Run multiple policy checks against one project?

[Ludingfeng]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

Say I have the config repos.yaml as following:

repos:
    - id: xxx
      branch: /master/
      apply_requirements: [approved, mergeable]
      workflow: default
      allowed_overrides: [workflow]
      allow_custom_workflows: true
      delete_source_branch_on_merge: true
    workflows:
      default:
        plan:
          steps:
            - init
            - plan
            - run: terraform$ATLANTIS_TERRAFORM_VERSION show -no-color -json $PLANFILE > $SHOWFILE
            - run: echo XXX > env_vars.txt
        policy_check:
          steps:
            - env:
                name: ENV_VAR_TEST
                command: 'cat env_vars.txt'
            - policy_check:
                extra_args:
                  - --all-namespaces
                  - --show-builtin-errors
                  - --update
                  - git::https://<GIT_REPO>//policies?ref=master
                  - -p /atlantis-data/policy/env-variable-check
        apply:
          steps: [apply]
      custom-workflow:
        plan:
          steps:
            - init
            - plan
            - run: terraform$ATLANTIS_TERRAFORM_VERSION show -no-color -json $PLANFILE > $SHOWFILE
        policy_check:
          steps:
            - policy_check:
                extra_args:
                  - --all-namespaces
                  - --show-builtin-errors
                  - -p /atlantis-data/policy/deny-check1
                  - -p /atlantis-data/policy/deny-check2

    policies:
      owners:
        teams:
        - xxx
      policy_sets:
        - name: policies
          path: /atlantis-data/policy
          source: local

And atlantis.yaml as following:

version: 3
projects:
- name: custom-project
    dir: xxx
    terraform_version: v1.5.3
    workflow: custom-workflow
    autoplan:
      when_modified:
        - xxx
      enabled: true

My expected behavior is running workflows default and custom-workflow to do policy check for custom-project with everything fine.But I got some issues:

1. I set an environment variable ENV_VAR_TEST in workflow default and also have the policy check env-variable-check in this workflow but not custom-workflow, but I got error info print from policy check env-variable-check when I run atlantis plan. The policy check can be success if I remove the custom-workflow.
2. I have tried to write as following with multiple policy checks:

   - --update
   - git::https://<GIT_REPO>//policies/deny-check1?ref=master
   - --update
   - git::https://<GIT_REPO>//policies/deny-check2?ref=master

   - --update
   - git::https://<GIT_REPO>//policies/deny-check1?ref=master, git::https://<GIT_REPO>//policies/deny-check2?ref=master

policy_check:
    steps:
      - policy_check:
          extra_args:
            - --all-namespaces
            - --show-builtin-errors
            - --update
            - git::https://<GIT_REPO>//policies/deny-check1?ref=master
      - policy_check:
          extra_args:
            - --all-namespaces
            - --show-builtin-errors
            - --update
            - git::https://<GIT_REPO>//policies/deny-check2?ref=master

But only last one policy check will be run with above format.
Any suggestions will be appreciate.

Reproduction Steps

Logs

Environment details

Additional Context