Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors in logs when Github push a Pull request event from non-allowlisted repo #2493

Closed
jhaumont opened this issue Sep 6, 2022 · 3 comments
Closed

Errors in logs when Github push a Pull request event from non-allowlisted repo #2493

jhaumont opened this issue Sep 6, 2022 · 3 comments
Labels
bug Something isn't working help wanted Good feature for contributors

Comments

@jhaumont
Copy link

jhaumont commented Sep 6, 2022
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

Since v0.19.3 release and the merge of this PR #2147 (with this modification:

atlantis/server/controllers/events/events_controller.go

Line 423 in 24a0d7c

err := errors.Errorf("Pull request event from non-allowlisted repo \"%s/%s\"", baseRepo.VCSHost.Hostname, baseRepo.FullName)
), we've now error when a pull request comes from a non-allowlisted repo github, even if we use --silence-allowlist-errors flag.
This is spam our logs & monitoring with false errors and doesn't help for alerting.

I think if we want to skip the comment in the PR from non-allowlisted repo with --silence-allowlist-errors flag, we don't want the error too (like before).

Reproduction Steps

Setup atlantis to only allow one repository:
--repo-allowlist='github.com/org/terraform'

Setup atlantis to silence allowlist errors:
--silence-allowlist-errors=true

On Github side, setup atlantis app (webhook) to access All repositories
image

Logs

{
    "level": "error",
    "ts": "2022-09-06T17:08:47.412Z",
    "caller": "events/events_controller.go:183",
    "msg": "error handling gh post code: 403 err: Pull request event from non-allowlisted repo \"github.com/org/not-terraform\"",
    "json": {
        "gh-request-id": "X-Github-Delivery=916d3c10-2e06-11ed-8385-69920fdc666a"
    },
    "stacktrace": "github.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).handleGithubPost\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:183\ngithub.com/runatlantis/atlantis/server/controllers/events.(*VCSEventsController).Post\n\tgithub.com/runatlantis/atlantis/server/controllers/events/events_controller.go:99\nnet/http.HandlerFunc.ServeHTTP\n\tnet/http/server.go:2047\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\tgithub.com/gorilla/[email protected]/mux.go:210\ngithub.com/urfave/negroni.Wrap.func1\n\tgithub.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\tgithub.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/[email protected]/negroni.go:38\ngithub.com/runatlantis/atlantis/server.(*RequestLogger).ServeHTTP\n\tgithub.com/runatlantis/atlantis/server/middleware.go:68\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Recovery).ServeHTTP\n\tgithub.com/urfave/[email protected]/recovery.go:193\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\tgithub.com/urfave/[email protected]/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\tnet/http/server.go:2879\nnet/http.(*conn).serve\n\tnet/http/server.go:1930"
}

Environment details

  • Atlantis version: 0.19.7
  • Atlantis helm chart: 4.0.7

Atlantis server-side config file:

log-level:                info
default-tf-version:       1.0.8
atlantis-url:             https://atlantis.local
automerge:                true
checkout-strategy:        merge
parallel-pool-size:       100
hide-prev-plan-comments:  true
gh-org:                   org
gh-app-key-file:          /secrets/GITHUB_APP_PEM_FILE
write-git-creds:          true                          # Allow atlantis to write git creds from github app
allow-draft-prs:          true
silence-allowlist-errors: true
enable-diff-markdown-format: true
@jhaumont jhaumont added the bug Something isn't working label Sep 6, 2022
@jamengual jamengual added the help wanted Good feature for contributors label Sep 8, 2022
@jhaumont
Copy link
Author

Hi
I will try to handle this during hacktoberfest @jamengual

@zer0beat zer0beat mentioned this issue Sep 22, 2022
Merged
@nitrocode
Copy link
Member

@jhaumont is this no longer an issue?

@jhaumont
Copy link
Author

@nitrocode no, the fix merged remove the errors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Good feature for contributors
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jamengual @jhaumont @nitrocode