.0.0.tgz#ecebfe3483db009a03bca9b9cebf549c0b31591c" + integrity sha512-agMUe0fY4YHxsZivSvplBwRwrFvsIf/JNUJCAYq1+2Sg9+2hviTBZwjZDxYqHDHOVLtiNr+wuo68tE24mAx3AQ== + dependencies: + "@mdit-vue/types" "1.0.0" + "@types/markdown-it" "^13.0.1" + markdown-it "^13.0.1" + +"@mdit-vue/plugin-title@^0.12.0": version "0.12.1" resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-title/-/plugin-title-0.12.1.tgz#d01c2b0e9fd374fc3d52a551689cadf5fe066890" integrity sha512-JOsiDj+CryGbrTDWUnDAwB9kSkN6o9GDo3udR6BPDgBNVb3zAnx9ZNaRpEhDW1LnQhf9/LYicWJ2eTNRKPcJNQ== @@ -323,7 +360,17 @@ "@types/markdown-it" "^13.0.0" markdown-it "^13.0.1" -"@mdit-vue/plugin-toc@^0.12.0", "@mdit-vue/plugin-toc@^0.12.1": +"@mdit-vue/plugin-title@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-title/-/plugin-title-1.0.0.tgz#6010990870d24bc86577b88890c92fcf3344e566" + integrity sha512-8yC60fCZ95xcJ/cvJH4Lv43Rs4k+33UGyKrRWj5J8TNyMwUyGcwur0XyPM+ffJH4/Bzq4myZLsj/TTFSkXRxvw== + dependencies: + "@mdit-vue/shared" "1.0.0" + "@mdit-vue/types" "1.0.0" + "@types/markdown-it" "^13.0.1" + markdown-it "^13.0.1" + +"@mdit-vue/plugin-toc@^0.12.0": version "0.12.1" resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-toc/-/plugin-toc-0.12.1.tgz#ed650a05d3f4b84637e79d8b3b06e89295cc78bf" integrity sha512-nFGwTwVa8GLCKJMV7cGST7lYuljSjEiCTPgKIpQ/WifwouHsQaL/rnBDr22kpzY2hRTAhM3+TT5GDwLyxa/e6A== @@ -333,7 +380,17 @@ "@types/markdown-it" "^13.0.0" markdown-it "^13.0.1" -"@mdit-vue/shared@0.12.1", "@mdit-vue/shared@^0.12.0", "@mdit-vue/shared@^0.12.1": +"@mdit-vue/plugin-toc@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/plugin-toc/-/plugin-toc-1.0.0.tgz#d961b537643b3dc1c9a17f2739f1361b9839f031" + integrity sha512-WN8blfX0X/5Nolic0ClDWP7eVo9IB+U4g0jbycX3lolIZX5Bai1UpsD3QYZr5VVsPbQJMKMGvTrCEtCNTGvyWQ== + dependencies: + "@mdit-vue/shared" "1.0.0" + "@mdit-vue/types" "1.0.0" + "@types/markdown-it" "^13.0.1" + markdown-it "^13.0.1" + +"@mdit-vue/shared@0.12.1", "@mdit-vue/shared@^0.12.0": version "0.12.1" resolved "https://registry.yarnpkg.com/@mdit-vue/shared/-/shared-0.12.1.tgz#b67cbfc71cac6fb49a7a0be169cd53d921e30344" integrity sha512-bXgd0KThe4jC2leCFDFsyrudXIckvTwV4WnQK/rRMrXq0/BAuVdSNdIv1LGCWZxD5+oDyPyEPd0lalTIFwqsmg== @@ -342,11 +399,25 @@ "@types/markdown-it" "^13.0.0" markdown-it "^13.0.1" +"@mdit-vue/shared@1.0.0", "@mdit-vue/shared@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/shared/-/shared-1.0.0.tgz#d8456da39c08c20ccadef7ba7321ecff4b05d330" + integrity sha512-nbYBfmEi+pR2Lm0Z6TMVX2/iBjfr/kGEsHW8CC0rQw+3+sG5dY6VG094HuFAkiAmmvZx9DZZb+7ZMWp9vkwCRw== + dependencies: + "@mdit-vue/types" "1.0.0" + "@types/markdown-it" "^13.0.1" + markdown-it "^13.0.1" + "@mdit-vue/types@0.12.0", "@mdit-vue/types@^0.12.0": version "0.12.0" resolved "https://registry.yarnpkg.com/@mdit-vue/types/-/types-0.12.0.tgz#096ff57d3590d076f7d7561dbc9956fb0bb89fe1" integrity sha512-mrC4y8n88BYvgcgzq9bvTlDgFyi2zuvzmPilRvRc3Uz1iIvq8mDhxJ0rHKFUNzPEScpDvJdIujqiDrulMqiudA== +"@mdit-vue/types@1.0.0", "@mdit-vue/types@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@mdit-vue/types/-/types-1.0.0.tgz#4950ae987a7c0d8377122bd3b09a53536911ca38" + integrity sha512-xeF5+sHLzRNF7plbksywKCph4qli20l72of2fMlZQQ7RECvXYrRkE9+bjRFQCyULC7B8ydUYbpbkux5xJlVWyw== + "@nodelib/fs.scandir@2.1.5": version "2.1.5" resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" @@ -368,25 +439,30 @@ "@nodelib/fs.scandir" "2.1.5" fastq "^1.6.0" -"@types/debug@^4.1.8": - version "4.1.8" - resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.8.tgz#cef723a5d0a90990313faec2d1e22aee5eecb317" - integrity sha512-/vPO1EPOs306Cvhwv7KfVfYvOJqA/S/AXjaHQiJboCZzcNDb+TIJFN9/2C9DZ//ijSKWioNyUxD792QmDJ+HKQ== +"@sindresorhus/merge-streams@^1.0.0": + version "1.0.0" + resolved "https://registry.yarnpkg.com/@sindresorhus/merge-streams/-/merge-streams-1.0.0.tgz#9cd84cc15bc865a5ca35fcaae198eb899f7b5c90" + integrity sha512-rUV5WyJrJLoloD4NDN1V1+LDMDWOa4OTsT4yYJwQNpTU6FWxkxHpL7eu4w+DmiH8x/EAM1otkPE1+LaspIbplw== + +"@types/debug@^4.1.12", "@types/debug@^4.1.8": + version "4.1.12" + resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.12.tgz#a155f21690871953410df4b6b6f53187f0500917" + integrity sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ== dependencies: "@types/ms" "*" -"@types/fs-extra@^11.0.1": - version "11.0.1" - resolved "https://registry.yarnpkg.com/@types/fs-extra/-/fs-extra-11.0.1.tgz#f542ec47810532a8a252127e6e105f487e0a6ea5" - integrity sha512-MxObHvNl4A69ofaTRU8DFqvgzzv8s9yRtaPPm5gud9HDNvpB3GPQFvNuTWAI59B9huVGV5jXYJwbCsmBsOGYWA== +"@types/fs-extra@^11.0.1", "@types/fs-extra@^11.0.4": + version "11.0.4" + resolved "https://registry.yarnpkg.com/@types/fs-extra/-/fs-extra-11.0.4.tgz#e16a863bb8843fba8c5004362b5a73e17becca45" + integrity sha512-yTbItCNreRooED33qjunPthRcSjERP1r4MqCZc7wv0u2sUkzTFp45tgUfS5+r7FrZPdmCCNflLhVSP/o+SemsQ== dependencies: "@types/jsonfile" "*" "@types/node" "*" -"@types/hash-sum@^1.0.0": - version "1.0.0" - resolved "https://registry.yarnpkg.com/@types/hash-sum/-/hash-sum-1.0.0.tgz#838f4e8627887d42b162d05f3d96ca636c2bc504" - integrity sha512-FdLBT93h3kcZ586Aee66HPCVJ6qvxVjBlDWNmxSGSbCZe9hTsjRKdSsl4y1T+3zfujxo9auykQMnFsfyHWD7wg== +"@types/hash-sum@^1.0.0", "@types/hash-sum@^1.0.2": + version "1.0.2" + resolved "https://registry.yarnpkg.com/@types/hash-sum/-/hash-sum-1.0.2.tgz#32e6e4343ee25914b2a3822f27e8e641ca534f63" + integrity sha512-UP28RddqY8xcU0SCEp9YKutQICXpaAq9N8U2klqF5hegGha7KzTOL8EdhIIV3bOSGBzjEpN9bU/d+nNZBdJYVw== "@types/jsonfile@*": version "6.1.1" @@ -400,17 +476,17 @@ resolved "https://registry.yarnpkg.com/@types/linkify-it/-/linkify-it-3.0.3.tgz#15a0712296c5041733c79efe233ba17ae5a7587b" integrity sha512-pTjcqY9E4nOI55Wgpz7eiI8+LzdYnw3qxXCfHyBDdPbYvbyLgWLJGh8EdPvqawwMK1Uo1794AUkkR38Fr0g+2g== -"@types/markdown-it-emoji@^2.0.2": - version "2.0.2" - resolved "https://registry.yarnpkg.com/@types/markdown-it-emoji/-/markdown-it-emoji-2.0.2.tgz#f12a97df2758f38b4b38f277b468780459faff14" - integrity sha512-2ln8Wjbcj/0oRi/6VnuMeWEHHuK8uapFttvcLmDIe1GKCsFBLOLBX+D+xhDa9oWOQV0IpvxwrSfKKssAqqroog== +"@types/markdown-it-emoji@^2.0.2", "@types/markdown-it-emoji@^2.0.4": + version "2.0.4" + resolved "https://registry.yarnpkg.com/@types/markdown-it-emoji/-/markdown-it-emoji-2.0.4.tgz#5bb4293eb8699962710b3b67f10fa211730c28c3" + integrity sha512-H6ulk/ZmbDxOayPwI/leJzrmoW1YKX1Z+MVSCHXuYhvqckV4I/c+hPTf6UiqJyn2avWugfj30XroheEb6/Ekqg== dependencies: "@types/markdown-it" "*" -"@types/markdown-it@*", "@types/markdown-it@^13.0.0", "@types/markdown-it@^13.0.1": - version "13.0.1" - resolved "https://registry.yarnpkg.com/@types/markdown-it/-/markdown-it-13.0.1.tgz#2f45bd54315f5db2d9bd909ec7fd4d994cf75df4" - integrity sha512-SUEb8Frsxs3D5Gg9xek6i6EG6XQ5s+O+ZdQzIPESZVZw3Pv3CPQfjCJBI+RgqZd1IBeu18S0Rn600qpPnEK37w== +"@types/markdown-it@*", "@types/markdown-it@^13.0.0", "@types/markdown-it@^13.0.1", "@types/markdown-it@^13.0.6": + version "13.0.6" + resolved "https://registry.yarnpkg.com/@types/markdown-it/-/markdown-it-13.0.6.tgz#5aedafc4ab60adc66397d2b2f622e44b6a938a12" + integrity sha512-0VqpvusJn1/lwRegCxcHVdmLfF+wIsprsKMC9xW8UPcTxhFcQtoN/fBU1zMe8pH7D/RuueMh2CaBaNv+GrLqTw== dependencies: "@types/linkify-it" "*" "@types/mdurl" "*" @@ -438,110 +514,110 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-20.6.0.tgz#9d7daa855d33d4efec8aea88cd66db1c2f0ebe16" integrity sha512-najjVq5KN2vsH2U/xyh2opaSEz6cZMR2SetLIlxlj08nOcmPOemJmUK2o4kUzfLqfrWE0PIrNeE16XhYDd3nqg== -"@types/web-bluetooth@^0.0.17": - version "0.0.17" - resolved "https://registry.yarnpkg.com/@types/web-bluetooth/-/web-bluetooth-0.0.17.tgz#5c9f3c617f64a9735d7b72a7cc671e166d900c40" - integrity sha512-4p9vcSmxAayx72yn70joFoL44c9MO/0+iVEBIQXe3v2h2SiAsEIo/G5v6ObFWvNKRFjbrVadNf9LqEEZeQPzdA== +"@types/web-bluetooth@^0.0.20": + version "0.0.20" + resolved "https://registry.yarnpkg.com/@types/web-bluetooth/-/web-bluetooth-0.0.20.tgz#f066abfcd1cbe66267cdbbf0de010d8a41b41597" + integrity sha512-g9gZnnXVq7gM7v3tJCWV/qw7w+KeOlSHAhgF9RytFyifW6AF61hdT2ucrYhPq9hLs5JIryeupHV3qGk95dH9ow== "@vitejs/plugin-vue@^4.2.3": version "4.3.4" resolved "https://registry.yarnpkg.com/@vitejs/plugin-vue/-/plugin-vue-4.3.4.tgz#a289dff38e01949fe7be581d5542cabaeb961dec" integrity sha512-ciXNIHKPriERBisHFBvnTbfKa6r9SAesOYXeGDzgegcvy9Q4xdScSHAmKbNT0M3O0S9LKhIf5/G+UYG4NnnzYw== -"@vue/compiler-core@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/compiler-core/-/compiler-core-3.3.4.tgz#7fbf591c1c19e1acd28ffd284526e98b4f581128" - integrity sha512-cquyDNvZ6jTbf/+x+AgM2Arrp6G4Dzbb0R64jiG804HRMfRiFXWI6kqUVqZ6ZR0bQhIoQjB4+2bhNtVwndW15g== +"@vue/compiler-core@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/compiler-core/-/compiler-core-3.3.8.tgz#301bb60d0245265a88ed5b30e200fbf223acb313" + integrity sha512-hN/NNBUECw8SusQvDSqqcVv6gWq8L6iAktUR0UF3vGu2OhzRqcOiAno0FmBJWwxhYEXRlQJT5XnoKsVq1WZx4g== dependencies: - "@babel/parser" "^7.21.3" - "@vue/shared" "3.3.4" + "@babel/parser" "^7.23.0" + "@vue/shared" "3.3.8" estree-walker "^2.0.2" source-map-js "^1.0.2" -"@vue/compiler-dom@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/compiler-dom/-/compiler-dom-3.3.4.tgz#f56e09b5f4d7dc350f981784de9713d823341151" - integrity sha512-wyM+OjOVpuUukIq6p5+nwHYtj9cFroz9cwkfmP9O1nzH68BenTTv0u7/ndggT8cIQlnBeOo6sUT/gvHcIkLA5w== - dependencies: - "@vue/compiler-core" "3.3.4" - "@vue/shared" "3.3.4" - -"@vue/compiler-sfc@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/compiler-sfc/-/compiler-sfc-3.3.4.tgz#b19d942c71938893535b46226d602720593001df" - integrity sha512-6y/d8uw+5TkCuzBkgLS0v3lSM3hJDntFEiUORM11pQ/hKvkhSKZrXW6i69UyXlJQisJxuUEJKAWEqWbWsLeNKQ== - dependencies: - "@babel/parser" "^7.20.15" - "@vue/compiler-core" "3.3.4" - "@vue/compiler-dom" "3.3.4" - "@vue/compiler-ssr" "3.3.4" - "@vue/reactivity-transform" "3.3.4" - "@vue/shared" "3.3.4" +"@vue/compiler-dom@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/compiler-dom/-/compiler-dom-3.3.8.tgz#09d832514b9b8d9415a3816b065d69dbefcc7e9b" + integrity sha512-+PPtv+p/nWDd0AvJu3w8HS0RIm/C6VGBIRe24b9hSyNWOAPEUosFZ5diwawwP8ip5sJ8n0Pe87TNNNHnvjs0FQ== + dependencies: + "@vue/compiler-core" "3.3.8" + "@vue/shared" "3.3.8" + +"@vue/compiler-sfc@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/compiler-sfc/-/compiler-sfc-3.3.8.tgz#40b18e48aa00260950964d1d72157668521be0e1" + integrity sha512-WMzbUrlTjfYF8joyT84HfwwXo+8WPALuPxhy+BZ6R4Aafls+jDBnSz8PDz60uFhuqFbl3HxRfxvDzrUf3THwpA== + dependencies: + "@babel/parser" "^7.23.0" + "@vue/compiler-core" "3.3.8" + "@vue/compiler-dom" "3.3.8" + "@vue/compiler-ssr" "3.3.8" + "@vue/reactivity-transform" "3.3.8" + "@vue/shared" "3.3.8" estree-walker "^2.0.2" - magic-string "^0.30.0" - postcss "^8.1.10" + magic-string "^0.30.5" + postcss "^8.4.31" source-map-js "^1.0.2" -"@vue/compiler-ssr@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/compiler-ssr/-/compiler-ssr-3.3.4.tgz#9d1379abffa4f2b0cd844174ceec4a9721138777" - integrity sha512-m0v6oKpup2nMSehwA6Uuu+j+wEwcy7QmwMkVNVfrV9P2qE5KshC6RwOCq8fjGS/Eak/uNb8AaWekfiXxbBB6gQ== +"@vue/compiler-ssr@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/compiler-ssr/-/compiler-ssr-3.3.8.tgz#136eed54411e4694815d961048a237191063fbce" + integrity sha512-hXCqQL/15kMVDBuoBYpUnSYT8doDNwsjvm3jTefnXr+ytn294ySnT8NlsFHmTgKNjwpuFy7XVV8yTeLtNl/P6w== dependencies: - "@vue/compiler-dom" "3.3.4" - "@vue/shared" "3.3.4" + "@vue/compiler-dom" "3.3.8" + "@vue/shared" "3.3.8" -"@vue/devtools-api@^6.5.0": - version "6.5.0" - resolved "https://registry.yarnpkg.com/@vue/devtools-api/-/devtools-api-6.5.0.tgz#98b99425edee70b4c992692628fa1ea2c1e57d07" - integrity sha512-o9KfBeaBmCKl10usN4crU53fYtC1r7jJwdGKjPT24t348rHxgfpZ0xL3Xm/gLUYnc0oTp8LAmrxOeLyu6tbk2Q== +"@vue/devtools-api@^6.5.0", "@vue/devtools-api@^6.5.1": + version "6.5.1" + resolved "https://registry.yarnpkg.com/@vue/devtools-api/-/devtools-api-6.5.1.tgz#7f71f31e40973eeee65b9a64382b13593fdbd697" + integrity sha512-+KpckaAQyfbvshdDW5xQylLni1asvNSGme1JFs8I1+/H5pHEhqUKMEQD/qn3Nx5+/nycBq11qAEi8lk+LXI2dA== -"@vue/reactivity-transform@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/reactivity-transform/-/reactivity-transform-3.3.4.tgz#52908476e34d6a65c6c21cd2722d41ed8ae51929" - integrity sha512-MXgwjako4nu5WFLAjpBnCj/ieqcjE2aJBINUNQzkZQfzIZA4xn+0fV1tIYBJvvva3N3OvKGofRLvQIwEQPpaXw== +"@vue/reactivity-transform@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/reactivity-transform/-/reactivity-transform-3.3.8.tgz#6d07649013b0be5c670f0ab6cc7ddd3150ad03f2" + integrity sha512-49CvBzmZNtcHua0XJ7GdGifM8GOXoUMOX4dD40Y5DxI3R8OUhMlvf2nvgUAcPxaXiV5MQQ1Nwy09ADpnLQUqRw== dependencies: - "@babel/parser" "^7.20.15" - "@vue/compiler-core" "3.3.4" - "@vue/shared" "3.3.4" + "@babel/parser" "^7.23.0" + "@vue/compiler-core" "3.3.8" + "@vue/shared" "3.3.8" estree-walker "^2.0.2" - magic-string "^0.30.0" + magic-string "^0.30.5" -"@vue/reactivity@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/reactivity/-/reactivity-3.3.4.tgz#a27a29c6cd17faba5a0e99fbb86ee951653e2253" - integrity sha512-kLTDLwd0B1jG08NBF3R5rqULtv/f8x3rOFByTDz4J53ttIQEDmALqKqXY0J+XQeN0aV2FBxY8nJDf88yvOPAqQ== +"@vue/reactivity@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/reactivity/-/reactivity-3.3.8.tgz#cce8a03a3fd3539c3eeda53e277ba365d160dd4d" + integrity sha512-ctLWitmFBu6mtddPyOKpHg8+5ahouoTCRtmAHZAXmolDtuZXfjL2T3OJ6DL6ezBPQB1SmMnpzjiWjCiMYmpIuw== dependencies: - "@vue/shared" "3.3.4" + "@vue/shared" "3.3.8" -"@vue/runtime-core@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/runtime-core/-/runtime-core-3.3.4.tgz#4bb33872bbb583721b340f3088888394195967d1" - integrity sha512-R+bqxMN6pWO7zGI4OMlmvePOdP2c93GsHFM/siJI7O2nxFRzj55pLwkpCedEY+bTMgp5miZ8CxfIZo3S+gFqvA== +"@vue/runtime-core@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/runtime-core/-/runtime-core-3.3.8.tgz#fba5a632cbf2b5d29e171489570149cb6975dcdb" + integrity sha512-qurzOlb6q26KWQ/8IShHkMDOuJkQnQcTIp1sdP4I9MbCf9FJeGVRXJFr2mF+6bXh/3Zjr9TDgURXrsCr9bfjUw== dependencies: - "@vue/reactivity" "3.3.4" - "@vue/shared" "3.3.4" + "@vue/reactivity" "3.3.8" + "@vue/shared" "3.3.8" -"@vue/runtime-dom@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/runtime-dom/-/runtime-dom-3.3.4.tgz#992f2579d0ed6ce961f47bbe9bfe4b6791251566" - integrity sha512-Aj5bTJ3u5sFsUckRghsNjVTtxZQ1OyMWCr5dZRAPijF/0Vy4xEoRCwLyHXcj4D0UFbJ4lbx3gPTgg06K/GnPnQ== +"@vue/runtime-dom@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/runtime-dom/-/runtime-dom-3.3.8.tgz#e2d7aa795cf50914dda9a951887765a594b38af4" + integrity sha512-Noy5yM5UIf9UeFoowBVgghyGGPIDPy1Qlqt0yVsUdAVbqI8eeMSsTqBtauaEoT2UFXUk5S64aWVNJN4MJ2vRdA== dependencies: - "@vue/runtime-core" "3.3.4" - "@vue/shared" "3.3.4" - csstype "^3.1.1" + "@vue/runtime-core" "3.3.8" + "@vue/shared" "3.3.8" + csstype "^3.1.2" -"@vue/server-renderer@3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/server-renderer/-/server-renderer-3.3.4.tgz#ea46594b795d1536f29bc592dd0f6655f7ea4c4c" - integrity sha512-Q6jDDzR23ViIb67v+vM1Dqntu+HUexQcsWKhhQa4ARVzxOY2HbC7QRW/ggkDBd5BU+uM1sV6XOAP0b216o34JQ== +"@vue/server-renderer@3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/server-renderer/-/server-renderer-3.3.8.tgz#9b1779010e75783edeed8fcfb97d9c95fc3ac5d2" + integrity sha512-zVCUw7RFskvPuNlPn/8xISbrf0zTWsTSdYTsUTN1ERGGZGVnRxM2QZ3x1OR32+vwkkCm0IW6HmJ49IsPm7ilLg== dependencies: - "@vue/compiler-ssr" "3.3.4" - "@vue/shared" "3.3.4" + "@vue/compiler-ssr" "3.3.8" + "@vue/shared" "3.3.8" -"@vue/shared@3.3.4", "@vue/shared@^3.3.4": - version "3.3.4" - resolved "https://registry.yarnpkg.com/@vue/shared/-/shared-3.3.4.tgz#06e83c5027f464eef861c329be81454bc8b70780" - integrity sha512-7OjdcV8vQ74eiz1TZLzZP4JwqM5fA94K6yntPS5Z25r9HDuGNzaGdgvwKYq6S+MxwF0TFRwe50fIR/MYnakdkQ== +"@vue/shared@3.3.8", "@vue/shared@^3.3.4", "@vue/shared@^3.3.8": + version "3.3.8" + resolved "https://registry.yarnpkg.com/@vue/shared/-/shared-3.3.8.tgz#f044942142e1d3a395f24132e6203a784838542d" + integrity sha512-8PGwybFwM4x8pcfgqEQFy70NaQxASvOC5DJwLQfpArw1UDfUXrJkdxD3BhVTMS+0Lef/TU7YO0Jvr0jJY8T+mw== "@vuepress/bundler-vite@2.0.0-beta.66": version "2.0.0-beta.66" @@ -586,16 +662,16 @@ vue "^3.3.4" vue-router "^4.2.4" -"@vuepress/client@2.0.0-beta.67": - version "2.0.0-beta.67" - resolved "https://registry.yarnpkg.com/@vuepress/client/-/client-2.0.0-beta.67.tgz#7cb444eaa12032a7d07b8d59a515d291933518dc" - integrity sha512-xfXZXmZmMbCvQxUhNltuAZzpoiwM0x9ke+DdPPDBF0oGMNDlmtOlsD7NcH322vQE3ehYy5mXJttXuEmfoNOG6A== +"@vuepress/client@2.0.0-beta.68": + version "2.0.0-beta.68" + resolved "https://registry.yarnpkg.com/@vuepress/client/-/client-2.0.0-beta.68.tgz#9dd56575326b6f4344a0b14a38035250f28aab01" + integrity sha512-Y6amMnkPxpmn51vcgy5yzm3gpIaqZo4Pa8ItPFd7MW6GQy6HVZRNaV9ufzWRPOAedLHgpT4aVXomidvTMEKHVw== dependencies: - "@vue/devtools-api" "^6.5.0" - "@vuepress/shared" "2.0.0-beta.67" - "@vueuse/core" "^10.4.1" - vue "^3.3.4" - vue-router "^4.2.4" + "@vue/devtools-api" "^6.5.1" + "@vuepress/shared" "2.0.0-beta.68" + "@vueuse/core" "^10.6.0" + vue "^3.3.8" + vue-router "^4.2.5" "@vuepress/core@2.0.0-beta.66": version "2.0.0-beta.66" @@ -608,16 +684,16 @@ "@vuepress/utils" "2.0.0-beta.66" vue "^3.3.4" -"@vuepress/core@2.0.0-beta.67": - version "2.0.0-beta.67" - resolved "https://registry.yarnpkg.com/@vuepress/core/-/core-2.0.0-beta.67.tgz#925eac48fdc27855a9e75b46c23c6dd37a1c2e4c" - integrity sha512-pbCm1x+zFKZqpJjS68sv3ziEQLMn0KM04Q6W249stcTUUBrKox2OPx+OcX/BrN6yH60OviXN8hD6MgCnFSWdZA== +"@vuepress/core@2.0.0-beta.68": + version "2.0.0-beta.68" + resolved "https://registry.yarnpkg.com/@vuepress/core/-/core-2.0.0-beta.68.tgz#d796b7802ab5a5f8876ee151a7bc3db98cf5ef90" + integrity sha512-/c+3gdduDyiyeGARzui6Z5ZeZurRGcbVSmqcUfb8SjB7sHojDt+bq/7gYeXKXrJ4R0zPpmqshlZdNGOSY4+uGQ== dependencies: - "@vuepress/client" "2.0.0-beta.67" - "@vuepress/markdown" "2.0.0-beta.67" - "@vuepress/shared" "2.0.0-beta.67" - "@vuepress/utils" "2.0.0-beta.67" - vue "^3.3.4" + "@vuepress/client" "2.0.0-beta.68" + "@vuepress/markdown" "2.0.0-beta.68" + "@vuepress/shared" "2.0.0-beta.68" + "@vuepress/utils" "2.0.0-beta.68" + vue "^3.3.8" "@vuepress/markdown@2.0.0-beta.66": version "2.0.0-beta.66" @@ -641,24 +717,24 @@ markdown-it-emoji "^2.0.2" mdurl "^1.0.1" -"@vuepress/markdown@2.0.0-beta.67": - version "2.0.0-beta.67" - resolved "https://registry.yarnpkg.com/@vuepress/markdown/-/markdown-2.0.0-beta.67.tgz#179f1bbe57a590da362358c8ccad1198875db77a" - integrity sha512-dwciE7dbfDruLan+w9x/LUl5dLdBWB39QXznX/Hhv4oPp+Mm4as53J58gqjuRPi6N25DfRi3ODrzjG5Lduwnfw== - dependencies: - "@mdit-vue/plugin-component" "^0.12.1" - "@mdit-vue/plugin-frontmatter" "^0.12.1" - "@mdit-vue/plugin-headers" "^0.12.1" - "@mdit-vue/plugin-sfc" "^0.12.1" - "@mdit-vue/plugin-title" "^0.12.1" - "@mdit-vue/plugin-toc" "^0.12.1" - "@mdit-vue/shared" "^0.12.1" - "@mdit-vue/types" "^0.12.0" - "@types/markdown-it" "^13.0.1" - "@types/markdown-it-emoji" "^2.0.2" - "@vuepress/shared" "2.0.0-beta.67" - "@vuepress/utils" "2.0.0-beta.67" - markdown-it "^13.0.1" +"@vuepress/markdown@2.0.0-beta.68": + version "2.0.0-beta.68" + resolved "https://registry.yarnpkg.com/@vuepress/markdown/-/markdown-2.0.0-beta.68.tgz#30df752af338cfb208ab8a1d008efca1d7bb9ae3" + integrity sha512-wQOVw1QQSnkdKClTnv3dHw1A7Y+XF2eu2hJmhTf9XOnEMxQ9taacIq5iRuQdcfR+Y8rjWmrzrqWZL+MiJbxKMQ== + dependencies: + "@mdit-vue/plugin-component" "^1.0.0" + "@mdit-vue/plugin-frontmatter" "^1.0.0" + "@mdit-vue/plugin-headers" "^1.0.0" + "@mdit-vue/plugin-sfc" "^1.0.0" + "@mdit-vue/plugin-title" "^1.0.0" + "@mdit-vue/plugin-toc" "^1.0.0" + "@mdit-vue/shared" "^1.0.0" + "@mdit-vue/types" "^1.0.0" + "@types/markdown-it" "^13.0.6" + "@types/markdown-it-emoji" "^2.0.4" + "@vuepress/shared" "2.0.0-beta.68" + "@vuepress/utils" "2.0.0-beta.68" + markdown-it "^13.0.2" markdown-it-anchor "^8.6.7" markdown-it-emoji "^2.0.2" mdurl "^1.0.1" @@ -737,14 +813,14 @@ "@vuepress/utils" "2.0.0-beta.66" execa "^7.1.1" -"@vuepress/plugin-google-analytics@2.0.0-beta.67": - version "2.0.0-beta.67" - resolved "https://registry.yarnpkg.com/@vuepress/plugin-google-analytics/-/plugin-google-analytics-2.0.0-beta.67.tgz#a05b1dcdf166d2623e2ccc1bab2a39314f7036d3" - integrity sha512-Mffhzhq5tYUq9gRYzpl09NMIQ73MFuN2oIu6SuVPjYtEvKfccdkSksaSuMz0WCmDwTywxFj6v/d3OWjAZ4IFIA== +"@vuepress/plugin-google-analytics@2.0.0-beta.68": + version "2.0.0-beta.68" + resolved "https://registry.yarnpkg.com/@vuepress/plugin-google-analytics/-/plugin-google-analytics-2.0.0-beta.68.tgz#38e41837fdc4e4cfdaeca5528442cd68a74269e1" + integrity sha512-O8qqSp3Zo9GwwB7d4FnCxMwBpc4QxSro7wqHRYRwd0nHxPtnEQFZfYFqn8vO4qEBjrx0sevQeS8njN2O5b7xuA== dependencies: - "@vuepress/client" "2.0.0-beta.67" - "@vuepress/core" "2.0.0-beta.67" - "@vuepress/utils" "2.0.0-beta.67" + "@vuepress/client" "2.0.0-beta.68" + "@vuepress/core" "2.0.0-beta.68" + "@vuepress/utils" "2.0.0-beta.68" "@vuepress/plugin-medium-zoom@2.0.0-beta.66": version "2.0.0-beta.66" @@ -805,13 +881,13 @@ "@mdit-vue/types" "^0.12.0" "@vue/shared" "^3.3.4" -"@vuepress/shared@2.0.0-beta.67": - version "2.0.0-beta.67" - resolved "https://registry.yarnpkg.com/@vuepress/shared/-/shared-2.0.0-beta.67.tgz#fb9abc662904117a97c26004aa436f1f2aa02263" - integrity sha512-gm8/6oAnd0Jh8g9xB89S+g8XJxt30QmeXK79J2Nwcbgy88CZnYbZssU1noyxFt4cHDX8wpUf8V5I388/dfHfoQ== +"@vuepress/shared@2.0.0-beta.68": + version "2.0.0-beta.68" + resolved "https://registry.yarnpkg.com/@vuepress/shared/-/shared-2.0.0-beta.68.tgz#ea413dde17e3e8663d0b82749747246c6981319f" + integrity sha512-vnlOOchZ7ZHeTQuFDKcTC1AKF5zl4+XKwZZdpX9cUkIl3rYbM4y80yoWvfG5SQnPjjoYG57g4Qz21Fa8u/CnCQ== dependencies: - "@mdit-vue/types" "^0.12.0" - "@vue/shared" "^3.3.4" + "@mdit-vue/types" "^1.0.0" + "@vue/shared" "^3.3.8" "@vuepress/theme-default@2.0.0-beta.66": version "2.0.0-beta.66" @@ -855,44 +931,44 @@ picocolors "^1.0.0" upath "^2.0.1" -"@vuepress/utils@2.0.0-beta.67": - version "2.0.0-beta.67" - resolved "https://registry.yarnpkg.com/@vuepress/utils/-/utils-2.0.0-beta.67.tgz#16bcc4bb5a3db270f205ca7b809c178d6774d9fa" - integrity sha512-wCK0uggm4gXroy7UkS1u8wDQmD4b0L6Gjqd/1PZTDhNlMLsrjBx7lqqoIKqarMdB2wmDLroPJcC9otvCz2oQug== +"@vuepress/utils@2.0.0-beta.68": + version "2.0.0-beta.68" + resolved "https://registry.yarnpkg.com/@vuepress/utils/-/utils-2.0.0-beta.68.tgz#9dbdf1cc5afd4c08a3a58924dfbf535fc13862a5" + integrity sha512-asRN+c8JCIVJWusP/V0FY8rgArGwuKXarEIKwFHcaR7x9IeB3Iww4p8raQHb1xYJADM7QFXx1gs2oM6Fx4XsUw== dependencies: - "@types/debug" "^4.1.8" - "@types/fs-extra" "^11.0.1" - "@types/hash-sum" "^1.0.0" - "@vuepress/shared" "2.0.0-beta.67" + "@types/debug" "^4.1.12" + "@types/fs-extra" "^11.0.4" + "@types/hash-sum" "^1.0.2" + "@vuepress/shared" "2.0.0-beta.68" debug "^4.3.4" fs-extra "^11.1.1" - globby "^13.2.2" + globby "^14.0.0" hash-sum "^2.0.0" ora "^7.0.1" picocolors "^1.0.0" upath "^2.0.1" -"@vueuse/core@^10.2.1", "@vueuse/core@^10.4.1": - version "10.4.1" - resolved "https://registry.yarnpkg.com/@vueuse/core/-/core-10.4.1.tgz#fc2c8a83a571c207aaedbe393b22daa6d35123f2" - integrity sha512-DkHIfMIoSIBjMgRRvdIvxsyboRZQmImofLyOHADqiVbQVilP8VVHDhBX2ZqoItOgu7dWa8oXiNnScOdPLhdEXg== +"@vueuse/core@^10.2.1", "@vueuse/core@^10.6.0": + version "10.6.0" + resolved "https://registry.yarnpkg.com/@vueuse/core/-/core-10.6.0.tgz#de4113cc63680d04a0c3e1e156992ca3e0d52115" + integrity sha512-+Yee+g9+9BEbvkyGdn4Bf4yZx9EfocAytpV2ZlrlP7xcz+qznLmZIDqDroTvc5vtMkWZicisgEv8dt3+jL+HQg== dependencies: - "@types/web-bluetooth" "^0.0.17" - "@vueuse/metadata" "10.4.1" - "@vueuse/shared" "10.4.1" - vue-demi ">=0.14.5" + "@types/web-bluetooth" "^0.0.20" + "@vueuse/metadata" "10.6.0" + "@vueuse/shared" "10.6.0" + vue-demi ">=0.14.6" -"@vueuse/metadata@10.4.1": - version "10.4.1" - resolved "https://registry.yarnpkg.com/@vueuse/metadata/-/metadata-10.4.1.tgz#9d2ff5c67abf17a8c07865c2413fbd0e92f7b7d7" - integrity sha512-2Sc8X+iVzeuMGHr6O2j4gv/zxvQGGOYETYXEc41h0iZXIRnRbJZGmY/QP8dvzqUelf8vg0p/yEA5VpCEu+WpZg== +"@vueuse/metadata@10.6.0": + version "10.6.0" + resolved "https://registry.yarnpkg.com/@vueuse/metadata/-/metadata-10.6.0.tgz#f652829668ba4146ab0f79d52ea26b5544f12fe8" + integrity sha512-mzKHkHoiK6xVz01VzQjM2l6ofUanEaofgEGPgDHcAzlvOTccPRTIdEuzneOUTYxgfm1vkDikS6rtrEw/NYlaTQ== -"@vueuse/shared@10.4.1": - version "10.4.1" - resolved "https://registry.yarnpkg.com/@vueuse/shared/-/shared-10.4.1.tgz#d5ce33033c156efb60664b5d6034d6cd4e2f530c" - integrity sha512-vz5hbAM4qA0lDKmcr2y3pPdU+2EVw/yzfRsBdu+6+USGa4PxqSQRYIUC9/NcT06y+ZgaTsyURw2I9qOFaaXHAg== +"@vueuse/shared@10.6.0": + version "10.6.0" + resolved "https://registry.yarnpkg.com/@vueuse/shared/-/shared-10.6.0.tgz#e13f3b0f642db6467bd8aadf9693409f33f45fc4" + integrity sha512-0t4MVE18sO+/4Gh0jfeOXBTjKeV4606N9kIrDOLPjFl8Rwnlodn+QC5A4LfJuysK7aOsTMjF3KnzNeueaI0xlQ== dependencies: - vue-demi ">=0.14.5" + vue-demi ">=0.14.6" algoliasearch@^4.19.1: version "4.19.1" @@ -1056,7 +1132,7 @@ cross-spawn@^7.0.3: shebang-command "^2.0.0" which "^2.0.1" -csstype@^3.1.1: +csstype@^3.1.2: version "3.1.2" resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.2.tgz#1d4bf9d572f11c14031f0436e1c10bc1f571f50b" integrity sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ== @@ -1172,10 +1248,10 @@ extend-shallow@^2.0.1: dependencies: is-extendable "^0.1.0" -fast-glob@^3.3.0: - version "3.3.1" - resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.3.1.tgz#784b4e897340f3dbbef17413b3f11acf03c874c4" - integrity sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg== +fast-glob@^3.3.0, fast-glob@^3.3.2: + version "3.3.2" + resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.3.2.tgz#a904501e57cfdd2ffcded45e99a54fef55e46129" + integrity sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow== dependencies: "@nodelib/fs.stat" "^2.0.2" "@nodelib/fs.walk" "^1.2.3" @@ -1239,6 +1315,18 @@ globby@^13.2.2: merge2 "^1.4.1" slash "^4.0.0" +globby@^14.0.0: + version "14.0.0" + resolved "https://registry.yarnpkg.com/globby/-/globby-14.0.0.tgz#ea9c062a3614e33f516804e778590fcf055256b9" + integrity sha512-/1WM/LNHRAOH9lZta77uGbq0dAEQM+XjNesWwhlERDVenqothRbnzTrL3/LrIoEPPjeUHC3vrS6TwoyxeHs7MQ== + dependencies: + "@sindresorhus/merge-streams" "^1.0.0" + fast-glob "^3.3.2" + ignore "^5.2.4" + path-type "^5.0.0" + slash "^5.1.0" + unicorn-magic "^0.1.0" + graceful-fs@^4.1.6, graceful-fs@^4.2.0: version "4.2.11" resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" @@ -1375,10 +1463,10 @@ log-symbols@^5.1.0: chalk "^5.0.0" is-unicode-supported "^1.1.0" -magic-string@^0.30.0: - version "0.30.3" - resolved "https://registry.yarnpkg.com/magic-string/-/magic-string-0.30.3.tgz#403755dfd9d6b398dfa40635d52e96c5ac095b85" - integrity sha512-B7xGbll2fG/VjP+SWg4sX3JynwIU0mjoTc6MPpKNuIvftk6u6vqhDnk1R80b8C2GBR6ywqy+1DcKBrevBg+bmw== +magic-string@^0.30.5: + version "0.30.5" + resolved "https://registry.yarnpkg.com/magic-string/-/magic-string-0.30.5.tgz#1994d980bd1c8835dc6e78db7cbd4ae4f24746f9" + integrity sha512-7xlpfBaQaP/T6Vh8MO/EqXSW5En6INHEvEXQiuff7Gku0PWjU3uf6w/j9o7O+SpB5fOAkrI5HeoNgwjEO0pFsA== dependencies: "@jridgewell/sourcemap-codec" "^1.4.15" @@ -1397,10 +1485,10 @@ markdown-it-emoji@^2.0.2: resolved "https://registry.yarnpkg.com/markdown-it-emoji/-/markdown-it-emoji-2.0.2.tgz#cd42421c2fda1537d9cc12b9923f5c8aeb9029c8" integrity sha512-zLftSaNrKuYl0kR5zm4gxXjHaOI3FAOEaloKmRA5hijmJZvSjmxcokOLlzycb/HXlUFWzXqpIEoyEMCE4i9MvQ== -markdown-it@^13.0.1: - version "13.0.1" - resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-13.0.1.tgz#c6ecc431cacf1a5da531423fc6a42807814af430" - integrity sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q== +markdown-it@^13.0.1, markdown-it@^13.0.2: + version "13.0.2" + resolved "https://registry.yarnpkg.com/markdown-it/-/markdown-it-13.0.2.tgz#1bc22e23379a6952e5d56217fbed881e0c94d536" + integrity sha512-FtwnEuuK+2yVU7goGn/MJ0WBZMM9ZPgU9spqlFs7/A/pDIUNSOQZhUgOqYCficIuR2QaFnrt8LHqBWsbTAoI5w== dependencies: argparse "^2.0.1" entities "~3.0.1" @@ -1542,6 +1630,11 @@ path-type@^4.0.0: resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== +path-type@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/path-type/-/path-type-5.0.0.tgz#14b01ed7aea7ddf9c7c3f46181d4d04f9c785bb8" + integrity sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg== + picocolors@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.0.tgz#cb5bdc74ff3f51892236eaf79d68bc44564ab81c" @@ -1565,7 +1658,7 @@ postcss-value-parser@^4.2.0: resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514" integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== -postcss@^8.1.10, postcss@^8.4.25, postcss@^8.4.27: +postcss@^8.4.25, postcss@^8.4.27, postcss@^8.4.31: version "8.4.31" resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== @@ -1683,6 +1776,11 @@ slash@^4.0.0: resolved "https://registry.yarnpkg.com/slash/-/slash-4.0.0.tgz#2422372176c4c6c5addb5e2ada885af984b396a7" integrity sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew== +slash@^5.1.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/slash/-/slash-5.1.0.tgz#be3adddcdf09ac38eebe8dcdc7b1a57a75b095ce" + integrity sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg== + "source-map-js@>=0.6.2 <2.0.0", source-map-js@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.0.2.tgz#adbc361d9c62df380125e7f161f71c826f1e490c" @@ -1750,6 +1848,11 @@ uc.micro@^1.0.1, uc.micro@^1.0.5: resolved "https://registry.yarnpkg.com/uc.micro/-/uc.micro-1.0.6.tgz#9c411a802a409a91fc6cf74081baba34b24499ac" integrity sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA== +unicorn-magic@^0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/unicorn-magic/-/unicorn-magic-0.1.0.tgz#1bb9a51c823aaf9d73a8bfcd3d1a23dde94b0ce4" + integrity sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ== + universalify@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.0.tgz#75a4984efedc4b08975c5aeb73f530d02df25717" @@ -1784,28 +1887,28 @@ vite@~4.4.2: optionalDependencies: fsevents "~2.3.2" -vue-demi@>=0.14.5: +vue-demi@>=0.14.6: version "0.14.6" resolved "https://registry.yarnpkg.com/vue-demi/-/vue-demi-0.14.6.tgz#dc706582851dc1cdc17a0054f4fec2eb6df74c92" integrity sha512-8QA7wrYSHKaYgUxDA5ZC24w+eHm3sYCbp0EzcDwKqN3p6HqtTCGR/GVsPyZW92unff4UlcSh++lmqDWN3ZIq4w== -vue-router@^4.2.4: - version "4.2.4" - resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-4.2.4.tgz#382467a7e2923e6a85f015d081e1508052c191b9" - integrity sha512-9PISkmaCO02OzPVOMq2w82ilty6+xJmQrarYZDkjZBfl4RvYAlt4PKnEX21oW4KTtWfa9OuO/b3qk1Od3AEdCQ== +vue-router@^4.2.4, vue-router@^4.2.5: + version "4.2.5" + resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-4.2.5.tgz#b9e3e08f1bd9ea363fdd173032620bc50cf0e98a" + integrity sha512-DIUpKcyg4+PTQKfFPX88UWhlagBEBEfJ5A8XDXRJLUnZOvcpMF8o/dnL90vpVkGaPbjvXazV/rC1qBKrZlFugw== dependencies: "@vue/devtools-api" "^6.5.0" -vue@^3.3.4: - version "3.3.4" - resolved "https://registry.yarnpkg.com/vue/-/vue-3.3.4.tgz#8ed945d3873667df1d0fcf3b2463ada028f88bd6" - integrity sha512-VTyEYn3yvIeY1Py0WaYGZsXnz3y5UnGi62GjVEqvEGPl6nxbOrCXbVOTQWBEJUqAyTUk2uJ5JLVnYJ6ZzGbrSw== +vue@^3.3.4, vue@^3.3.8: + version "3.3.8" + resolved "https://registry.yarnpkg.com/vue/-/vue-3.3.8.tgz#532ff071af24f6a69e5ecc53a66858a9ee874ffc" + integrity sha512-5VSX/3DabBikOXMsxzlW8JyfeLKlG9mzqnWgLQLty88vdZL7ZJgrdgBOmrArwxiLtmS+lNNpPcBYqrhE6TQW5w== dependencies: - "@vue/compiler-dom" "3.3.4" - "@vue/compiler-sfc" "3.3.4" - "@vue/runtime-dom" "3.3.4" - "@vue/server-renderer" "3.3.4" - "@vue/shared" "3.3.4" + "@vue/compiler-dom" "3.3.8" + "@vue/compiler-sfc" "3.3.8" + "@vue/runtime-dom" "3.3.8" + "@vue/server-renderer" "3.3.8" + "@vue/shared" "3.3.8" vuepress-vite@2.0.0-beta.66: version "2.0.0-beta.66" From a793620475519d19c86caa01242a8bc6a125045e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 11 Nov 2023 02:47:59 +0000 Subject: [PATCH 75/79] fix(deps): update module golang.org/x/text to v0.14.0 in go.mod (#3972) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c30a499b24..b19f589998 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( go.etcd.io/bbolt v1.3.8 go.uber.org/zap v1.26.0 golang.org/x/term v0.14.0 - golang.org/x/text v0.13.0 + golang.org/x/text v0.14.0 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index 5d6f9d6c8f..a7f8dc4af8 100644 --- a/go.sum +++ b/go.sum @@ -679,8 +679,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 8532bc32086b1d07692482b60a84132db0d95d42 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 00:56:03 +0000 Subject: [PATCH 76/79] fix(deps): update module github.com/xanzy/go-gitlab to v0.94.0 in go.mod (#3978) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b19f589998..031b1b4c73 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/uber-go/tally/v4 v4.1.10 github.com/urfave/negroni/v3 v3.0.0 github.com/warrensbox/terraform-switcher v0.1.1-0.20230206012955-d7dfd1b44605 - github.com/xanzy/go-gitlab v0.93.2 + github.com/xanzy/go-gitlab v0.94.0 go.etcd.io/bbolt v1.3.8 go.uber.org/zap v1.26.0 golang.org/x/term v0.14.0 diff --git a/go.sum b/go.sum index a7f8dc4af8..b79233f7b5 100644 --- a/go.sum +++ b/go.sum @@ -456,8 +456,8 @@ github.com/urfave/negroni/v3 v3.0.0 h1:Vo8CeZfu1lFR9gW8GnAb6dOGCJyijfil9j/jKKc/J github.com/urfave/negroni/v3 v3.0.0/go.mod h1:jWvnX03kcSjDBl/ShB0iHvx5uOs7mAzZXW+JvJ5XYAs= github.com/warrensbox/terraform-switcher v0.1.1-0.20230206012955-d7dfd1b44605 h1:bRt3KvPapqnO3s9XenyU4COpU9X7cNW3BMELyHRxuSs= github.com/warrensbox/terraform-switcher v0.1.1-0.20230206012955-d7dfd1b44605/go.mod h1:saryXNaL624mlulV138FP+HhVw7IpvETUXLS3nTvH1g= -github.com/xanzy/go-gitlab v0.93.2 h1:kNNf3BYNYn/Zkig0B89fma12l36VLcYSGu7OnaRlRDg= -github.com/xanzy/go-gitlab v0.93.2/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.94.0 h1:GmBl2T5zqUHqyjkxFSvsT7CbelGdAH/dmBqUBqS+4BE= +github.com/xanzy/go-gitlab v0.94.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From 99035ce7ac9ae37aa42ee45ed06204f2c2e2bb52 Mon Sep 17 00:00:00 2001 From: Luke Massa Date: Tue, 14 Nov 2023 18:41:49 -0500 Subject: [PATCH 77/79] Remove deprecated repo whitelist flag (#3922) --- cmd/server.go | 70 ++++++++++++++++--------------------------- server/user_config.go | 2 -- 2 files changed, 26 insertions(+), 46 deletions(-) diff --git a/cmd/server.go b/cmd/server.go index d0aa2dfcc7..795d165276 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -118,33 +118,31 @@ const ( RedisInsecureSkipVerify = "redis-insecure-skip-verify" RepoConfigFlag = "repo-config" RepoConfigJSONFlag = "repo-config-json" - // RepoWhitelistFlag is deprecated for RepoAllowlistFlag. - RepoWhitelistFlag = "repo-whitelist" - RepoAllowlistFlag = "repo-allowlist" - RequireApprovalFlag = "require-approval" - RequireMergeableFlag = "require-mergeable" - SilenceNoProjectsFlag = "silence-no-projects" - SilenceForkPRErrorsFlag = "silence-fork-pr-errors" - SilenceVCSStatusNoPlans = "silence-vcs-status-no-plans" - SilenceAllowlistErrorsFlag = "silence-allowlist-errors" - SkipCloneNoChanges = "skip-clone-no-changes" - SlackTokenFlag = "slack-token" - SSLCertFileFlag = "ssl-cert-file" - SSLKeyFileFlag = "ssl-key-file" - RestrictFileList = "restrict-file-list" - TFDownloadFlag = "tf-download" - TFDownloadURLFlag = "tf-download-url" - UseTFPluginCache = "use-tf-plugin-cache" - VarFileAllowlistFlag = "var-file-allowlist" - VCSStatusName = "vcs-status-name" - TFEHostnameFlag = "tfe-hostname" - TFELocalExecutionModeFlag = "tfe-local-execution-mode" - TFETokenFlag = "tfe-token" - WriteGitCredsFlag = "write-git-creds" // nolint: gosec - WebBasicAuthFlag = "web-basic-auth" - WebUsernameFlag = "web-username" - WebPasswordFlag = "web-password" - WebsocketCheckOrigin = "websocket-check-origin" + RepoAllowlistFlag = "repo-allowlist" + RequireApprovalFlag = "require-approval" + RequireMergeableFlag = "require-mergeable" + SilenceNoProjectsFlag = "silence-no-projects" + SilenceForkPRErrorsFlag = "silence-fork-pr-errors" + SilenceVCSStatusNoPlans = "silence-vcs-status-no-plans" + SilenceAllowlistErrorsFlag = "silence-allowlist-errors" + SkipCloneNoChanges = "skip-clone-no-changes" + SlackTokenFlag = "slack-token" + SSLCertFileFlag = "ssl-cert-file" + SSLKeyFileFlag = "ssl-key-file" + RestrictFileList = "restrict-file-list" + TFDownloadFlag = "tf-download" + TFDownloadURLFlag = "tf-download-url" + UseTFPluginCache = "use-tf-plugin-cache" + VarFileAllowlistFlag = "var-file-allowlist" + VCSStatusName = "vcs-status-name" + TFEHostnameFlag = "tfe-hostname" + TFELocalExecutionModeFlag = "tfe-local-execution-mode" + TFETokenFlag = "tfe-token" + WriteGitCredsFlag = "write-git-creds" // nolint: gosec + WebBasicAuthFlag = "web-basic-auth" + WebUsernameFlag = "web-username" + WebPasswordFlag = "web-password" + WebsocketCheckOrigin = "websocket-check-origin" // NOTE: Must manually set these as defaults in the setDefaults function. DefaultADBasicUser = "" @@ -369,10 +367,6 @@ var stringFlags = map[string]stringFlag{ "all repos: '*' (not secure), an entire hostname: 'internalgithub.com/*' or an organization: 'github.com/runatlantis/*'." + " For Bitbucket Server, {owner} is the name of the project (not the key).", }, - RepoWhitelistFlag: { - description: "[Deprecated for --repo-allowlist].", - hidden: true, - }, SlackTokenFlag: { description: "API token for Slack notifications.", }, @@ -918,16 +912,9 @@ func (s *ServerCmd) validate(userConfig server.UserConfig) error { return vcsErr } - // Handle deprecation of repo whitelist. - if userConfig.RepoWhitelist == "" && userConfig.RepoAllowlist == "" { + if userConfig.RepoAllowlist == "" { return fmt.Errorf("--%s must be set for security purposes", RepoAllowlistFlag) } - if userConfig.RepoAllowlist != "" && userConfig.RepoWhitelist != "" { - return fmt.Errorf("both --%s and --%s cannot be set–use --%s", RepoAllowlistFlag, RepoWhitelistFlag, RepoAllowlistFlag) - } - if strings.Contains(userConfig.RepoWhitelist, "://") { - return fmt.Errorf("--%s cannot contain ://, should be hostnames only", RepoWhitelistFlag) - } if strings.Contains(userConfig.RepoAllowlist, "://") { return fmt.Errorf("--%s cannot contain ://, should be hostnames only", RepoAllowlistFlag) } @@ -1132,11 +1119,6 @@ func (s *ServerCmd) deprecationWarnings(userConfig *server.UserConfig) error { fmt.Println(warning) } - // Handle repo whitelist deprecation. - if userConfig.RepoWhitelist != "" { - userConfig.RepoAllowlist = userConfig.RepoWhitelist - } - return nil } diff --git a/server/user_config.go b/server/user_config.go index 45a6d4c5dd..aa6c120e0f 100644 --- a/server/user_config.go +++ b/server/user_config.go @@ -84,8 +84,6 @@ type UserConfig struct { RepoConfig string `mapstructure:"repo-config"` RepoConfigJSON string `mapstructure:"repo-config-json"` RepoAllowlist string `mapstructure:"repo-allowlist"` - // RepoWhitelist is deprecated in favour of RepoAllowlist. - RepoWhitelist string `mapstructure:"repo-whitelist"` // RequireApproval is whether to require pull request approval before // allowing terraform apply's to be run. From 896c394988b2ab46d392d07408deb54ec8a78475 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Zipitr=C3=ADa?= <3012076+fzipi@users.noreply.github.com> Date: Wed, 15 Nov 2023 06:17:31 +0100 Subject: [PATCH 78/79] fix: remove unused packages after gosu cleanup (#3975) Signed-off-by: Felipe Zipitria Co-authored-by: Felipe Zipitria Co-authored-by: PePe Amengual --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fbc22a992f..9fa5c24547 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,7 +53,6 @@ RUN apt-get update && \ git \ unzip \ openssh-server \ - libcap2 \ dumb-init \ gnupg \ openssl && \ @@ -164,7 +163,6 @@ RUN apk add --no-cache \ unzip~=6.0 \ bash~=5.2 \ openssh~=9.3_p2 \ - libcap~=2.69 \ dumb-init~=1.2 \ gcompat~=1.1 From ce2b99223acc6ce9523bbf588668cadf16077011 Mon Sep 17 00:00:00 2001 From: Henry Muru Paenga Date: Wed, 15 Nov 2023 19:21:11 +1300 Subject: [PATCH 79/79] fix: Check user permissions on autoplan (#3742) * Check user permissions on autoplan --------- Co-authored-by: PePe Amengual --- .../events/events_controller_e2e_test.go | 4 ++-- server/events/command_runner.go | 16 +++++++++++++--- server/events/command_runner_test.go | 8 ++++---- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go index d1e8280f9a..e56c2c4131 100644 --- a/server/controllers/events/events_controller_e2e_test.go +++ b/server/controllers/events/events_controller_e2e_test.go @@ -1363,7 +1363,7 @@ func setupE2E(t *testing.T, repoDir string, opt setupOption) (events_controllers conftextExec := policy.NewConfTestExecutorWorkflow(logger, binDir, &NoopTFDownloader{}) - // swapping out version cache to something that always returns local contest + // swapping out version cache to something that always returns local conftest // binary conftextExec.VersionCache = &LocalConftestCache{} @@ -1763,7 +1763,7 @@ func mkSubDirs(t *testing.T) (string, string, string) { // Will fail test if conftest isn't in path func ensureRunningConftest(t *testing.T) { - // use `conftest` command instead `contest$version`, so tests may fail on the environment cause the output logs may become change by version. + // use `conftest` command instead `conftest$version`, so tests may fail on the environment cause the output logs may become change by version. t.Logf("conftest check may fail depends on conftest version. please use latest stable conftest.") _, err := exec.LookPath(conftestCommand) if err != nil { diff --git a/server/events/command_runner.go b/server/events/command_runner.go index 085d846a9a..e9e44b864f 100644 --- a/server/events/command_runner.go +++ b/server/events/command_runner.go @@ -153,6 +153,16 @@ func (c *DefaultCommandRunner) RunAutoplanCommand(baseRepo models.Repo, headRepo timer := scope.Timer(metrics.ExecutionTimeMetric).Start() defer timer.Stop() + // Check if the user who triggered the autoplan has permissions to run 'plan'. + ok, err := c.checkUserPermissions(baseRepo, user, "plan") + if err != nil { + c.Logger.Err("Unable to check user permissions: %s", err) + return + } + if !ok { + return + } + ctx := &command.Context{ User: user, Log: log, @@ -227,7 +237,7 @@ func (c *DefaultCommandRunner) commentUserDoesNotHavePermissions(baseRepo models } // checkUserPermissions checks if the user has permissions to execute the command -func (c *DefaultCommandRunner) checkUserPermissions(repo models.Repo, user models.User, cmd *CommentCommand) (bool, error) { +func (c *DefaultCommandRunner) checkUserPermissions(repo models.Repo, user models.User, cmdName string) (bool, error) { if c.TeamAllowlistChecker == nil || !c.TeamAllowlistChecker.HasRules() { // allowlist restriction is not enabled return true, nil @@ -236,7 +246,7 @@ func (c *DefaultCommandRunner) checkUserPermissions(repo models.Repo, user model if err != nil { return false, err } - ok := c.TeamAllowlistChecker.IsCommandAllowedForAnyTeam(teams, cmd.Name.String()) + ok := c.TeamAllowlistChecker.IsCommandAllowedForAnyTeam(teams, cmdName) if !ok { return false, nil } @@ -278,7 +288,7 @@ func (c *DefaultCommandRunner) RunCommentCommand(baseRepo models.Repo, maybeHead defer timer.Stop() // Check if the user who commented has the permissions to execute the 'plan' or 'apply' commands - ok, err := c.checkUserPermissions(baseRepo, user, cmd) + ok, err := c.checkUserPermissions(baseRepo, user, cmd.Name.String()) if err != nil { c.Logger.Err("Unable to check user permissions: %s", err) return diff --git a/server/events/command_runner_test.go b/server/events/command_runner_test.go index 8f1a3a77c5..3905e45e30 100644 --- a/server/events/command_runner_test.go +++ b/server/events/command_runner_test.go @@ -271,7 +271,7 @@ func TestRunCommentCommand_GithubPullErr(t *testing.T) { t.Log("if getting the github pull request fails an error should be logged") vcsClient := setup(t) When(githubGetter.GetPullRequest(testdata.GithubRepo, testdata.Pull.Num)).ThenReturn(nil, errors.New("err")) - ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, nil) + ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, &events.CommentCommand{Name: command.Plan}) vcsClient.VerifyWasCalledOnce().CreateComment(testdata.GithubRepo, testdata.Pull.Num, "`Error: making pull request API call to GitHub: err`", "") } @@ -279,7 +279,7 @@ func TestRunCommentCommand_GitlabMergeRequestErr(t *testing.T) { t.Log("if getting the gitlab merge request fails an error should be logged") vcsClient := setup(t) When(gitlabGetter.GetMergeRequest(testdata.GitlabRepo.FullName, testdata.Pull.Num)).ThenReturn(nil, errors.New("err")) - ch.RunCommentCommand(testdata.GitlabRepo, &testdata.GitlabRepo, nil, testdata.User, testdata.Pull.Num, nil) + ch.RunCommentCommand(testdata.GitlabRepo, &testdata.GitlabRepo, nil, testdata.User, testdata.Pull.Num, &events.CommentCommand{Name: command.Plan}) vcsClient.VerifyWasCalledOnce().CreateComment(testdata.GitlabRepo, testdata.Pull.Num, "`Error: making merge request API call to GitLab: err`", "") } @@ -290,7 +290,7 @@ func TestRunCommentCommand_GithubPullParseErr(t *testing.T) { When(githubGetter.GetPullRequest(testdata.GithubRepo, testdata.Pull.Num)).ThenReturn(&pull, nil) When(eventParsing.ParseGithubPull(&pull)).ThenReturn(testdata.Pull, testdata.GithubRepo, testdata.GitlabRepo, errors.New("err")) - ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, nil) + ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, &events.CommentCommand{Name: command.Plan}) vcsClient.VerifyWasCalledOnce().CreateComment(testdata.GithubRepo, testdata.Pull.Num, "`Error: extracting required fields from comment data: err`", "") } @@ -1188,7 +1188,7 @@ func TestRunCommentCommand_DrainNotOngoing(t *testing.T) { t.Log("if drain is not ongoing then remove ongoing operation must be called even if panic occurred") setup(t) When(githubGetter.GetPullRequest(testdata.GithubRepo, testdata.Pull.Num)).ThenPanic("panic test - if you're seeing this in a test failure this isn't the failing test") - ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, nil) + ch.RunCommentCommand(testdata.GithubRepo, &testdata.GithubRepo, nil, testdata.User, testdata.Pull.Num, &events.CommentCommand{Name: command.Plan}) githubGetter.VerifyWasCalledOnce().GetPullRequest(testdata.GithubRepo, testdata.Pull.Num) Equals(t, 0, drainer.GetStatus().InProgressOps) }