NOTE: We do not plan to update this page anymore. Please see the releases page for the updated changelog.
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.23.3
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.23.2
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.23.1
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.23.0
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.22.3
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.22.2
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.22.1
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.22.0
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.21.0
- Terraform version 1.x have been removed to deprecate beta versions of terraform and reduce the docker image size. Each version of terraform is about 80 MB. (#2619)
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.20.1
Broken build due to github action issues
https://github.com/runatlantis/atlantis/releases/tag/v0.20.0
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.19.8
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.19.7
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.19.6
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.19.5
-
--var-file-allowlistflag has been added to restrict the access of files on Atlantis install from pull request comments. Set the flag if you want to explicitly grant the access to files outside the default data directory.Previously, any file could be passed to
-var-file. Now only files under the directories in the allowlist are permitted.
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.19.4
Bugfixes and new Features
https://github.com/runatlantis/atlantis/releases/tag/v0.19.3
Bug fix release for github and update docs to reflect the docker registry support change.
- fix: fix unmarshall error in graphql call by @raymondchen625 in #2128
- docs: update docker registry link to ghcr by @marceloboeira in #2130
Bug fix release, most importantly fixing the wrong version number associated with v0.19.0.
And it also contains fixes for bitbucketcloud and gitlab.
- build(deps): bump actions/checkout from 2 to 3 by @dependabot in #2119
- build(deps): bump github.com/xanzy/go-gitlab from 0.55.1 to 0.58.0 by @dependabot in #2118
- fix(bitbucketcloud): Ensure status key has at most 40 characters by @maxbrunet in #2037
- fix(gitlab-client): change
pendingtorunningstate by @syphernl in #1971 - fix(bitbucketcloud)!: Use AccountID as username instead of Nickname by @maxbrunet in #2034
Feature release for:
- multi-arch docker images
- add
pendingstatus for apply
- docs: moving streaming logs section from top-level navigation to docs by @Aayyush in #2066
- fix(docker): Multi-arch Docker images, attempt two by @Tenzer in #2114
- feat: add a pending status for apply when running plan command by @AndreZiviani in #2053
Maintenance release:
- Drop Dockerhub support (#2103)
- fixing the most recent multiplatform image build issue. (#2104)
- ci: drop circleci docker hub update by @chenrui333 in #2102
- fix(docker): fix docker runtime issue by @chenrui333 in #2106
- deps: tf 1.1.7 by @chenrui333 in #2108
Maintenance release for security patches with atlantis-base image
- fix(web-templates): use CleanedBasePath for titles by @jvrplmlmn in #2091
- build(deps): bump runatlantis/atlantis-base from 2021.12.15 to 2022.03.02
- docker: bump git-lfs and gosu dependencies by @hi-artem in #2096
- fix(docker): fix base image for multi-platform build by @Tenzer in #2099
- fix(docker): fix installation of git-lfs in armv7 image by @Tenzer in #2100
- fix(docker): download Terraform and conftest versions matching image architecture by @Tenzer in #2101
- Fix URL generation by @PertsevRoman in #2021
- deps: terraform 1.1.5 by @lazzurs in #2042
- docs: update devops PR link by @chenrui333 in #2033
- Moving config files to core/config by @msarvar in #2036
- docs: fix policy example with custom workflow by @aliscott in #2049
- docs: fix some typos by @ocaisa in #2048
- fix: get user teams with GitHub GraphQL API by @raymondchen625 in #2045
- build(deps): bump github.com/xanzy/go-gitlab from 0.54.3 to 0.54.4 by @dependabot in #2050
- docs: add user facing documentation for real-time logs by @Aayyush in #1963
- feat: Use UUIDs to identify log streaming jobs by @Aayyush in #2051
- build(deps): bump ajv from 6.5.1 to 6.12.6 by @dependabot in #2060
- build(deps): bump github.com/xanzy/go-gitlab from 0.54.4 to 0.55.1 by @dependabot in #2061
- build(deps): bump github.com/golang-jwt/jwt/v4 from 4.2.0 to 4.3.0 by @dependabot in #2062
- build(deps): bump github.com/microcosm-cc/bluemonday from 1.0.17 to 1.0.18 by @dependabot in #2063
- build(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in #2064
- deps: tf 1.1.6 by @chenrui333 in #2071
- Removing web credentials from debug log by @pkaramol in #2072
- build(deps): bump github.com/gorilla/websocket from 1.4.2 to 1.5.0 by @dependabot in #2077
- build(deps): bump prismjs from 1.25.0 to 1.27.0 by @dependabot in #2086
- fix(web-templates): use CleanedBasePath for static content by @jvrplmlmn in #2079
- deps: terraform 1.1.3 by @chenrui333 in #1982
- deps: conftest 0.30.0 by @chenrui333 in #1983
- build(deps): bump github.com/xanzy/go-gitlab from 0.52.2 to 0.54.3 by @dependabot in #1986
- build(deps): bump github.com/hashicorp/go-version from 1.3.0 to 1.4.0 by @dependabot in #1987
- build(deps): bump go.uber.org/zap from 1.19.1 to 1.20.0 by @dependabot in #1988
- docs: document
undivergedapply requirement in more places by @fishpen0 in #1992 - fix: fix autoplan when .terraform.lock.hcl is modified by @gezb in #1991
- feat: add XTerm JS to the server static files by @Ka1wa in #1985
- feat: post workflow hooks by @tim775 in #1990
- docs: add colon to policy checking yaml by @williamlord-wise in #1996
- docs: include infracost ref in post-workflow-hooks by @ilamtap in #1997
- fix(docs): update screenshot for Bitbucket server webhook configuration by @kuzm1ch in #1995
- fix: make IsOwner policy check case-insensitive by @edbighead in #1989
- build(deps): bump github.com/bradleyfalzon/ghinstallation/v2 from 2.0.3 to 2.0.4 by @dependabot in #2004
- build(deps): bump github.com/hashicorp/go-getter from 1.5.10 to 1.5.11 by @dependabot in #2003
- docs: fix incorrect wildcard and more precise instruction to --gh-team-allowlist option. by @keitap in #2005
- fix: support for terraform workspaces by @bschaeffer in #2006
- deps: terraform 1.1.4 by @chenrui333 in #2011
- fix: add back basic auth support by @Aayyush in #2008
- chore: improve
/healthzendpoint performance by @inkel in #2014 - fix: Update GenerateProjectJobURL to account for nested repo names by @Aayyush in #2012
- fix: broken Log Streaming URL when working directory is set to "./" by @Aayyush in #2015
- fix: retry /files/ requests to github by @iainlane in #2002
Maintenance release for bug fixes as well as release multi-platform builds for atlantis docker images.
- Revert "feat: filter out atlantis/apply from mergeability clause (#18… by @nishkrishnan in #1968
- build(deps): bump github.com/microcosm-cc/bluemonday from 1.0.16 to 1.0.17 by @dependabot in #1969
- fix:include no GitHub allowlist rules by default by @paulerickson in #1973
- fix: default permissions for gh-team-allowlist. by @nishkrishnan in #1974
- docs: documentation for slack integration by @syphernl in #1972
- workflows(atlantis-image): fix building and publishing of Docker images by @Tenzer in #1975
- fix: allowed regexp prefixes for exact matches by @bmbferreira in #1962
- deps: conftest 0.29.0 by @chenrui333 in #1977
Feature release of adding capability of streaming terraform logs, also added the capability of supporting tf 1.0.x (which was missed in the v0.17.6 release).
- deps: terraform 1.1.2 by @chenrui333 in #1952
- build(deps): bump github.com/spf13/viper from 1.10.0 to 1.10.1 by @dependabot in #1956
- Dockerfile: Add support for last Terraform 1.0.x version in AVAILABLE_TERRAFORM_VERSIONS by @javierbeaumont in #1957
- feat: add GitHub team allowlist configuration option by @paulerickson in #1694
- fix: fallback to default TF version in apply step by @sapslaj in #1931
- docs: typo in heading level by @moretea in #1960
- docs: clarify example for
--azuredevops-tokenflag by @MarkIannucci in #1712 - docs: update github docs links by @chenrui333 in #1964
- build(deps): bump github.com/hashicorp/go-getter from 1.5.9 to 1.5.10 by @dependabot in #1961
- feat: streaming terraform logs in real-time by @Aayyush in #1937
- docs: clarify maximum version limit by @tomharrisonjr in #1894
- fix: allow requests to /healthz without authentication by @wendtek in #1896
- docs: document approve_policies command in comment_parser by @dupuy26 in #1886
- feat: adds
allowed_regexp_prefixesparameter to use with the--enable-regexp-cmdflag by @bmbferreira in #1884 - refactor: Add PullStatusFetcher interface by @nishkrishnan in #1904
- build(deps): bump github.com/urfave/negroni from 0.3.0 to 1.0.0 by @dependabot in #1922
- build(deps): bump github.com/xanzy/go-gitlab from 0.51.1 to 0.52.2 by @dependabot in #1921
- build(deps): bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 by @dependabot in #1928
- docs: add clarity and further policy_check examples by @DaveHewy in #1925
- build(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.0 by @dependabot in #1934
- deps: terraform 1.1.1 by @chenrui333 in #1939
- deps: alpine 3.15 by @chenrui333 in #1941
- docs: fix policy check documentation examples by @DaveHewy in #1945
- docker: make multi-platform atlantis image by @chenrui333 in #1943
- refactor: move from io/ioutil to io and os package by @Juneezee in #1843
- chore: use golang-jwt/jwt to replace dgrijalva/jwt-go by @barn in #1845
- fix(azure): allow host to be specified in user_config for on premise installation by @dandcg in #1860
- feat: filter out atlantis/apply from mergeability clause by @nishkrishnan in #1856
- feat: add BasicAuth Support to Atlantis ServeHTTP by @fblgit in #1777
- fix(azure): allow correct path to be derived for on premise installation by @dandcg in #1863
- feat: add new bitbucket server webhook event type pr:from_ref_updated(#198) by @kuzm1ch in #1866
- Move runtime common under existing runtime package. by @nishkrishnan in #1875
- feat: use goreleaser to replace the binary-release script by @chenrui333 in #1873
- build(deps): bump tar from 4.4.15 to 4.4.19 by @dependabot in #1783
- build: tf 1.0.6 by @chenrui333 in #1786
- Bump testing image conftest version to 0.27 by @nishkrishnan in #1787
- Actually bump testing image conftest version to 0.27 by @nishkrishnan in #1788
- build: fix testing-env img process by @chenrui333 in #1789
- e2e: update dockerfile by @chenrui333 in #1790
- build(deps): bump runatlantis/atlantis-base from 2021.06.22 to 2021.08.31 by @dependabot in #1794
- build(deps): bump github.com/xanzy/go-gitlab from 0.50.3 to 0.50.4 by @dependabot in #1795
- fix a log error typo by @danpilch in #1796
- Set ParallelPolicyCheckEnabled to the same value as ParallelPlanEnabled by @msarvar in #1802
- docs: Add missing --silence-vcs-status-no-plans flag by @franklad in #1803
- build(lint): use revive instead of golint by @minamijoyo in #1801
- build(deps): bump github.com/hashicorp/go-getter from 1.5.7 to 1.5.8 by @dependabot in #1807
- build(deps): bump go.uber.org/zap from 1.19.0 to 1.19.1 by @dependabot in #1808
- docs: add missing the
branchkey in the reference for server side repo config by @minamijoyo in #1784 - build: tf 1.0.7 by @chenrui333 in #1811
- deps: conftest 0.28.0 by @chenrui333 in #1819
- deps: conftest 0.28.1 by @chenrui333 in #1826
- build(deps): bump prismjs from 1.24.0 to 1.25.0 by @dependabot in #1823
- Updating client interface and adding ApprovalStatus model by @Aayyush in #1827
- Fix title level by @xiao-pp in #1822
- build(deps): bump github.com/xanzy/go-gitlab from 0.50.4 to 0.51.1 by @dependabot in #1831
- Add support for deleting a branch on merge in BitBucket Server by @wpbeckwith in #1792
- deps: tf 1.0.8 by @chenrui333 in #1837
- build(deps): bump github.com/spf13/viper from 1.8.1 to 1.9.0 by @dependabot in #1821
- Document --auto-merge-disabled option by @dupuy26 in #1838
- testdrive: update terraformVersion by @chenrui333 in #1839
- Improve github pull request call retries by @aristocrates in #1810
Feature release with a number of improvements related to Gitlab support, a new command, better formatting etc. Some broken features have been fixed in along with some regressions.
- Add version command to Atlantis for getting the current terraform version (#1691 by @pjsier)
- Support "Pipelines must succeed", "All discussions must be resolved" in Gitlab
apply_requirements(#1675 by @devlucasc) - Add support for specifying github app key as a string (#1706 by @dhaven)
- Add flag to enable rich github markdown formatting of terraform outputs (#1751 by @enochlo)
- Note: Depending on feedback here, we will consider just enabling this by default in a future release.
- Add support for splitting large comments into batches for Gitlab (#1755 by @krrrr38)
- Fix remote ops detection for tf >= 1.0.0 (#1687 by @taavitani)
- Fix Gitlab auto-merge race condition #1609 (#1675 by @devlucasc)
- Fix an issue where
--parallel-pool-sizewas being ignored (#1705 by @Schtolc) - Fix an issue where applies can occur on draft merge requests in Gitlab (#1736 by @devlucasc)
- Fix regression where .terraform.lock.hcl would prevent future operations from upgrading providers even with the
-upgradepresent (#1701 by @gezb) - Fix issue with branch regex matcher which would always allow all branches (#1768 by @minamijoyo)
- Upgrade default tf version to 1.0.5 (#1662 by @chenrui333)
- Upgrade go version to 0.17 (#1766 by @chenrui1333)
- Upgrade alpine to v3.14, addressing CVE-2021-36159, CVE-2021-22924, CVE-2021-22923 and CVE-2021-22925 vulnerabilities (#1770 by @chenrui1333)
- If you are using GHCR and are using the
atlantis:latestdocker image, this now points to the latest release as opposed to the tip of master. If you want to work off the tip of master, then you should now useatlantis:dev
ghcr.io/runatlantis/atlantis:v0.17.3
https://github.com/runatlantis/atlantis/compare/v0.17.2...v0.17.3
Patch release containing bug fixes.
- Fix a regression introduced where approving failing policies would create a secondary status in pending without ever being marked as successful (#1672 by @nishkrishnan)
- Fix a bug where pre-workflow hooks cannot find atlantis.yaml when run on non-default workspaces. (#1620 by @giuli007)
- Upgrade default tf version to 1.0.1 (#1662 by @chenrui333)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 1.0.1. Simply set the above flag to your desired default version to avoid any issues.
ghcr.io/runatlantis/atlantis:v0.17.2
https://github.com/runatlantis/atlantis/compare/v0.17.1...v0.17.2
Feature release containing a number of bug fixes.
Note: as of this release we are now also publishing releases to Github Container Registry. We will stop publishing releases to Dockerhub in a subsequent major version release, please migrate any workflows to start using Github Container Registry in the meantime.
- Add extra args support for policy checking command (#1511 by @nishkrishnan)
- Add undiverged apply requirement (#1587 by @pcalley)
- Modify logging timestamp to be ISO8601 (#1625 by @tkishore1192)
- Add run step environment variable SHOWFILE (#1611 by @mhennecke)
- Add flag to disable automerge for
atlantis apply(#1533 by @spirosoik) - Add support for deduping extra terraform args (#1651 by @gezb)
- Preserving terraform.lock.hcl when present by not upgrading during terraform init (#1651 by @gezb)
- Fix a bug with the hide previous command logic (#1549 by @nishkrishnan)
- Fix a bug with Azure Dev ops Prs where only the recent commit was used to get the diff (#1521 by @nishkrishnan)
- Fix bug with deleting source branch on merging Azure Dev Ops PRs (#1560 by @tapaszto)
- Fix regression with parallelApply and parallelPlan args being in the wrong order and therefore swapped. (#1574 by @Fauzyy)
- Fix nil pointer deference when
disable-repo-lockingis true. (#1557 by @Fauzyy) - Fix azure dev ops max comment characters to api limit (#1585 by @mhennecke)
- Fix bug where required terraform version was not being loaded when policy checks are enabled (#1658 by @msarvar)
- Fix bug where plan summary was not shown when changes outside of Terraform were detected (#1593 by @chroju)
- Upgrade conftest binary version to 0.25 (#1516 by @msarvar)
- Upgrade default tf version to 1.0 (#1622 by @chenrui333)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 1.0. Simply set the above flag to your desired default version to avoid any issues.
ghcr.io/runatlantis/atlantis:v0.17.1
https://github.com/runatlantis/atlantis/compare/v0.17.0...v0.17.1
Feature release encompassing this version's pre-release with some bug fixes and improvements that make this stable.
- Add
--enable-policy-checkswhich adds a policy checking step to the Atlantis workflow and runs server-side conftest policies on the terraform plan output. (#1317 by @msarvar and @nishkrishnan)- Supports
atlantis approve_policieswhich allows a set of blessed github users to approve failing policies.
- Supports
- Support pre-workflow hooks on all comment/auto triggered commands (#1418 by @nishkrishnan)
- Add branch allowlist matcher to server side repo config (#1383 by @dghubble)
- Add support for regex commands (#1419 by @bewie)
- Add support for a global apply lock (#1473 by @msarvar)
- Add structured logging support (#1467 by @nishkrishnan)
- Ensure policy checks is its own apply requirement (#1499 by @nishkrishnan)
- Add
--silence-no-projectswhich silences Atlantis from responding to PRs when there are no projects (#1469 by @GenPage) - Add plan summary to unfolded part of the comment (#1518 by @wkrysmann)
- Add
--autoplan-file-listwhich allows modifying the global list of files that trigger project planning (#1475 by @Omicron7) - Add server-side repo config support to delete the source branch when automerge is configured (#1357 by @tapaszto)
- Fix output for Terraform 0.14 projects not filtering out refreshing of state. (#1352 by @mathcantin)
- Upgrade conftest binary version to 0.23 (#1516 by @msarvar)
- Upgrade default tf version to 0.15.1 and add latest patch versions for old terraform minor versions (#1472 by @bryantbiggs)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.15.1. Simply set the above flag to your desired default version to avoid any issues. - Hashicorp's GPG keys were exposed. This PR adds the latest patch versions for each Terraform minor version which has new keys.
https://github.com/runatlantis/atlantis/compare/v0.16.1...v0.17.0
Feature release. Due to a sizeable refactor and the number of configuration settings supported in Atlantis, this is a pre-release and should not be considered fully stable.
- Add
--enable-policy-checkswhich adds a policy checking step to the Atlantis workflow and runs server-side conftest policies on the terraform plan output. (#1317 by @msarvar and @nishkrishnan)- Supports
atlantis approve_policieswhich allows a set of blessed github users to approve failing policies.
- Supports
- Support pre-workflow hooks on all comment/auto triggered commands (#1418 by @nishkrishnan)
- Add
HEAD_COMMITto run steps - Update terraform version to 0.14.7
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.14.7. Simply set the above flag to your desired default version to avoid any issues.
runatlantis/atlantis:v0.17.0-beta
https://github.com/runatlantis/atlantis/compare/v0.16.1...v0.17.0-beta
Few improvements and a number of bug fixes
- Add
--gh-app-slugwhich allows fetching of gh app user. (#1334 by @nishkrishnan) (Also fixes #1161) - Add
--disable-repo-lockingflag. (#1340 by @gezb) (Closes #1212) - Pass atlantis/apply when there are no plans (#1323 by @raxod502-plaid)
- Update terraform version to 0.14.5
- Fix bug with error messaging and incorrect casting (#1327 by @acastle)
- Fix bug where .auto.tfvars.json files were being ignored in 0.16.0 (Fixes #1330 by @gekO)
- Fix Azure DevOps automerge by dynamically fetching user id (Fixes #1152 by @tapaszto)
- Replace slack GetChannels with GetConversations due to API deprecation (Fixes #1210 by @thlacroix)
- Set TF_WORKSPACE for remote runs to target correct workspace (Fixes #661 by @m1pl)
- Fix for restricting what workflows each repo has access to without exposing custom workflow definitions (Fixes #1358 by @netguino)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.14.5. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.16.0...v0.16.1
Feature release with some new flags and bugfixes.
This release is thanks to our new Atlantis maintainer team:
- Allow configuring number of concurrent plans/applies via new
-parallel-pool-sizeflag (#1177 by @dmattia) - Add new flag
-disable-applythat will disable the ability to run all applies (#1230 by @gezb) - This release will release with an arm64 binary (#1291 by @pgroudas)
- Add
pre_workflow_hookssteps to allow for running custom scripts before workflow execution (#1255 by @msarvar) - Update default Terraform version to 0.14.3
- Fix bug checking for up to date branches when using GitHub App installation and
-checkout-strategy=merge(Fixes #1236 by @nishkrishnan) - Fix version detection for versions with prereleases when running Terraform >= 0.12.0 (Fixes #1276 by @acastle)
- Fix bug detecting Terraform files (#1253 by @surminus)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.14.3. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.15.1...v0.16.0
Bugfix release.
- Fix
required_versiondetection not working for Terraform 0.13.0 (#1153 by @joerx) - Fix editing comments on draft PRs causing plan to re-run (#1194)
- Fix Azure DevOps apply status checks not working (#1172 by @acastle)
- Fix checkout-strategy=merge not working when using the GitHub app installation (#1193 by @nishkrishnan)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.13.4. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.15.0...v0.15.1
Relatively small release with some bugfixes and a couple of features. Also sets default Terraform version to 0.13.0.
- Bump default Terraform version to 0.13.0
- Retry GitHub calls to prevent 404 issues (#1019)
- Update GitLab library to handle rate limiting issues (#1142 by @LAKostis)
- Alpine version n Docker image is now 3.12 (up from 3.11) (#1136 by @lazzurs)
- Add new flag
--skip-clone-no-changesthat will skip cloning the repo during autoplan if there are no changes to Terraform projects. This will only apply for GitHub and GitLab and only for repos that haveatlantis.yamlfiles. (#1158 by @cucxabong) - Add new flag
--disable-autoplanthat will globally disable autoplanning. (#1159 by @ValdirGuerra)
- Fix
--hide-prev-plan-commentsbug (#1009 by @goodspark) - Fix comment splitting bug (#1109 by @crainte)
- Fix Azure DevOps bug when cloning a repo with spaces in its name (#1079 by @mcdafydd)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.13.0. Simply set the above flag to your desired default version to avoid any issues. --repo-whitelistis now deprecated in favour of--repo-allowlist. The previous flag will still work.
https://github.com/runatlantis/atlantis/compare/v0.14.0...v0.15.0
This release brings a big new feature: the ability to install Atlantis as a GitHub App! Thanks to @unRob for this amazing feature.
- Support installation via a GitHub App. See https://www.runatlantis.io/docs/access-credentials.html#github-app for instructions. (#1088 by @unRob)
- Add new
atlantis unlockcommand that can be run on pull requests to discard all plans and unlock all projects associated with that PR. (#1091 by @parmouraly) - Add debug-level logging for GitHub calls (#1042 by @cket)
- The repo-relative directory is now available in custom workflows via the environment variable
REPO_REL_DIR(#1063 by @llamahunter) - Upgrade the default Terraform version to 0.12.27.
- Update jQuery to 1.5.1 to fix a security issue with the older version.
- Update
gosuin the Atlantis Docker image to 1.12 (#1104 by @lazzurs) - Ignore changes to
.tflint.hcl(#1075 by @unRob)
--write-git-credentialsnow works with Azure DevOps (#1070 by @markbrennan)- Partly fix
--hide-prev-plan-commentson GitHub Enterprise (#1072 by @goodspark) - Fix bug where Atlantis would auto-merge a PR if
applywas run after the locks were discarded (Fixes #1006 by @parmouraly) - Fix bug when using
--hide-prev-plan-commentswhere if a plan output was split across multiple comments only the first comment would get hidden (Fixes #1021 by @crainte)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.27. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.13.0...v0.14.0
This release enables support for running plans and applies in parallel only when using Terraform workspaces. It also enables graceful shutdown for Atlantis where it waits for in-progress plans and applies to complete. See below for the complete list.
-
Upgrade default Terraform version in Docker image to 0.12.26.
-
Add support for parallel plans and applies (#926 by @Fauzyy)
Running in parallel is only supported if you're using workspaces to separate your projects. Projects in separate directories can not be run in parallel currently. To use, set
parallel_plan: true parallel_apply: true
In your repo-level
atlantis.yamlfile. -
Add support for graceful shutdown (#1051 by @benoit74). When Atlantis receive a SIGINT or SIGTERM it won't shut down immediately. It will wait for in-progress plans and applies to complete. Any new actions, e.g. comments or autoplans will be refused and an error comment will be posted to the PR indicating that Atlantis is shutting down and the user should try again later.
In addition, a new
/statusendpoint has been added that currently only returns the number of in-progress operations and whether the server is shutting down. -
GitHub: A new flag
--allow-draft-prshas been added that will re-enable the ability for users to run plan and apply on GitHub draft PRs. This ability was removed in v0.12.0. (#1053 by @cket) -
GitHub: Preserve original commit message when automerging (#1049 by @pratikmallya).
This change removes the
[Atlantis] Automatically merging after successful applycommit message and instead has GitHub autogenerate the commit message similarly to how it would when you click the "Merge" button in the UI. -
Change log level for HTTP requests from INFO to DBUG, e.g.
2020/05/26 12:16:20+0000 [INFO] server: GET /healthz – respond HTTP 200 2020/05/26 12:16:36+0000 [INFO] server: GET /healthz – from <IP>(#1056 by @tammert)
-
GitLab: Use correct link to merge requests (previously used
#<num>instead of!<num>) (#1059 by @EppO)
- Azure DevOps: Project links link to pull requests now (Fixes #957 by @mcdafydd)
- GitHub: Release locks when GitHub draft PRs are closed (#1038 by @andrewring)
- Ensure git-lfs is in our Docker image (Fixes #1054)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.26. Simply set the above flag to your desired default version to avoid any issues. - HTTP requests are now logged as DBUG instead of INFO to reduce log spam. If you
still want to see these logs you must run with
--log-level=debug. - Atlantis will no longer immediately shutdown when it receives a SIGINT or SIGTERM, it will now wait for in-progress plans and applies to complete. To stop Atlantis without waiting, send a SIGKILL.
https://github.com/runatlantis/atlantis/compare/v0.12.0...v0.13.0
This release contains one much-awaited GitHub-only feature: the ability to hide previous
plan comments with the --hide-prev-plan-comments flag. It also contains
a host of other small features and fags.
- GitHub: Add
--hide-prev-plan-commentsflag. When set, previous plan comments will be marked as outdated in GitHub's UI. This collapses them making a PR with lots of plan comments easier to read. (#994 by @goodspark) - GitHub: Ignore draft PRs until they're changed to "ready for review". (#977 by @cket)
- Upgrade default Terraform version in Docker image to 0.12.24.
- Set
as_userparam when sending slack notifications so the message is decorated appropriately (#907 by @tmcevoy14) - Add Git LFS support (#872 by @remilapeyre)
- Add
--silence-vcs-status-no-plansflag that silences VCS commit status when autoplan finds no projects to plan. When set, Atlantis won't create any VCS statuses if there no projects to plan. (#959 by @cket) - Add
--disable-markdown-foldingflag that disables folding for long plan/apply outputs. (#960 by @mhumeSF) - Ignore casing when setting log levels, e.g.
--log-level=INFOnow works. (#976 by @jpreese) - Azure DevOps: Add policy checking. (#984 by @jpreese)
- Upgrade boltdb to latest maintained version. (#992 by @amasover)
- Azure DevOps: Prevent pull request updated events from triggering autoplan when the event was caused by a change in approvals. (Fixes #946 by @mcdafydd)
- GitHub draft PRs are now ignored until they're marked "ready for review" and opened as regular PRs.
**NOTE: ** This functionality was added back in Atlantis v0.13.0 via the
--allow-draft-prsflag. - If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.24. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.11.1...v0.12.0
Using the latest Alpine Docker image (3.11) to mitigate some vulnerabilities in that image.
- Use Alpine 3.11 to mitigate:
- CVE-2019-5482:
curl <7.66.0-r0https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482 - CVE-2019-5481:
curl <7.66.0-r0https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481 - CVE-2019-15903:
expat <2.2.7-r1andgit <2.22.0r0https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 - CVE-2018-20843:
expat <2.2.7-r0andgit <2.22.0-r0https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 - CVE-2019-14697:
musl <1.1.22-r3https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697
- CVE-2019-5482:
https://github.com/runatlantis/atlantis/compare/v0.11.0...v0.11.1
Small release with a couple new config flags from contributors.
- Upgrade default Terraform version in Docker image to 0.12.19.
- Add new
--tf-download-urlflag to allow overriding the default download base URL ofhttps://releases.hashicorp.com. (#787 by @cullenmcdermott) - Add new
--vcs-status-nameflag to allow configuring the name Atlantis uses for its PR statuses. Useful if running multiple Atlantis servers on the same repo. (#841 by @js-timbirkett) - Add new
--silence-fork-pr-errorsflag to silence errors from fork PRs in orgs that use fork PRs for non-terraform changes. (#885 by @kinghrothgar)
- Fix Atlantis Dockerfile subcommand detection (Fixes #870 by @sparky005)
- Fix
--write-git-credscommand for BitBucket modules (Fixes #873 by @ImperialXT) - Fix issue where Atlantis was failing on Azure DevOps PRs with branch protection (Fixes #880 by @mcdafydd)
- Fix issue where project's set with an absolute dir, e.g.
dir: /a/b/cwould actually use that directory instead of making it relative to the reo root (Fixes #849). - Fix issue where changes to
terragrunt.hclfiles weren't being detected when usingatlantis.yamlfiles (Fixes #803 by @JoshiiSinfield)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.19. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.10.2...v0.11.0
Some small features in this release and some bug fixes.
- Exclusions are now supported in
when_modifiedconfig so you can ignore changes in files that you don't want to trigger plan on. - Emojis are now supported in Azure DevOps 🎉.
- Upgrade Terraform in Docker image to 0.12.16.
- Add support for kustomize (#785 by @tobbbles)
- Use emojis in comments for Azure DevOps (#863 by @mcdafydd)
- Allow exclusions to be specified in
when_modified, e.g.when_modified: ["!this-file.tf"](#847 by @leonsodhi-lf) - When using
--checkout-strategy=mergewarn users if the branch they're merging into has been updated (#804 by @MRinalducci)
- Support
/in branch names for Azure DevOps (Fixes #835 by @mcdafydd) - Fix bug where a server-side workflow with the name "default" wasn't being used (Fixes #860)
- Fix GitLab error due to API updates (Fixes #864)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.16. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.10.1...v0.10.2
Small release that is built using Go 1.13.3 to mitigate a CVE (https://99designs.ca/blog/engineering/request-smuggling/).
- Error out when user has an atlantis.yml file (wrong extension, needs .yaml) (#816 by @mdcurran)
None
If you had an atlantis.yml file (note the .yml extension), previously Atlantis ignored it.
Now it will error to warn you that it's not being used.
https://github.com/runatlantis/atlantis/compare/v0.10.0...v0.10.1
Lots of new features in this release: Azure DevOps support, automatic Terraform version detection and private module cloning support. All by community contributors!
- Support for Azure DevOps (719 by @mcdafydd)
- Support detecting Terraform version from
terraform { required_version = "=<version>" }block (#789 by @kennethtxytqw) - Improve
--write-git-credscommand so that it supports ssh private modules (#799 by @ImperialXT) - Default TF version is now 0.12.12
- Logo is now bigger on locks listing (#783 by @Nuru)
- Fix error when using GitLab with the "Delete source branch" setting (Fixes #760)
- Fix repo whitelist when using wildcard in the middle, ex.
github.com/*-something(Fixes #692 by @dedamico)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.12. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.9.0...v0.10.0
This release contains a new step for custom workflows called env. It allows
users to set environment variables statically and dynamically for their workflows:
workflows:
env:
plan:
steps:
- env:
name: STATIC
value: set-statically
- env:
name: DYNAMIC
command: echo set-dynamically
- run: echo $STATIC $DYNAMIC # outputs 'set-statically set-dynamically'- New
envstep in custom workflows (#751) - New flag
--write-git-credshelps Atlantis support private module sources. (#711) - Upgrade Terraform to 0.12.7 in our base Docker image.
- Support for Terragrunt > 0.19.0 (#748)
- The directory where Atlantis downloads Terraform binaries is now in the PATH of custom workflows (#678)
dumb-initandgosuupgraded in our Docker image (#730)
- The Terraform version specified in
terraform_versionis now downloaded even if there are only custom steps (Fixes #675)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.7. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.8.3...v0.9.0
This release contains an important security fix in addition to some fixes and changes for Terraform Cloud/Enterprise users. It's highly recommended that all Atlantis users upgrade to this release. See the Security section below for more details.
- Additional arguments specified in Atlantis comments, ex.
atlantis plan -- -var=foo=barare now escaped before being appended to the relevant Terraform command. (Fixes #697). Previously, a comment likeatlantis plan -- -var=$(touch foo)would execute thetouch foocommand because the extra arguments weren't being escaped properly. This means anyone with comment access to an Atlantis repo could execute arbitrary code. Because of the severity of this issue, all users should upgrade to this version. - Upgrade to latest version of Alpine Linux in our Docker image to mitigate vulnerabilities found in libssh2. (Fixes #687)
- Upgrade Terraform to 0.12.3 in our base Docker image.
- Additional arguments specified in Atlantis comments, ex.
atlantis plan -- -var=foo=barare now available in custom run steps as theCOMMENT_ARGSenvironment variable. (Fixes #670) - A new flag
--tfe-hostnameis available for specifying a Terraform Enterprise private installation's hostname when using the remote backend integration. (#706)
- Parse Bitbucket Cloud pull request rejected events properly. (Fixes #676)
- Terraform >= 0.12.0 works with Terraform Cloud/Enterprise remote operations. (Fixes #704)
- If you were previously relying on being able to execute code in the additional
arguments of comments, ex.
atlantis plan -- -var='foo=$(echo $SECRET)'this is no longer possible. Instead you will need to write a custom workflow with a custom step or the extra_args config. - If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.3. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.8.2...v0.8.3
Small bugfix release for Bitbucket Cloud users running with "require mergeable".
- Update default Terraform version to 0.12.1.
- Include directory in Slack message (#660).
- Atlantis would not allow applies for all Bitbucket Cloud pull requests if running with "require mergeable" even if the pull request was mergeable due to an API change. (Fixes #672)
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12.1. Simply set the above flag to your desired default version to avoid any issues.
https://github.com/runatlantis/atlantis/compare/v0.8.1...v0.8.2
Small bugfix release for Bitbucket Cloud users running with require approval.
None
- Atlantis would panic when checking if pull requests were approved for Bitbucket Cloud due to an API change. (Fixes #652)
None
https://github.com/runatlantis/atlantis/compare/v0.8.0...v0.8.1
This release upgrades the default version of Terraform to 0.12.
If you're running Atlantis with the --default-tf-version flag set (which
you always should) then this won't affect you at all.
- Upgrade default Terraform version to 0.12
- Add new
--disable-apply-allflag that disables runningatlantis applywithout any flags. (#645)
None
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-versionflag then the default version of Terraform will now be 0.12. Simply set the above flag to your desired default version of Terraform and 0.12 won't be used.
https://github.com/runatlantis/atlantis/compare/v0.7.2...v0.8.0
Small release containing an important security fix and some bugfixes.
None
- Atlantis would post its Git credentials as pull request comment and in logs if the git clone failed. (Fixes #615)
- Atlantis would comment the same output twice during errors of custom run steps. (Fixes #519)
atlantis testdrivehad unreadable output on solarized terminals. (Fixes #575)
None
https://github.com/runatlantis/atlantis/compare/v0.7.1...v0.7.2
Small bugfix release to fix an issue when using --checkout-strategy=merge.
PROJECT_NAMEis now available as an environment variable to customrunsteps. (#578)
- Fix deleting unapplied plans when
--checkout-strategy=mergeis used. (Fixes #582)
None
https://github.com/runatlantis/atlantis/compare/v0.7.0...v0.7.1
This release implements Server-Side Repo Config which allows users to write
atlantis.yaml-style config on the server rather than in individual repos.
The Server Side config also allow Atlantis operators to control what individual
repos can do in their atlantis.yaml files. Read docs for more details.
- Server-Side Repo Config. Read docs
and use cases for full details. (#47)
- New flag
atlantis serverflag--repo-configfor specifying the repo config file . - New flag
--repo-config-jsonfor specifying the repo config as a JSON string instead of having to write a config file to disk. - All repos can now create
atlantis.yamlfiles to configure their projects, however by default, those files can't create custom workflows or set Apply Requirements.
- New flag
- New version
3ofatlantis.yamlfixes a small issue with how we were parsing customrunsteps. Previously we were doing additional parsing which caused some users to have to add extra escaping to their commands. Now this is no longer required. See the Backwards Compatibility section for more details.
- Fix bug where running
atlantis applyto apply all outstanding plans wouldn't work if you had more than one project defined in the exact same directory and workspace. (Fixes #365)
-
The server-side config changes are fully backwards compatible. The biggest difference is that all repos can now create
atlantis.yamlfiles, but without being able to create custom workflows or set apply requirements. This will allow users to configure their projects, workspaces and terraform versions at a repo level without enabling those repos to run custom code or circumvent apply requirements set server-side. -
atlantis.yamlhas a new version3. If you continue to use version2, you will experience no changes. If you want to upgrade to version3, then if you're not using any customrunsteps in your workflows you can upgrade the version number without additional changes.If you are using
runsteps, check our upgrade guide to see if you need to make any changes before upgrading. -
Flags
--require-approval,--require-mergeableand--allow-repo-configare deprecated in favour of creating a server-side repo config file that applies the same configuration. If you runatlantis serverwith those flags, a deprecation warning will be printed telling you what server-side config is recommended instead. -
If you have projects configured with the same directory and workspace (which means you're probably using the
-backend-configflag) and their names contain/'s, then you'll have to re-runatlantis planafter upgrading if you had any unapplied plans.An example of what config would mean you need to re-plan:
projects: - name: name/with/slashes dir: samedir workflow: a - name: another/with/slashes dir: samedir workflow: b a: plan: steps: - run: rm -rf .terraform - init: extra_args: [-backend-config=staging.backend.tfvars] - plan b: plan: steps: - run: rm -rf .terraform - init: extra_args: [-backend-config=staging.backend.tfvars] - plan
https://github.com/runatlantis/atlantis/compare/v0.6.0...v0.7.0
This release introduces a new flag --default-tf-version=<version> that allows users
to set the version of Terraform that Atlantis defaults to. Atlantis will automatically
download that version on startup so users don't need to build their own custom
Docker images.
Atlantis will also now automatically download any Terraform version specified in
atlantis.yaml:
version: 2
projects:
- dir: .
terraform_version: v0.12.0-beta1 # Will be downloaded automatically.- New flag:
--default-tf-version=<version>will cause Atlantis to automatically download and use that version of Terraform by default. Atlantis will also automatically download terraform versions specified inatlantis.yamlvia theterraform_versionconfig key. (#538) - New status check names mean that the Atlantis checks will appear together (at least on GitHub). (#545)
- Upgrade base Docker image to use Alpine 3.9. Alpine 3.9 mitigates CVE-2018-19486. (#541)
None
-
Our Docker image
runatlantis/atlantishas Terraformv0.11.13now. If you use the new flag--default-tf-version=<desired version>then you won't be affected by this change (nor for subsequent version upgrades). -
The Atlantis status checks have been renamed from what they looked like in
v0.5.*. Previously the names were:plan/atlantisandapply/atlantis. Now the names areatlantis/planandatlantis/apply.This change will only affect you if you're requiring those status checks to pass via a setting in your Git host (ex. via GitHub protected branches). If so, you'll need to change your settings to require the new names to pass and un-require the old names.
If you were on a version lower than
v0.5.*then read the backwards compatibility notes for release0.5.0.NOTE from the maintainer: I take backwards compatibility seriously and I apologize that the status checks are changing again so soon after the 0.5 release also changed them. I know that if you have many repos and require the checks to pass that it is a large task to change them all again.
In this case, I decided that the tradeoff was worth it because the 0.5 release has only been out for a couple of weeks so hopefully not everyone has upgraded to it. The new check names makes them a lot easier to read (at least on GitHub) because they appear next to each other now due to alphabetical sorting. In this case I felt like it was better to get this change done as soon as possible rather than having this annoying UX issue stay around forever.
https://github.com/runatlantis/atlantis/compare/v0.5.1...v0.6.0
This is a bugfix release to fix a bug where Atlantis was replying to comments that weren't directed to it.
Diff: https://github.com/runatlantis/atlantis/compare/v0.5.0...v0.5.1
- On Bitbucket Cloud and Server, Atlantis now responds if it's invoked with the username it's running under, ex. @my-bb-atlantis-user. This is the same functionality as GitHub and GitLab. (#534)
- Atlantis ignore comments that aren't addressed to it. (Fixes #533)
- On Bitbucket Cloud and Server, Atlantis now responds if it's invoked with the username it's running under, ex. @my-bb-atlantis-user. This is the same functionality as GitHub and GitLab.
This release has two big features: New Status Checks and Terraform Enterprise Integration.
New Status Checks:
The new status checks split the old status check into plan and apply phases.
Each check now tracks the status of each project modified in the pull request.
For example if two projects are modified, the plan check might read:
2/2 projects planned successfully.
And the apply check might read:
0/2 projects applied successfully.
Users can now use their Git host's settings to require these checks pass before a pull request is merged and be confident that all changes have been applied (for example).
Terraform Enterprise Integration:
Atlantis now integrates with the Terraform Enterprise (TFE)
via the remote backend.
Atlantis will run terraform commands as usual, however those commands will
actually be executed remotely in Terraform Enterprise.
Using Atlantis with Terraform Enterprise gives you access to TFE features like:
- Real-time streaming output
- Ability to cancel in-progress commands
- Secret variables
- Sentinel Without having to change your pull request workflow.
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.15...v0.5.0
- Split single status check into one for
planand one forapply(see above). - Support using Atlantis with Terraform Enterprise via remote operations (see above).
- Add
USER_NAMEenvironment variable for custom steps to use. (#489) - Support Bitbucket Cloud's upcoming API deprecations. (#502)
- Support Bitbucket Server hosted at a basepath, ex.
bitbucket.mycompany.com/pathprefix(Fixes #508)
- Allow Bitbucket Server diagnostics checks. (Fixes #474)
- Fix automerge for Bitbucket Server. (Fixes #479)
- Run
terraform initwith-upgrade. (Fixes #443) - If a pull request is deleted in Bitbucket Server, delete locks. (Fixes #498)
- Support directories with spaces, ex
atlantis plan -d 'dir with spaces'. (Fixes #423) - Ignore Terragrunt cache directories that were causing duplicate applies. (Fixes #487)
- Fix
atlantis testdrivefor latest version of ngrok.
-
New Status Checks - If you have settings in your Git host that require the Atlantis commit status check to be in a certain condition, you will need to modify that setting as follows:
Previously, Atlantis set a single check with the name
Atlantis. Now there are two checks with the namesplan/atlantisandapply/atlantis. If you had previously required theAtlantischeck to pass, you should now require both theplan/atlantisandapply/atlantischecks to pass.The behaviour has also changed. Previously, the single Atlantis check would represent the status of the last run command. For example, if I ran
atlantis planand it failed, the check would be in a Failed state. If I ranatlantis apply -p project1and it succeeded, then the check would be in a Success state, regardless of the status of other projects in the pull request.Now, each check represents the plan/apply status of all projects modified in the pull request. For example, say I open up a pull request that modifies two projects, one in directory
proj1and the other inproj2. If autoplanning is enabled, and both plans succeed, then there will be a single status check:plan/atlantis - 2/2 projects planned successfully(success)
If I run
atlantis apply -d proj1, then Atlantis will set a pending apply check:plan/atlantis - 2/2 projects planned successfully(success)apply/atlantis - 1/2 projects applied successfully(pending)
If I apply the final project with
atlantis apply -d proj2, then my checks will look like:plan/atlantis - 2/2 projects planned successfully(success)apply/atlantis - 2/2 projects applied successfully(success)
-
terraform initis now run with-upgrade=true. Previously, it used Terraform's default setting which wasfalse.This means that
terraformwill always update to the latest version of plugins and modules. For example, if you're using a module source ofsource = "git::https://example.com/vpc.git?ref=master"
then
terraform initwill now always use the version onmasterwhereas previously, if you had already runatlantis planbeforemasterwas updated, a newatlantis planwouldn't pull the latest changes and would just use the cached version.This is unlikely to cause any issues because most users already expected Atlantis to use the most up-to-date version of modules/plugins within the set constraints.
This is a bugfix release containing an important fix to how Atlantis executes Terraform. A bug was introduced in v0.4.14 that causes Atlantis to hang indefinitely when executing Terraform when there is a lot of output from Terraform.
In addition, there's a fix to automerge when you require rebasing or commit squashing in GitHub and a fix for the mergeability check if you're requiring the Atlantis status to pass in GitHub.
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.14...v0.4.15
None – this is a bugfix release.
- Atlantis hangs on large plans. (Fixes #474)
- Automerge now works on GitHub if you require a rebase or squash merge. (#466)
- Automerge now works on Bitbucket if previously you were getting XSRF errors. (Fixes #465)
- Requiring
mergeablenow works on GitHub if you are also requiring the Atlantis status to pass before merging. (Fixes #453)
None
WARNING: This release contains a bug that causes Terraform execution to stall on large infrastructures. Please use v0.4.15 instead.
This release contains two big new features: Automerge and Checkout Strategy.
Automerge is a much asked for feature that allows Atlantis to automatically
merge your pull requests if all plans have been applied successfully.
It can be enabled via the --automerge flag, or via an atlantis.yaml setting:
version: 2
automerge: true
projects:
- ...Checkout Strategy allows you to choose if Atlantis checks out the exact branch
from the pull request or what the destination branch will look like once the pull
request is merged. You can choose your checkout strategy via the --checkout-strategy
flag which supports branch (the default) or merge.
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.13...v0.4.14
- Can now be configured to automatically merge pull requests after all plans have been applied. See https://www.runatlantis.io/docs/automerging.html. (Fixes #186)
- New
--checkout-strategyflag which supports checking out the code as it will look once the pull request was merged. Previously we only supported checking out the pull request branch which might be out of date with the destination branch and so cause Terraform to delete resources that have already been applied. See https://www.runatlantis.io/docs/checkout-strategy.html. (Fixes #35 - Support Terraform 0.12 by version detection and then changing how Atlantis runs its Terraform commands. (#419)
- New
--tfe-tokenflag to support using Terraform Enterprise's Free Remote State Storage. (#419)
- Run plan in directory when file is moved. (Fixes #413)
- Fix bug where when Terraform crashed, Atlantis would hang indefinitely. (#421)
None
The release downloads have been deleted because this release contains a critical bug
The release downloads have been deleted because this release contains a critical bug
This release is focused on quick-wins, bugfixes and one new feature that allows
users to require pull requests be "mergeable", before allowing for atlantis apply.
The mergeable apply requirement is very useful for GitHub users where it allows them to require pull requests be approved by specific users or require certain status checks to pass. See https://www.runatlantis.io/docs/apply-requirements.html#mergeable for more information.
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.12...v0.4.13
-
Introduce a new (optional)
mergeableapply requirement that requires pull requests to be mergeable prior to allowingapplyto run. (Fixes #43) -
If users have workspaces configured for a directory via an
atlantis.yamlfile, only allow commands to be run on those workspaces. All commands attempted to be run on different workspaces will error out.For example, if I have an
atlantis.yamlfile:version: 2 projects: - dir: mydir workspace: default - dir: mydir workspace: staging
Then I can run
atlantis apply -d mydir -w defaultandatlantis apply -d mydir -w stagingbut I will receive an error if I runatlantis apply -d mydir -w somethingelse. -
If users are setting the
namekey for their projects inatlantis.yaml, then include the project name in the comment output so it's easier to identify which plan/apply output is for which project. (Fixes #353)) -
Bump the Terraform version in the Docker image to
0.11.11. -
Tweak logging to add timezone to the timestamp and make the output more readable. (#402)
-
Warn users if running
atlantis apply -- -target=myresourcebecause-targetcan only be specified duringatlantis plan. (Fixes #399)
- If
terraform planreturns an error, print the error to the pull request. (#381) - Split Bitbucket Server comments into multiple comments if over the max size. (Fixes #280)
- Fix issue where if users specified
--gitlab-hostnamewithout a scheme then Atlantis wouldn't parse the URL correctly. (#377) - Give better error message if GitLab users are commenting on commits instead of a merge request. (Fixes #150, #390)
- If an error occurs early in request processing, comment that error back on the pull request. Previously, we were commenting back on errors but not for errors very early in the processing. (Fixes #398)
-
The version of Terraform installed in the
runatlantis/atlantisDocker image is now0.11.11. Previously it was0.11.10. -
If you are a) using an
atlantis.yamlfile and b) defining Terraform workspaces and c) running plan and apply against workspaces that were not defined in theatlantis.yamlfile, then this no longer works.You will now need to define all the workspaces in the
atlantis.yamlfile. For example, say you had the following config:version: 2 projects: - dir: mydir workspace: production
And you used to run:
atlantis plan -d mydir -w anotherworkspace atlantis apply -d mydir -w anotherworkspaceFor this to work now, you need to add the
anotherworkspaceworkspace to youratlantis.yamlfile:version: 2 projects: - dir: mydir workspace: production - dir: mydir workspace: anotherworkspace
Small feature and bug fix release. If you're using GitLab <11.1 then your comment formatting is fixed!
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.11...v0.4.12
- Atlantis can now be hosted behind a path-based router and its UI will still
render correctly. For example, you could host atlantis at mydomain.com/mypath,
then run
atlantis server --atlantis-url https://mydomain.com/mypathand when atlantis renders its UI, all the URLs will have the/mypathprefix so the UI renders properly. (Fixes #213) - Log warning if GitLab hostname isn't resolvable. (Fixes #359)
- Support running our official Docker image
runatlantis/atlantison OpenShift. OpenShift runs images with random uids so we needed to build in support for that. (Fixes #345)
- If the output is too long for a single GitHub comment, maintain formatting when splitting into multiple comments. (Fixes #111)
- Fix bug with using the pagination API in BitBucket. (#354)
- If using GitLab < 11.1 then don't use expandable markdown comments. (Fixes #315)
- Fix output from custom steps that came before the plan step from being removed. (#367)
We made changes to the base image (runatlantis/atlantis-base) that
runatlantis/atlantis is built off of. These changes should not affect your
running of atlantis unless you're building your own custom images and were relying
on specific user permissions. Even then we don't anticipate any problems.
These are the changes in detail:
-
Previously, the permissions of
/home/atlantiswere:$ ls -la /home/atlantis/ drwxr-sr-x 2 atlantis atlantis 4096 Sep 13 22:49 .Now they are:
$ ls -la /home/atlantis/ drwxrwxr-x 2 atlantis root 4096 Nov 28 21:22 .- The directory is now owned by the
rootgroup. - Its group permissions now include
wandx.
This was needed because OpenShift runs Docker images as random uid's under the root group and so now those random uid's can use
/home/atlantisas their data directory. - The directory is now owned by the
-
Previously, the
atlantisuser was only part of its own group:$ gosu atlantis sh $ whoami atlantis $ groups atlantis
Now it's also part of the
rootgroup:$ gosu atlantis sh $ groups atlantis root
-
Previously, the permissions for
/etc/passwdwere:$ ls -la /etc/passwd -rw-r--r-- 1 root root 1284 Sep 13 22:49 /etc/passwd
Now the permissions are:
$ ls -la /etc/passwd -rw-rw-r-- 1 root root 1284 Nov 28 21:22 /etc/passwd
The
wgroup permission was added so that in OpenShift, the random uid can write their own login entry (https://github.com/runatlantis/atlantis/blob/main/docker-entrypoint.sh#L28) which is required becauseterraformexpects the running user to have an entry in/etc/passwd.
Medium sized release that updates the Terraform version and makes terraform plan
output smaller by removing the Refreshing... output.
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.10...v0.4.11
- Upgraded Docker image to use Terraform 0.11.10
terraform planoutput is shorter now thanks to remove theRefreshing...output (#339)- Project names specified in
atlantis.yamlcan now contain/'s. This is useful if you want to name your projects similar to the directories they're in. (Fixes #253) - Added new flag
--silence-whitelist-errorswhich prevents Atlantis from comment back on pull requests from non-whitelisted repos. This is useful if you want to add the Atlantis webhook to a whole organization and then control which repos are actioned on via the whitelist. (Fixes #312) - The message when the project is locked is now more helpful. (#336)
- Run
terraform planwith-var atlantis_repo_owner=runatlantis -var atlantis_repo_name=atlantis -var atlantis_pull_num=10(if the repo was runatlantis/atlantis) (#300)
- Quote plan filenames so that Bitbucket projects with spaces in their names still work (Fixes #302)
-
Atlantis now runs
terraform planwith-var atlantis_repo_owner=runatlantis \ -var atlantis_repo_name=atlantis \ -var atlantis_pull_num=10
(in this example the repo that Atlantis is running on is runatlantis/atlantis).
If you were using those variables in your terraform code:
variable "atlantis_repo_owner" { default = "my_default" }
Then Atlantis will be overriding those variables with its own values. To prevent this, you need to rename your variables.
If you aren't using those variables then this change won't affect you.
Small bugfix release to fix issues with new comment format.
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.9...v0.4.10
None
- Fix bad comment rendering (#294)
- Fix
plannot working on Bitbucket Server when repo owner contains spaces (#290)
None
This release is mostly focused on changing how comments look. Terraform output
is now automatically hidden if it's over 12 lines long:
Also the red and green highlighting for added and removed resources is fixed:
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.8...v0.4.9
- Terraform output over 12 lines is hidden in comment until expanded
terraform planoutput is highlighted correctly- Terraform is now executed with
-var atlantis_repo={repo name} -var atlantis_pull_num {pull num}. This will allow users to trace Atlantisterraformexecutions in CloudTrail back to a specific user and pull request if using assume role by creating a specific name for the session Terraform initiates.
provider "aws" {
assume_role {
role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
session_name = "${var.atlantis_user}-${var.atlantis_repo}-${var.atlantis_pull_num}"
}
}
- Run terraform with
-input=false(#268).
- We set two new Terraform variables:
atlantis_repoandatlantis_pull_num. If you were using variables with those names in your code you will need to rename them in your code.
Security release to upgrade the Docker image to the latest version of Alpine linux that fixes this bug: https://justi.cz/security/2018/09/13/alpine-apk-rce.html
Diff: https://github.com/runatlantis/atlantis/compare/v0.4.7...v0.4.8
None
- Change server startup message to INFO from WARN level.
None
Support GitLab repos nested under multiple levels and use the latest version of Terraform: 0.11.8!
- Support GitLab groups which allow repos to be nested under multiple levels,
ex.
gitlab.com/owner/group/subgroup/subsubgroup/repo - Use latest version of Terraform: 0.11.8 in Docker image
- When running with
TF_LOGset, Atlantis will start normally. Previously it would error out due to attempting to parse the stderr output of theterraform versioncommand.
None
Just a small bugfix release.
None
- If
terraform initfails, include the failure logs in the comment posted back to the PR.
None
atlantis applynow applies all unapplied plans instead of just the plan in the root directory. (#169)atlantis plannow plans all modified projects instead of just the root directory.- Plan comments now contain instructions for how to run apply or re-run plan.
- Ignore approvals from the pull request author (Bitbucket Cloud only). Fixes (#201)
- When double clicking on a GitHub comment, ex.
GitHub would add two newlines to the end. If this was then pasted into a new comment, Atlantis would accept it because of the extra newlines. This has been fixed and the comment with two newlines will be accepted.
atlantis apply
atlantis applynow applies all unapplied plans. Previously it would only apply the plan in the root directory and default workspace.atlantis plannow plans all modified projects. Previously it would only run plan in the root directory and default workspace.
- Supports Bitbucket Server (#190).
- Fix
/etc/hostsnot being respected (#196).
None
- Supports Bitbucket Cloud (bitbucket.org) (#30).
None
None
- Don't comment on pull request if autoplan determines there are no projects to plan in. This was getting very noisy for users who use their repos for more than just Terraform (#183).
None
None
- Add new
/healthzendpoint for health checking in Kubernetes (#102) - Set
$PLANFILEenvironment variable to expected location of plan file when running custom steps (#168)- This enables overriding the command Atlantis uses to
planand substituting your own or piping through a custom script.
- This enables overriding the command Atlantis uses to
- Changed default pattern to detect changed files to
*.tf*from*.tfin order to trigger on.tfvarsfiles.
None
None
- Autoplanning - Atlantis will automatically run
planon new pull requests and when new commits are pushed to the pull request. - New repository
atlantis.yamlformat that supports:- Complete customization of plans run
- Single config file for whole repository
- Controlling autoplanning
- Moved docs to standalone website from the README.
- Fixes:
- The old
atlantis.yamlconfig file format is not supported. You will need to migrate to the new config format, see: https://www.runatlantis.io/docs/upgrading-atlantis-yaml.html - To use the new config file, you must run Atlantis with
--allow-repo-config. - Atlantis will now try to automatically plan. To disable this, you'll need to create an
atlantis.yamlfile as follows:
version: 2
projects:
- dir: mydir
autoplan:
enabled: falseatlantis applyno longer applies all un-applied plans but instead applies only the plan in the root directory and default workspace. This will be reverted in an upcoming releaseatlantis planno longer plans in all modified projects but instead runs plan only in the root directory and default workspace. This will be reverted in an upcoming release.
None
- If the
TF_LOGenvironment variable is set, should still be able to start. Previouslyatlantis serverwould exit immediately because it couldn't parse the output ofterraform version.
None
- Rename
atlantis bootstraptoatlantis testdriveto make it clearer that it doesn't set up Atlantis for you. Fixes (#129). - Atlantis will now comment on a pull request when a plan/lock is discarded from the Atlantis UI. Fixes (#27).
- Fix issue during
atlantis bootstrapwhere ngrok tunnel took a long time to start. Atlantis will now wait until it sees the expected log entry before continuing. Fixes (#92). - Fix missing error checking during
atlantis bootstrap. (#130).
atlantis bootstraprenamed toatlantis testdrive
- None
- Fix GitLab approvals not actually checking approval (#114)
- None
- Terraform 0.11.7 in Docker image
- Docker build now verifies terraform install via checksum
- None
- None
--repo-whitelistis now case insensitive. Fixes (#95).
- None
atlantis server -hhas newlines between flags so it's easier to read (#91).
atlantis bootstrapuses a custom ngrok config file so it should work even if the user is already running another ngrok tunnel (#93).
- None
- Log a warning if unable to update commit status. (#84)
- None
This release delivers some speed improvements through caching plugins and
not running terraform workspace select unnecessarily. In my testing it saves ~20s per run.
- All config flags can now be specified by environment variables. Fixes (#38).
- Completed thanks to @psalaberria002!
- Run terraform with the
TF_PLUGIN_CACHE_DIRenv var set. Fixes (#34).- This will cache plugins and make
terraform initfaster. Terraform will still download new versions of plugins. See https://www.terraform.io/docs/configuration/providers.html#provider-plugin-cache for more details. - In my testing this saves >10s per run.
- This will cache plugins and make
- Run terraform with
TF_IN_AUTOMATION=trueso the output won't contain suggestions to run commands that you can't run via Atlantis. (#82). - Don't run
terraform workspace selectunless we actually need to switch workspaces. (#82).- In my testing this saves ~10s.
- Validate that workspace doesn't contain a path when running ex.
atlantis plan -w /jdlkj. This was already not a valid workspace name according to Terraform. (#78). - Error out if
ngrokis already running when runningatlantis bootstrap(#81).
- None
- Atlantis version shown in footer of web UI. Fixes (#33).
- GitHub comments greater than the max length will be split into multiple comments. Fixes (#55).
- None
This release focused on some security issues reported by @eriksw, thanks Erik! By default, Atlantis will be more secure now and you'll have to specify which repositories you want it to work on.
- New flag
--allow-fork-prsadded toatlantis servercontrols whether Atlantis will operate on pull requests from forks. Defaults tofalse. This flag was added because on a public repository anyone could open up a pull request to your repo and use your Atlantis install. - New mandatory flag
--repo-whitelistadded toatlantis servercontrols which repos Atlantis will operate on. This flag was added so that if a webhook secret is compromised (or you're not using webhook secrets) Atlantis won't be used on repos you don't control. - Warn if running
atlantis serverwithout any webhook secrets set. This is dangerous because without a webhook secret, an attacker could spoof requests to Atlantis. - Make CLI output more readable by setting a fixed column width.
- None
- Must set
--allow-fork-prsnow if you want to run Atlantis on pull requests from forked repos. - Must set
--repo-whitelistin order to startatlantis server. Seeatlantis server --helpfor how that flag works.
- None
- Run apply in correct directory when using
-dflag. Fixes (#22)
- None
- Fix security issue where Atlantis wasn't escaping the optional "extra args" that could be appended to comments (#16)
- example exploit:
atlantis plan ; cat /etc/passwd
- example exploit:
- Atlantis moved to new repo:
atlantisrun/atlantis. Read why here - New -w/--workspace and -d/--dir flags in comments (#14)
- You can now specify which directory to plan/apply in, ex.
atlantis plan -d dir1/dir2
- You can now specify which directory to plan/apply in, ex.
- Better feedback from atlantis when asking for help via comments, ex.
atlantis plan -h
- Convert
--data-dirpaths to absolute from relative. Fixes (#245) - Don't run plan in the parent of
modules/unless there's amain.tfpresent. Fixes (#12)
- You must use the
-wflag to specify a workspace when commenting now- Previously:
atlantis plan staging, now:atlantis plan -w staging
- Previously:
- You must use a double-dash between Atlantis flags and extra args to be appended to the terraform command
- Previously:
atlantis plan -target=resource, now:atlantis plan -- -target=resource
- Previously:
- Atlantis will no longer run
planin the parent directory ofmodules/unless there is amain.tfin that directory.
- SSL support added (#233)
- GitLab custom URL for GitLab Enterprise installations now works (#231)
None
None
- Use
envinstead ofworkspacefor Terraform 0.9.*
None
None
- The environment variables available when executing commands have changed:
WORKSPACE=>DIR- this is the absolute path to the project directory on diskENVIRONMENT=>WORKSPACE- this is the name of the Terraform workspace that we're running in (ex. default)
- The schema for storing locks changed. Any old locks will still be held but you will be unable to discard them in the UI.
To fix this, either merge all the open pull requests before upgrading OR delete the
~/.atlantis/atlantis.dbfile. This is safe to do because you'll just need to re-runplanto get your plan back.
- Don't ignore changes in
modulesdirectories anymore. (#211)
- Don't set
as_userto true for Slack webhooks so we can integrate as a workspace app. (#206)
None
None
None
- Environment variables are passed through to
extra_arguments. (#150) - Tested hundreds of lines of code. Test coverage now at 60%. (https://codecov.io/gh/hootsuite/atlantis)
- Modules in list of changed files weren't being filtered. (#193)
- Nil pointer error in bootstrap mode. (#181)
None
- all flags passed to
atlantis planoratlantis applywill now be passed through toterraform. (#131)
- Fix command parsing when comment ends with newline. (#131)
- Plan and Apply outputs are shown in new line. (#132)
--aws-assume-role-arnand--aws-regionflags removed. Instead, to name the assume role session with the GitHub username of the user running the Atlantis command use theatlantis_userterraform variable alongside Terraform's built-in support for assume role (see https://github.com/runatlantis/atlantis/blob/main/README.md#assume-role-session-names)- Atlantis has a docker image now (#123). Here is how you can try it out:
docker run runatlantis/atlantis:v0.1.1 server --gh-user=GITHUB_USERNAME --gh-token=GITHUB_TOKEN