-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: set atlantis/apply
check to successful
if all plans are No Changes
#3378
Conversation
The issue is that if the plan runs, shows no-changes, and then there is time in between which causes that project to drift, then if this flag is enabled, the apply won't run and won't error out due to a stale plan. It will merge and everyone will think that at this point, the terraform had zero drift upon merge when that would not be true. |
@nitrocode Thanks for your comment! That's true, but making For instance, in the scenario of skipping |
Reading over the linked issue, instead of adding an option to allow skipping the apply command if no changes, could we instead set the atlantis/apply check as green if all the plans are no changes? |
I wanted to let you know that this PR already includes the implementation you mentioned. I apologize if the title of the pull request and the name of this option may have been misleading. |
atlantis/apply
check to successful
if all plans are No Changes
Thank you for pointing that out. The
Or perhaps can set this as a default and eliminate the need for this flag? cc @runatlantis/maintainers thoughts? |
I think is ok to have it as default but it needs to be documented well.
…On Sun, May 7, 2023, 5:03 a.m. nitrocode ***@***.***> wrote:
Thank you for pointing that out. The skip-apply-no-changes makes me think
that it will skip the apply step for any single job that is set to no
changes which i pointed out. Perhaps to remove confusion, we can change the
name of the flag?
set-atlantis-apply-check-successful-if-no-changes
Or perhaps can set this as a default and eliminate the need for this flag?
cc @runatlantis/maintainers
<https://github.com/orgs/runatlantis/teams/maintainers> thoughts?
—
Reply to this email directly, view it on GitHub
<#3378 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQ3ERHFOKKLXUNRZQEHCATXE6FSHANCNFSM6AAAAAAXWUOVOU>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
Co-authored-by: nitrocode <[email protected]>
Thanks for the feedback. I agree that the flag's name should be changed to avoid confusion. Regarding keeping the flag, I believe it is a good idea to offer users a choice to use this feature or not, as this feature alters the existing behavior of Atlantis and may not be preferred by everyone. While it is difficult to decide whether the flag should be enabled by default, I personally think it is fine to have it disabled, as there are other useful features added with their corresponding flags disabled by default. |
@GenPage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@chroju Looking good so far, a couple nit pick questions to clarify before I approve
ExpVCSApplyStatusSucc int | ||
}{ | ||
{ | ||
Description: "When planning with no previous plan, set the atlantis/apply VCS status to 0/0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To clarify this test condition expects a success or pending status with 0/0?
Targeted: true, | ||
ExpVCSApplyStatusTotal: 1, | ||
ExpVCSApplyStatusSucc: 1, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like we are missing some conditions here that we could be testing for. What happens when plans override each other with new "No changes" or new "Pending" based on drift?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @GenPage, I've added various test cases to cover different scenarios based on the review feedback. Please check!
263115f
to
cf7722c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, looks great now
… Changes` (runatlantis#3378) * mod: rename updateCommitStatus func * feat: add PlannedNoChangesPlanStatus * Add skipApplyNoChanges option to PlanCommandRunner * Add skipApplyNoChanges option to ApplyCommandRunner * Add --skip-apply-no-changes flag * Fix typo Co-authored-by: nitrocode <[email protected]> * Rename --skip-apply-no-changes flag * Refactor updateCommitStatus functions * chore(docs): add detailed use case for the flag * test: add plan_command_runner set apply status * feat: set apply status to successful by default when result is 'No Changes' --------- Co-authored-by: chroju <[email protected]> Co-authored-by: nitrocode <[email protected]>
Unlike Gitlab, Github's commit statuses do not have a "running" state, so the atlantis flow doesn't have a concept for "running". Instead of adding complexity for the majority use case (Github), I think a clear user experience is to map "pending" to "pending" for Gitlab, and let commit statuses go from pending to either success or failure. Along with runatlantis#3378, this change should result in a better user experience for Gitlab users.
This change fundamentally broke Atlantis for many users (it's still broken 5 months later). I appreciate the effort to make things smoother but next time please use a flag. The problem is that "no changes reported" is very clearly not identical to "terraform apply ran successfully", and the status check has changed meaning as a result. The meaning used to be "terraform apply ran successfully". That was unambiguous and easy to understand . I assumed it would continue meaning that. But as of this PR the status check can be set without running This PR seems to completely remove the ability to require Thanks for your help, |
I'm extremely confused... |
@brandon-fryslie, I appreciate you taking the time to explain your use case. I caution against using such strong language about "breaking" Atlantis. We considered this change very heavily before making a decision. You even advocated for this change as others had pointed out. We advertised this change as a breaking change in the v0.25.0 release.
The status check is set because there are no projects to apply. This is shown in the check as |
… Changes` (runatlantis#3378) * mod: rename updateCommitStatus func * feat: add PlannedNoChangesPlanStatus * Add skipApplyNoChanges option to PlanCommandRunner * Add skipApplyNoChanges option to ApplyCommandRunner * Add --skip-apply-no-changes flag * Fix typo Co-authored-by: nitrocode <[email protected]> * Rename --skip-apply-no-changes flag * Refactor updateCommitStatus functions * chore(docs): add detailed use case for the flag * test: add plan_command_runner set apply status * feat: set apply status to successful by default when result is 'No Changes' --------- Co-authored-by: chroju <[email protected]> Co-authored-by: nitrocode <[email protected]>
… Changes` (runatlantis#3378) * mod: rename updateCommitStatus func * feat: add PlannedNoChangesPlanStatus * Add skipApplyNoChanges option to PlanCommandRunner * Add skipApplyNoChanges option to ApplyCommandRunner * Add --skip-apply-no-changes flag * Fix typo Co-authored-by: nitrocode <[email protected]> * Rename --skip-apply-no-changes flag * Refactor updateCommitStatus functions * chore(docs): add detailed use case for the flag * test: add plan_command_runner set apply status * feat: set apply status to successful by default when result is 'No Changes' --------- Co-authored-by: chroju <[email protected]> Co-authored-by: nitrocode <[email protected]>
You are correct, I did advocate for this change. However at that time I hadn't experienced the problematic side effects caused by this change. I was wrong before and hadn't considered the potential issues. We have a lot of PRs. We have come to rely on Atlantis as the "arbiter" of sorts as to whether a PR request is suitable for merging. The problem is that while this may speed up simple use cases, the risk is that any false positives allow bad code to be merged. We generate the Atlantis config in a pre-workflow hook. Atlantis now says "0/0 projects" automatically when the PR is opened and automatically sets the status to green. If someone goes and runs "Atlantis plan" then it will generate the config and actually figure out what projects needs to be planned. I have been away for a bit and don't know what series of issues is causing this, but since Atlantis is a critical gatekeeper at this point, it would be great if there was a way to have a failsafe. A way to absolutely ensure Atlantis has planned and applied all changes. Because right now it reports "0/0 projects" when autoplan is used but when run manually it finds projects. It might be due to GitHub team membership. I don't have access to the code to look at it or I could provide more info (I left the company). |
@brandon-fryslie if you set the pre workflow hook or atlantis plan as required checks on the repo, that will prevent the PRs from getting merged prior to running atlantis plan. |
… Changes` (runatlantis#3378) * mod: rename updateCommitStatus func * feat: add PlannedNoChangesPlanStatus * Add skipApplyNoChanges option to PlanCommandRunner * Add skipApplyNoChanges option to ApplyCommandRunner * Add --skip-apply-no-changes flag * Fix typo Co-authored-by: nitrocode <[email protected]> * Rename --skip-apply-no-changes flag * Refactor updateCommitStatus functions * chore(docs): add detailed use case for the flag * test: add plan_command_runner set apply status * feat: set apply status to successful by default when result is 'No Changes' --------- Co-authored-by: chroju <[email protected]> Co-authored-by: nitrocode <[email protected]>
what
Add
--skip-apply-no-changes
option. This option will allow skipping the apply command if the plan command results in "No Changes". This option enables skipping of the apply command by setting the commit status in the VCS to "successful" without actually running the apply command.After discussion, this feature has been made the default and no option will be provided. (link)
why
tests
server/events/command/project_result_test.go
.server/events/command_runner_internal_test.go
.references
No changes
,atlantis/apply
status should be success #2546