Skip to content

Commit

Permalink
Merge branch 'main' into extend-api
Browse files Browse the repository at this point in the history
  • Loading branch information
jamengual authored Dec 30, 2024
2 parents caba62c + eaed61d commit d55f22c
Show file tree
Hide file tree
Showing 160 changed files with 7,256 additions and 8,023 deletions.
26 changes: 20 additions & 6 deletions .github/workflows/atlantis-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,11 @@ jobs:
needs: [changes]
if: needs.changes.outputs.should-run-build == 'true'
name: Build Image
permissions:
contents: read
id-token: write
packages: write
attestations: write
strategy:
matrix:
image_type: [alpine, debian]
Expand All @@ -71,7 +76,7 @@ jobs:
platforms: arm64,arm

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3
# https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515
with:
driver-opts: |
Expand All @@ -85,7 +90,7 @@ jobs:
# if it's v0.10.0 and debian, it will do v0.10.0-debian, latest-debian
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
env:
SUFFIX: ${{ format('-{0}', matrix.image_type) }}
with:
Expand Down Expand Up @@ -129,8 +134,9 @@ jobs:
run: echo "RELEASE_VERSION=${{ startsWith(github.ref, 'refs/tags/') && '${GITHUB_REF#refs/*/}' || 'dev' }}" >> $GITHUB_ENV

- name: "Build ${{ env.PUSH == 'true' && 'and push' || '' }} ${{ env.DOCKER_REPO }} image"
id: build
if: contains(fromJson('["push", "pull_request"]'), github.event_name)
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
Expand All @@ -147,6 +153,14 @@ jobs:
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }}

- name: "Sign and Attest Image"
if: env.PUSH == 'true'
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-digest: ${{ steps.build.outputs.digest }}
subject-name: ghcr.io/${{ github.repository }}
push-to-registry: true

test:
needs: [changes]
if: needs.changes.outputs.should-run-build == 'true'
Expand All @@ -163,15 +177,15 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3
# https://github.com/docker/build-push-action/issues/761#issuecomment-1575006515
with:
driver-opts: |
image=moby/buildkit:v0.14.0
- name: "Build and load into Docker"
if: contains(fromJson('["push", "pull_request"]'), github.event_name)
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
Expand Down Expand Up @@ -201,4 +215,4 @@ jobs:
image_type: [alpine, debian]
runs-on: ubuntu-24.04
steps:
- run: 'echo "No build required"'
- run: 'echo "No build required"'
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -91,7 +91,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3
uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -104,7 +104,7 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3
uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3
with:
category: "/language:${{matrix.language}}"

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,15 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

# need to setup go toolchain explicitly
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

- name: golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6
with:
# renovate: datasource=github-releases depName=golangci/golangci-lint
version: v1.60.1
version: v1.62.2

skip-lint:
needs: [changes]
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
with:
submodules: true

- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: 'Upload artifact'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: 'Upload to code-scanning'
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
sarif_file: results.sarif
10 changes: 5 additions & 5 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,12 @@ jobs:
if: needs.changes.outputs.should-run-tests == 'true'
name: Tests
runs-on: ubuntu-24.04
container: ghcr.io/runatlantis/testing-env:latest@sha256:b176e5b60579b194bad6c1a19724c9f13021684397d0effa6b3746f6f56cbd02
container: ghcr.io/runatlantis/testing-env:latest@sha256:79991418aec4e5dcb1f18dc7b7bdf6ee37302a30a1e374c7bcf3eba9aadef68d
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

# need to setup go toolchain explicitly
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand All @@ -65,7 +65,7 @@ jobs:
###########################################################
- name: Slack failure notification
if: ${{ github.ref == 'refs/heads/main' && failure() }}
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
payload: |
{
Expand Down Expand Up @@ -119,7 +119,7 @@ jobs:
NGROK_AUTH_TOKEN: ${{ secrets.ATLANTISBOT_NGROK_AUTH_TOKEN }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand Down Expand Up @@ -156,7 +156,7 @@ jobs:
NGROK_AUTH_TOKEN: ${{ secrets.ATLANTISBOT_NGROK_AUTH_TOKEN }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/testing-env-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
platforms: arm64,arm

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3

- name: Login to Packages Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
Expand All @@ -60,7 +60,7 @@ jobs:

- run: echo "TODAY=$(date +"%Y.%m.%d")" >> $GITHUB_ENV
- name: Build and push testing-env:${{env.TODAY}} image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/website.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: markdown-lint
uses: DavidAnson/markdownlint-cli2-action@db43aef879112c3119a410d69f66701e0d530809 # v17
uses: DavidAnson/markdownlint-cli2-action@eb5ca3ab411449c66620fe7f1b3c9e10547144b0 # v18
with:
config: .markdownlint.yaml
globs: 'runatlantis.io/**/*.md'
Expand All @@ -63,7 +63,7 @@ jobs:
- name: run http-server
env:
# renovate: datasource=github-releases depName=raviqqe/muffet
MUFFET_VERSION: 2.10.3
MUFFET_VERSION: 2.10.6
run: |
# install raviqqe/muffet to check for broken links.
curl -Ls https://github.com/raviqqe/muffet/releases/download/v${MUFFET_VERSION}/muffet_linux_amd64.tar.gz | tar -xz
Expand All @@ -86,19 +86,22 @@ jobs:
# medium.com => was being rate limited: HTTP 429
# twitter.com => too many redirections
# www.flaticon.com => 403 error
# www.freepik.com => 403 error
- run: |
./muffet \
-e 'https://medium.com/runatlantis' \
-e 'https://dev.to/*' \
-e 'https://twitter.com/*' \
-e 'https://www.flaticon.com/*' \
-e 'https://www.freepik.com/*' \
-e 'https://github\.com/runatlantis/atlantis/edit/main/.*' \
-e 'https://github.com/runatlantis/helm-charts#customization' \
-e 'https://github.com/sethvargo/atlantis-on-gke/blob/master/terraform/tls.tf#L64-L84' \
-e 'https://confluence.atlassian.com/*' \
--header 'User-Agent: Muffet' \
--header 'Accept-Encoding:deflate, gzip' \
--buffer-size 8192 \
--timeout 300 \
http://localhost:8080/
skip-link-check:
Expand Down
2 changes: 1 addition & 1 deletion .node-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20.18.0
22.12.0
2 changes: 1 addition & 1 deletion .tool-versions
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
node 20.14.0
node 22.12.0
go 1.23.0
4 changes: 2 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ Maintenance release for security patches with atlantis-base image
* docker: bump git-lfs and gosu dependencies by @hi-artem in https://github.com/runatlantis/atlantis/pull/2096
* fix(docker): fix base image for multi-platform build by @Tenzer in https://github.com/runatlantis/atlantis/pull/2099
* fix(docker): fix installation of git-lfs in armv7 image by @Tenzer in https://github.com/runatlantis/atlantis/pull/2100
* fix(docker): download Terraform and conftest versions maching image architecture by @Tenzer in https://github.com/runatlantis/atlantis/pull/2101
* fix(docker): download Terraform and conftest versions matching image architecture by @Tenzer in https://github.com/runatlantis/atlantis/pull/2101

# v0.18.3

Expand Down Expand Up @@ -237,7 +237,7 @@ Maintenance release for security patches with atlantis-base image
* build(deps): bump github.com/hashicorp/go-version from 1.3.0 to 1.4.0 by @dependabot in https://github.com/runatlantis/atlantis/pull/1987
* build(deps): bump go.uber.org/zap from 1.19.1 to 1.20.0 by @dependabot in https://github.com/runatlantis/atlantis/pull/1988
* docs: document `undiverged` apply requirement in more places by @fishpen0 in https://github.com/runatlantis/atlantis/pull/1992
* fix: fix autoplan when .terraform.lock.hcl is modifed by @gezb in https://github.com/runatlantis/atlantis/pull/1991
* fix: fix autoplan when .terraform.lock.hcl is modified by @gezb in https://github.com/runatlantis/atlantis/pull/1991
* feat: add XTerm JS to the server static files by @Ka1wa in https://github.com/runatlantis/atlantis/pull/1985
* feat: post workflow hooks by @tim775 in https://github.com/runatlantis/atlantis/pull/1990
* docs: add colon to policy checking yaml by @williamlord-wise in https://github.com/runatlantis/atlantis/pull/1996
Expand Down
8 changes: 3 additions & 5 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ We use [pegomock](https://github.com/petergtz/pegomock) for mocking. If you're
modifying any interfaces that are mocked, you'll need to regen the mocks for that
interface.
Install using `go install github.com/petergtz/pegomock/pegomock`
Install using `go install github.com/petergtz/pegomock/v4/pegomock@latest`
If you see errors like:
```
Expand All @@ -174,10 +174,8 @@ To regen the mock, run `go generate` on that file, e.g.
go generate server/events/project_command_builder.go
```
If you get an error about `pegomock` not being available, install it:
```sh
go get github.com/petergtz/pegomock/...
```
Alternatively, you can run `make go-generate` to execute `go generate` across all packages
# Backporting Fixes
Atlantis now uses a [cherry-pick-bot](https://github.com/googleapis/repo-automation-bots/tree/main/packages/cherry-pick-bot) from Google. The bot assists in maintaining changes across releases branches by easily cherry-picking changes via pull requests.
Expand Down
18 changes: 9 additions & 9 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# syntax=docker/dockerfile:1@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5
# syntax=docker/dockerfile:1@sha256:93bfd3b68c109427185cd78b4779fc82b484b0b7618e36d0f104d4d801e66d25
# what distro is the image being built for
ARG ALPINE_TAG=3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
ARG DEBIAN_TAG=12.7-slim@sha256:36e591f228bb9b99348f584e83f16e012c33ba5cad44ef5981a1d7c0a93eca22
ARG GOLANG_TAG=1.23.2-alpine@sha256:9dd2625a1ff2859b8d8b01d8f7822c0f528942fe56cfe7a1e7c38d3b8d72d679
ARG ALPINE_TAG=3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
ARG DEBIAN_TAG=12.8-slim@sha256:d365f4920711a9074c4bcd178e8f457ee59250426441ab2a5f8106ed8fe948eb
ARG GOLANG_TAG=1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812

# renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp
ARG DEFAULT_TERRAFORM_VERSION=1.9.8
ARG DEFAULT_TERRAFORM_VERSION=1.10.3
# renovate: datasource=github-releases depName=opentofu/opentofu versioning=hashicorp
ARG DEFAULT_OPENTOFU_VERSION=1.8.4
ARG DEFAULT_OPENTOFU_VERSION=1.8.7
# renovate: datasource=github-releases depName=open-policy-agent/conftest
ARG DEFAULT_CONFTEST_VERSION=0.56.0

Expand Down Expand Up @@ -94,7 +94,7 @@ RUN AVAILABLE_CONFTEST_VERSIONS=${DEFAULT_CONFTEST_VERSION} && \

# install git-lfs
# renovate: datasource=github-releases depName=git-lfs/git-lfs
ENV GIT_LFS_VERSION=3.5.1
ENV GIT_LFS_VERSION=3.6.0

RUN case ${TARGETPLATFORM} in \
"linux/amd64") GIT_LFS_ARCH=amd64 ;; \
Expand Down Expand Up @@ -154,8 +154,8 @@ COPY --from=deps /usr/local/bin/conftest /usr/local/bin/conftest
COPY --from=deps /usr/bin/git-lfs /usr/bin/git-lfs
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh

# renovate: datasource=repology depName=alpine_3_20/ca-certificates versioning=loose
ENV CA_CERTIFICATES_VERSION="20240705-r0"
# renovate: datasource=repology depName=alpine_3_21/ca-certificates versioning=loose
ENV CA_CERTIFICATES_VERSION="20241010"

# Install packages needed to run Atlantis.
# We place this last as it will bust less docker layer caches when packages update
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.dev
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
FROM ghcr.io/runatlantis/atlantis:latest@sha256:5318d83dc11546c30ea2487108f465c7e000c8d190c66bf925fc3dba7a993d3f
FROM ghcr.io/runatlantis/atlantis:latest@sha256:f95cdf8f42370abf68d9e095930de8812e3b2a0dd66c9ffc39a69c8f49727989
COPY atlantis /usr/local/bin/atlantis
WORKDIR /atlantis/src
Loading

0 comments on commit d55f22c

Please sign in to comment.