Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--hide-prev-plan-comments flag fails if using Github App name with uppercased or space chars #1161

Closed
nitrocode opened this issue Aug 19, 2020 · 18 comments · Fixed by #2697
Closed
Labels
docs Documentation help wanted Good feature for contributors

Comments

@nitrocode
Copy link
Member

nitrocode commented Aug 19, 2020

Problem

I have ATLANTIS_HIDE_PREV_PLAN_COMMENTS=true and running 0.15.0 as a github app in ECS Fargate. I run plan manually in my repo using the following.

atlantis plan -d iam-policies/engineer

When I run that multiple times in the same PR, it does not hide my previous plan comments.

Configuration

I have the following env vars setup in my module.

  custom_environment_variables = [
    {
      "name" : "ATLANTIS_WRITE_GIT_CREDS",
      "value" : "true",
    },
    {
      "name" : "ATLANTIS_HIDE_PREV_PLAN_COMMENTS",
      "value" : "true",
    },
    {
      "name" : "ATLANTIS_LOG_LEVEL",
      "value" : "debug",
    },
    # set default version
    {
      "name" : "ATLANTIS_DEFAULT_TF_VERSION",
      "value" : local.terraform_version,
    },
    {
      "name" : "DEFAULT_TERRAFORM_VERSION",
      "value" : local.terraform_version,
    },
    # for the github bot
    {
      "name" : "ATLANTIS_GH_APP_ID",
      "value" : "12345",
    },
    {
      "name" : "ATLANTIS_GH_APP_KEY_FILE",
      "value" : "/home/atlantis/atlantis-app-key.pem",
    },
  ]

and my server atlantis.yaml is

# https://www.runatlantis.io/docs/server-configuration.html#repo-config-json
repos:
  - # apply config to repos matching this regex
    id: /.*/
    # allow repo level custom workflows
    allow_custom_workflows: true
    # allow repo level configs to override the following
    allowed_overrides:
      - apply_requirements
      - workflow
    # `terraform apply` requires the PR to be
    apply_requirements:
      - approved
      # - mergeable
    workflow: default
    terraform_version: 0.12.29
# custom workflows
# https://www.runatlantis.io/docs/server-side-repo-config.html#allow-repos-to-choose-a-server-side-workflow
workflows:
  default:
    apply:
      steps:
        # - apply
        - run: echo 'Apply is disabled for now. Please apply locally or contact dev_ops / noc_ops slack channels'
        - run: if [ `cat /home/atlantis/users | grep -i "^$USERNAME$" | wc -l` != 1 ]; then echo "Not in users file" && exit 1; else echo "Authenticated"; fi
    plan:
      steps:
        - init
        - run: echo 'Running tflint...' && tflint
        - run: echo 'Running checkov...' && checkov --quiet -d .
        - plan

Logs

$ ecs-cli logs --cluster atlantis --task-id mytaskid | grep 'terraform_scripts#319'
2020/08/19 13:04:20+0000 [DBUG] project_command_builder.go:204 ghorg/terraform_scripts#319: Building plan command
2020/08/19 13:04:20+0000 [DBUG] project_command_builder.go:211 ghorg/terraform_scripts#319: Cloning repository
2020/08/19 13:04:20+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:30 ghorg/terraform_scripts#319: Wrote git credentials to /home/atlantis/.git-credentials
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:60 ghorg/terraform_scripts#319: Successfully ran git config --global credential.helper store
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:66 ghorg/terraform_scripts#319: Successfully ran git config --global url.https://x-access-token@github.com.insteadOf ssh://git@github.com
2020/08/19 13:04:20+0000 [INFO] working_dir.go:172 ghorg/terraform_scripts#319: Creating dir "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default"
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:238 ghorg/terraform_scripts#319: Ran: git clone --branch engineer-assume --depth=1 --single-branch https://:<redacted>@github.com/ghorg/terraform_scripts.git /home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default. Output: Cloning into '/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default'...
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:189 ghorg/terraform_scripts#319: Building config based on server-side config
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allowed_overrides: [apply_requirements,workflow] from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allow_custom_workflows: true from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting apply_requirements: [approved] from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting workflow: "default" from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [INFO] project_command_builder.go:483 ghorg/terraform_scripts#319: Cannot determine which version to use from terraform configuration, detected 2 possibilities.
2020/08/19 13:04:21+0000 [INFO] project_locker.go:80 ghorg/terraform_scripts#319: Acquired lock with id "ghorg/terraform_scripts/iam-policies/engineer/default"
2020/08/19 13:04:21+0000 [DBUG] project_command_runner.go:144 ghorg/terraform_scripts#319: Acquired lock for project
2020/08/19 13:04:21+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:04:21+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:04:32+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:32+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running tflint...' && tflint" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:36+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running checkov...' && checkov --quiet -d ." in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:36+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 workspace show" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:54+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 plan -input=false -refresh -no-color -out \"/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer/default.tfplan\"" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:55+0000 [DBUG] command_runner.go:584 ghorg/terraform_scripts#319: Updating DB with pull results
2020/08/19 13:05:31+0000 [DBUG] project_command_builder.go:204 ghorg/terraform_scripts#319: Building plan command
2020/08/19 13:05:31+0000 [DBUG] project_command_builder.go:211 ghorg/terraform_scripts#319: Cloning repository
2020/08/19 13:05:31+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:05:31+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:189 ghorg/terraform_scripts#319: Building config based on server-side config
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting apply_requirements: [approved] from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting workflow: "default" from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allowed_overrides: [apply_requirements,workflow] from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allow_custom_workflows: true from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [INFO] project_command_builder.go:483 ghorg/terraform_scripts#319: Cannot determine which version to use from terraform configuration, detected 2 possibilities.
2020/08/19 13:05:31+0000 [INFO] project_locker.go:80 ghorg/terraform_scripts#319: Acquired lock with id "ghorg/terraform_scripts/iam-policies/engineer/default"
2020/08/19 13:05:31+0000 [DBUG] project_command_runner.go:144 ghorg/terraform_scripts#319: Acquired lock for project
2020/08/19 13:05:31+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:05:31+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:05:36+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:36+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running tflint...' && tflint" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:40+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running checkov...' && checkov --quiet -d ." in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:40+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 workspace show" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:58+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 plan -input=false -refresh -no-color -out \"/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer/default.tfplan\"" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:59+0000 [DBUG] command_runner.go:584 ghorg/terraform_scripts#319: Updating DB with pull results

Related

Current workaround

Thanks to comments below, the current workaround seems to be

  • Look at the log line GH User: <gh user>
  • set ATLANTIS_GH_APP_SLUG env to the name of the atlantis app
  • make sure the atlantis app name is lowercased and all the spaces are now dashes

To resolve this in a PR

  • The user used to hide the comments should be the same user as the name of the app
  • The ATLANTIS_GH_APP_SLUG should not be needed
  • An error message should be caught and thrown if hiding prev plan comments does not work
@hoppalotta
Copy link

hoppalotta commented Oct 22, 2020

In my case I was using the Fargate Module and after reviewing the inputs I noticed that the value for atlantis_hide_prev_plan_comments defaults to false. It seems that setting overrides environment variables that are set in the docker image, which is where I set my env vars. It's possible that it overrides the custom_environment_variables argument as well.

Setting atlantis_hide_prev_plan_comments = "true" in the configuration solved the issue for me.

@nitrocode
Copy link
Member Author

I'm using the same module, latest version 2.24.0, and tried both ways, using the custom env var and the argument, but still seeing the same result.

@taiidani
Copy link

# server configuration file
atlantis_hide_prev_plan_comments: "true"
hide_prev_plan_comments: "true"
atlantis-hide-prev-plan-comments: "true"
hide-prev-plan-comments: "true"

# Environment variable
ATLANTIS_HIDE_PREV_PLAN_COMMENTS  = "true"

# Docker image arguments
["server", "--hide-prev-plan-comments"]

And yet the GitHub comments do not hide...at this point I'm questioning my sanity! 😄

@arthur-leclerc
Copy link

arthur-leclerc commented Nov 10, 2020

I am using Atlantis with the GitHub application and I see the same behavior as above, comments doesn't hide. I don't see any errors in the logs. If you need more information, don't hesitate to ask.

We especially have plans on several comments.

We are running Atlantis v0.15.0 on GitHub with a Team plan and ownership of the app have been given to our organization.

@sparky005
Copy link
Contributor

We just switched to using app authentication and are also seeing this error. Previously (yesterday) we were using token authentication and had no issues with this setting.

@chriskuchin
Copy link

chriskuchin commented May 10, 2021

This problem started when i switched from token to GH app. I have gh-app-slug configured however it does not hid previous plan.

Just upgraded to Atlantis 0.17.0 in docker

running TF .15.3

@eliasscosta
Copy link

eliasscosta commented May 13, 2021

Here is the same, after we switched from token to GH app. Our previous comments doesn't come to hide.

We run Atlantis 0.16.0 and TF .12.x
Any suggestions?

@nitrocode nitrocode changed the title --hide-prev-plan-comments flag fails on github.com PRs on 0.15.0 --hide-prev-plan-comments flag fails to hide prev comments if using Github App May 13, 2021
@ctjens
Copy link

ctjens commented Jun 4, 2021

Is there any updates on the problem where we can hide previous plan comments using github app rather then token.
Is there a working fix that we can apply without having a feature/development branch running?

@chriskuchin
Copy link

Ok so I did some code spelunking and I think I figured out what the problem is.

So first of all this line (

logger.Debug("GH User: %s", user)
) emits the following value:

Atlantis (usw2-hub1)[bot]

Then when you look at the comments payload the login field as referenced here (

if comment.User != nil && !strings.EqualFold(comment.User.GetLogin(), g.user) {
)

has the following value

atlantis-usw2-hub1[bot]

My APP was named Atlantis (usw2-hub1) by changing the app name to atlantis-usw2-hub1 the comment hiding started working again. Hopefully this helps anyone else work around this.

@davidji99
Copy link

For me, logger.Debug("GH User: %s", user) was returning GH User: (empty string). I dug into the code and noticed this change from #1334 that short circuits GetUser() from retrieving the Github app user. To remedy, one needs to set the environment variable ATLANTIS_GH_APP_SLUG to the name of the Github app. This environment variable is not listed in https://www.runatlantis.io/docs/server-configuration.html#environment-variables.

Hope this helps someone.

@arthur-leclerc
Copy link

Hello,

Thanks you @chriskuchin and @davidji99, your solution is working. As pointed out by @davidji99, it is necessary to set ATLANTIS_GH_APP_SLUG to the same value as the name of the GitHub app. After this change, the comments are well hidden during a new commit.

@seany89
Copy link

seany89 commented Feb 16, 2022

Still, having an issue with this even when setting ATLANTIS_GH_APP_SLUG
Running Atlantis v0.18.1

@kpocius
Copy link

kpocius commented Feb 16, 2022

Still, having an issue with this even when setting ATLANTIS_GH_APP_SLUG Running Atlantis v0.18.1

It is very confusing and counter intuitive, but if you app is called My Atlantis, it's not enough to set the slug to my-atlantis -- the app itself needs to be called my-atlantis.

Hope this makes sense.

@seany89
Copy link

seany89 commented Feb 17, 2022

@kpocius Thanks it now works for me this was the issue.

@nitrocode
Copy link
Member Author

nitrocode commented Sep 12, 2022

@jamengual Should we keep this open until atlantis can support non lowercased github app names? Or at the very least, document this limitation?

@nitrocode nitrocode changed the title --hide-prev-plan-comments flag fails to hide prev comments if using Github App --hide-prev-plan-comments flag fails if using Github App with uppercased or space chars Sep 12, 2022
@nitrocode nitrocode changed the title --hide-prev-plan-comments flag fails if using Github App with uppercased or space chars --hide-prev-plan-comments flag fails if using Github App with uppercased or space chars Sep 12, 2022
@nitrocode nitrocode changed the title --hide-prev-plan-comments flag fails if using Github App with uppercased or space chars --hide-prev-plan-comments flag fails if using Github App name with uppercased or space chars Sep 12, 2022
@jamengual
Copy link
Contributor

PRs are welcome.

@rouge8
Copy link

rouge8 commented Feb 23, 2023

This still doesn't seem to work for me using a GitHub app and Atlantis v0.22.3.

@rouge8
Copy link

rouge8 commented Feb 28, 2023

Ah I see, I needed to set ATLANTIS_GH_APP_SLUG.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs Documentation help wanted Good feature for contributors
Projects
None yet
Development

Successfully merging a pull request may close this issue.