Merge remote-tracking branch 'origin/main' into bb-comments-remove

Author: Edvard Makhlin

.circleci/config.yml

@@ -9,7 +9,7 @@ jobs:
         # that flag starts the download asynchronously so we'd have a race
         # condition.
         # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp
-        TERRAFORM_VERSION: 1.8.0
+        TERRAFORM_VERSION: 1.8.2
     steps:
     - checkout
     - run: make build-service

.github/renovate.json5

@@ -21,9 +21,6 @@
     'pnpmDedupe',
   ],
   prHourlyLimit: 1,
-  lockFileMaintenance: {
-    enabled: true,
-  },
   osvVulnerabilityAlerts: true,
   vulnerabilityAlerts: {
     enabled: true,
@@ -33,14 +30,8 @@
   },
   packageRules: [
     {
-      matchPackageNames: [
-        'vuepress',
-        '@vuepress/client',
-        '@vuepress/markdown',
-        '@vuepress/utils',
-      ],
-      groupName: 'vuepress',
-      allowedVersions: '!/pre.*$/',
+      "matchFileNames": ["package.json"],
+      "enabled": false
     },
     {
       matchFileNames: [
@@ -108,6 +99,7 @@
       customType: 'regex',
       fileMatch: [
         '.circleci/config.yml$',
+        '^\\.github/workflows/[^/]+\\.ya?ml$',
       ],
       matchStrings: [
         'renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.*?_VERSION: (?<currentValue>.*)\\s',

.github/workflows/codeql.yml

@@ -71,7 +71,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3
+      uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -85,7 +85,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3
+      uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -98,7 +98,7 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3
+      uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3
       with:
         category: "/language:${{matrix.language}}"
 

.github/workflows/lint.yml

@@ -42,7 +42,7 @@ jobs:
     - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
     # need to setup go toolchain explicitly
-    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
       with:
         go-version-file: go.mod
 

.github/workflows/pr-size-labeler.yml

@@ -0,0 +1,28 @@
+name: pr-size
+
+on: [pull_request]
+
+jobs:
+  labeler:
+    runs-on: ubuntu-latest
+    name: Label the PR size
+    steps:
+      - uses: codelytv/pr-size-labeler@54ef36785e9f4cb5ecf1949cfc9b00dbb621d761 # v1
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          xs_label: 'size/xs'
+          xs_max_size: '10'
+          s_label: 'size/s'
+          s_max_size: '200'
+          m_label: 'size/m'
+          m_max_size: '1000'
+          l_label: 'size/l'
+          l_max_size: '10000'
+          xl_label: 'size/xl'
+          fail_if_xl: 'false'
+          message_if_xl: >
+            This PR exceeds the recommended size of 1000 lines.
+            Please make sure you are NOT addressing multiple issues with one PR.
+            Note this PR might be rejected due to its size.
+          github_api_url: 'https://api.github.com'
+          files_to_ignore: ''

.github/workflows/release.yml

@@ -15,7 +15,7 @@ jobs:
       with:
         submodules: true
 
-    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
       with:
         go-version-file: go.mod
 

.github/workflows/test.yml

@@ -41,12 +41,12 @@ jobs:
     if: needs.changes.outputs.should-run-tests == 'true'
     name: Tests
     runs-on: ubuntu-22.04
-    container: ghcr.io/runatlantis/testing-env:latest@sha256:da00ef8402ff55f1b0fee66187d4b3716991487d4515f8e4ae35427b1cb303ea
+    container: ghcr.io/runatlantis/testing-env:latest@sha256:cdc9167a438867db77fcdc2a524316c5a1e98ba6e2c936e19f3c7220eedc95d8
     steps:
       - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       # need to setup go toolchain explicitly
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
         with:
           go-version-file: go.mod
 

.github/workflows/website.yml

@@ -67,6 +67,11 @@ jobs:
           # start http-server for integration testing
           npx http-server runatlantis.io/.vuepress/dist &
 
+      - name: Run Playwright E2E tests
+        run: |
+          pnpx playwright install --with-deps
+          pnpm run e2e
+
       - name: wait until server listened
         run: curl --retry-delay 1 --retry 30 --retry-all-error http://localhost:8080
 

.gitignore

@@ -8,7 +8,6 @@ output
 .cover
 .terraform/
 node_modules/
-**/.vuepress/*
 helm/test-values.yaml
 *.swp
 golangci-lint
@@ -27,3 +26,12 @@ tmp-CHANGELOG.md
 
 # IDE files
 *.code-workspace
+
+# draw.io backup files
+*.bkp
+
+# vuepress
+**/.vuepress/*
+!runatlantis.io/.vuepress/config.*
+!runatlantis.io/.vuepress/navbar.*
+!runatlantis.io/.vuepress/sidebar.*

CONTRIBUTING.md

@@ -1,9 +1,24 @@
-# Topics
-* [Reporting Issues](#reporting-issues)
-* [Reporting Security Issues](#reporting-security-issues)
-* [Updating The Website](#updating-the-website)
-* [Developing](#developing)
-* [Releasing](#creating-a-new-release)
+# Contributing <!-- omit in toc -->
+
+# Table of Contents <!-- omit in toc -->
+- [Reporting Issues](#reporting-issues)
+- [Reporting Security Issues](#reporting-security-issues)
+- [Updating The Website](#updating-the-website)
+- [Developing](#developing)
+  - [Running Atlantis Locally](#running-atlantis-locally)
+  - [Running Atlantis With Local Changes](#running-atlantis-with-local-changes)
+    - [Rebuilding](#rebuilding)
+  - [Running Tests Locally](#running-tests-locally)
+  - [Running Tests In Docker](#running-tests-in-docker)
+  - [Calling Your Local Atlantis From GitHub](#calling-your-local-atlantis-from-github)
+  - [Code Style](#code-style)
+    - [Logging](#logging)
+    - [Errors](#errors)
+    - [Testing](#testing)
+    - [Mocks](#mocks)
+- [Backporting Fixes](#backporting-fixes)
+  - [Manual Backporting Fixes](#manual-backporting-fixes)
+- [Creating a New Release](#creating-a-new-release)
 
 # Reporting Issues
 * When reporting issues, please include the output of `atlantis version`.
@@ -23,11 +38,11 @@ open your browser to http://localhost:8080.
 ## Running Atlantis Locally
 * Clone the repo from https://github.com/runatlantis/atlantis/
 * Compile Atlantis:
-    ```
+    ```sh
     go install
     ```
 * Run Atlantis:
-    ```
+    ```sh
     atlantis server --gh-user <your username> --gh-token <your token> --repo-allowlist <your repo> --gh-webhook-secret <your webhook secret> --log-level debug
     ```
     If you get an error like `command not found: atlantis`, ensure that `$GOPATH/bin` is in your `$PATH`.
@@ -36,62 +51,66 @@ open your browser to http://localhost:8080.
 Docker compose is set up to start an atlantis container and ngrok container in the same network in order to expose the atlantis instance to the internet.  In order to do this, create a file in the repository called `atlantis.env` and add the required env vars for the atlantis server configuration.
 
 e.g.
-```
+
+```sh
+NGROK_AUTH=1234567890
+
 ATLANTIS_GH_APP_ID=123
 ATLANTIS_GH_APP_KEY_FILE="/.ssh/somekey.pem"
 ATLANTIS_GH_WEBHOOK_SECRET=12345
 ```
 
-Note: `~/.ssh` is mounted to allow for referencing any local ssh keys
+Note: `~/.ssh` is mounted to allow for referencing any local ssh keys.
 
 Following this just run:
 
-```
+```sh
 make build-service
-docker-compose up
+docker-compose up --detach
+docker-compose logs --follow
 ```
 
 ### Rebuilding
-
 If the ngrok container is restarted, the url will change which is a hassle. Fortunately, when we make a code change, we can rebuild and restart the atlantis container easily without disrupting ngrok.
 
 e.g.
 
-```
+```sh
 make build-service
 docker-compose up --detach --build
 ```
 
-## Running Tests Locally:
-
+## Running Tests Locally
 `make test`. If you want to run the integration tests that actually run real `terraform` commands, run `make test-all`.
 
-## Running Tests In Docker:
-```
+## Running Tests In Docker
+```sh
 docker run --rm -v $(pwd):/go/src/github.com/runatlantis/atlantis -w /go/src/github.com/runatlantis/atlantis ghcr.io/runatlantis/testing-env:latest make test
 ```
 
 Or to run the integration tests
-```
+
+```sh
 docker run --rm -v $(pwd):/go/src/github.com/runatlantis/atlantis -w /go/src/github.com/runatlantis/atlantis ghcr.io/runatlantis/testing-env:latest make test-all
 ```
 
 ## Calling Your Local Atlantis From GitHub
 - Create a test terraform repository in your GitHub.
 - Create a personal access token for Atlantis. See [Create a GitHub token](https://github.com/runatlantis/atlantis/tree/main/runatlantis.io/docs/access-credentials.md#generating-an-access-token).
 - Start Atlantis in server mode using that token:
-```
+```sh
 atlantis server --gh-user <your username> --gh-token <your token> --repo-allowlist <your repo> --gh-webhook-secret <your webhook secret> --log-level debug
 ```
 - Download ngrok from https://ngrok.com/download. This will enable you to expose Atlantis running on your laptop to the internet so GitHub can call it.
 - When you've downloaded and extracted ngrok, run it on port `4141`:
-```
+```sh
 ngrok http 4141
 ```
 - Create a Webhook in your repo and use the `https` url that `ngrok` printed out after running `ngrok http 4141`. Be sure to append `/events` so your webhook url looks something like `https://efce3bcd.ngrok.io/events`. See [Add GitHub Webhook](https://github.com/runatlantis/atlantis/blob/main/runatlantis.io/docs/configuring-webhooks.md#configuring-webhooks).
 - Create a pull request and type `atlantis help`. You should see the request in the `ngrok` and Atlantis logs and you should also see Atlantis comment back.
 
 ## Code Style
+
 ### Logging
 - `ctx.Log` should be available in most methods. If not, pass it down.
 - levels:
@@ -161,12 +180,11 @@ go get github.com/petergtz/pegomock/...
 ```
 
 # Backporting Fixes
-
 Atlantis now uses a [cherry-pick-bot](https://github.com/googleapis/repo-automation-bots/tree/main/packages/cherry-pick-bot) from Google. The bot assists in maintaining changes across releases branches by easily cherry-picking changes via pull requests.
 
 Maintainers and Core Contributors can add a comment to a pull request:
 
-```
+```sh
 /cherry-pick target-branch-name
 ```
 
@@ -175,7 +193,6 @@ target-branch-name is the branch to cherry-pick to. cherry-pick-bot will cherry-
 The bot will immediately try to cherry-pick a merged PR. On unmerged pull request, it will not do anything immediately, but wait until merge. You can comment multiple times on a PR for multiple release branches.
 
 ## Manual Backporting Fixes
-
 The bot will fail to cherry-pick if the feature branches' git history is not linear (merge commits instead of rebase). In that case, you will need to manually cherry-pick the squashed merged commit from main to the release branch
 
 1. Switch to the release branch intended for the fix.

docker-compose.yml

@@ -1,42 +1,41 @@
 # Note: This file is only used for Atlantis local development
-version: "3.8"
 services:
-    ngrok:
-        image: wernight/ngrok:latest@sha256:d211f29ebcfe5f4e72df4fa8bdd9a667886e127d7fcb1be4a1af5ad83a8a1b77
-        ports:
-        - 4040:4040
-        environment:
-            # https://dashboard.ngrok.com/get-started/your-authtoken
-            # NGROK_AUTH: REPLACE-WITH-YOUR-TOKEN // set this in atlantis.env
-            NGROK_PROTOCOL: http
-            NGROK_PORT: atlantis:4141
-        env_file:
-            - ./atlantis.env
-        depends_on:
-        - atlantis
-    redis:
-        image: redis:7.2-alpine@sha256:a40e29800d387e3cf9431902e1e7a362e4d819233d68ae39380532c3310091ac
-        restart: always
-        ports:
-        - '6379:6379'
-        command: redis-server --save 20 1 --loglevel warning --requirepass test123
-        volumes:
-        - redis:/data
-    atlantis:
-        depends_on:
-        - redis
-        build:
-            context: .
-            dockerfile: Dockerfile.dev
-        ports:
-        - 4141:4141
-        volumes:
-            - ~/.ssh:/.ssh
-            - ./:/atlantis/src
-        # Contains the flags that atlantis uses in env var form
-        env_file:
-            - ./atlantis.env
+  ngrok:
+    image: wernight/ngrok:latest@sha256:d211f29ebcfe5f4e72df4fa8bdd9a667886e127d7fcb1be4a1af5ad83a8a1b77
+    ports:
+      - 4040:4040
+    environment:
+      # https://dashboard.ngrok.com/get-started/your-authtoken
+      # NGROK_AUTH: REPLACE-WITH-YOUR-TOKEN // set this in atlantis.env
+      NGROK_PROTOCOL: http
+      NGROK_PORT: atlantis:4141
+    env_file:
+      - atlantis.env
+    depends_on:
+      - atlantis
+  redis:
+    image: redis:7.2-alpine@sha256:a40e29800d387e3cf9431902e1e7a362e4d819233d68ae39380532c3310091ac
+    restart: always
+    ports:
+      - 6379:6379
+    command: redis-server --save 20 1 --loglevel warning --requirepass test123
+    volumes:
+      - redis:/data
+  atlantis:
+    depends_on:
+      - redis
+    build:
+      context: .
+      dockerfile: Dockerfile.dev
+    ports:
+      - 4141:4141
+    volumes:
+      - ${HOME}/.ssh:/.ssh:ro
+      - ${PWD}:/atlantis/src:ro
+    # Contains the flags that atlantis uses in env var form
+    env_file:
+      - atlantis.env
 
 volumes:
-    redis:
-        driver: local
+  redis:
+    driver: local