v1.222.0-rc.15
Pre-release
Pre-release
feat: local Terraform tests against cloud emulators Erik Osterman (Cloud Posse) (@osterman) (#2663)
## what- Run
atmos terraform test(Terraform's native*.tftest.hclframework) against a local cloud emulator instead of a real cloud account, via a newexamples/terraform-testsexample. - Add
before.terraform.test/after.terraform.testlifecycle events and wirecmd/terraform/test.goto capture output and fire them — which drives both componenthooks:and the native-CI plugin from one place. - New
emulatorworkflow step type that drives emulator up/down/reset, so declarativekind: stephooks can bring a sandbox up before tests and tear it down after (when: always), with no manualatmos emulator up/down. - Native-CI job step summary for
terraform test: pass/fail/skip badges and a per-run results table, alongside the existingplan/applysummaries. - Bug fix: under the Podman runtime,
parsePodmanContainerdropped the containerPortsarray, so the emulator endpoint resolved empty and Terraform silently hit real AWS (403 InvalidAccessKeyId). Podman's structuredPortsare now parsed intoInfo.Ports. - Docs (emulator step type, hook events, job summaries, hooks guide), a changelog blog post, a roadmap milestone, and a
docs/fixes/write-up for the Podman fix.
why
terraform test'sapplyrun blocks create real infrastructure, so they need a cloud account and spend and rarely run locally — pointing them at an emulator makes them free, hermetic, and identical local↔CI.- A single hook-events seam keeps the emulator lifecycle declarative (in the component) rather than a hand-written custom command, and reuses the existing
kind: stepmachinery. - The Podman fix is required for any emulator-backed Terraform to reach the sandbox at all on Podman (it also fixes the existing
emulator-awsexample), and is documented indocs/fixes/rather than the changelog because it restores already-intended behavior.
references
- Builds on the emulators feature (#2647).
- Podman fix rationale:
docs/fixes/2026-06-27-podman-port-readback-emulator-endpoint.md. - Changelog:
website/blog/2026-06-27-local-terraform-tests-with-emulators.mdx.
Summary by CodeRabbit
-
New Features
- Added support for
terraform test, including CI summaries, test result parsing, JUnit output, and inline annotations. - Introduced new workflow step and hook capabilities for emulator runs and ordered multi-step actions.
- Added support for fixture-based local Terraform tests against cloud emulators.
- Added support for
-
Bug Fixes
- Improved handling of Podman port detection to help emulator-backed runs reach the correct endpoint.
-
Documentation
- Updated docs and examples for Terraform tests, emulator workflows, hooks, and CI job summaries.
[codex] Fix mobile gutters and name runtime CSS Erik Osterman (Cloud Posse) (@osterman) (#2673)
## what- Renamed the homepage runtime stylesheet from
landing-redesign.csstolanding-runtime.css. - Updated the homepage import to use the new runtime stylesheet name.
- Tightened mobile and tablet hero CSS so the homepage content keeps consistent left/right gutters and CTA elements stay within the content column.
- Added a more compact phone hero by reducing vertical spacing, scaling mobile type, hiding the heavier demo/runs band on small screens, centering the overall mobile content column, placing cloud logos in the whitespace to the right of the value props, and centering the CTA row.
- Optimized the mobile AI section by hiding the decorative badge, reducing text scale/line-height, tightening spacing, and using left-aligned copy on phones.
why
- Makes the stylesheet name describe the current homepage theme instead of a past redesign event.
- Fixes the mobile homepage hero feeling clipped or overly left-aligned on narrow viewports without making the lower action area look disconnected.
- Helps the primary mobile hero and AI section content fit better above the fold on common devices.
- Protects the runtime hero from legacy broad landing-page header rules at responsive breakpoints.
references
- Validation: pre-commit hooks passed during commit.
- Validation: Docusaurus dev server compiled successfully with
src/css/landing-runtime.cssandAISection/styles.css. - Validation:
postcss.parsepassed for the updated CSS files.
Summary by CodeRabbit
- New Features
- Updated the landing page to use the runtime-themed stylesheet, including refreshed “New”/“Pro” badge styling and a reworked hero layout/spacing.
- Bug Fixes
- Improved mobile responsiveness for the AI section and landing hero by refining typography, alignment, spacing, and gaps.
- Prevented CTA/content overflow on smaller screens and hid non-essential hero visuals to improve readability.
- Tests
- Updated demo-globs test expectations to reflect the removed Docker Compose file.
- Adjusted proxy test server shutdown cleanup behavior.
feat: native Kubernetes components with GitOps deployment-repo delivery Erik Osterman (Cloud Posse) (@osterman) (#2607)
## what- Native
kubernetescomponent type. Define Kubernetes objects in stacks and runatmos kubernetes render|diff|plan|apply|deploy|delete <component> -s <stack>through the Kubernetes Go SDKs (server-side apply) — nokubectlorkustomizebinary required. - Inputs can be inline
manifests, files/directories (paths), and Kustomize overlays; full stack semantics (vars/env/auth/metadata/inheritance/overrides),--all/--affectedDAG ordering, Atmos Auth (e.g. EKS) integration, and dotted lifecycle hooks (before/after.kubernetes.*). - GitOps delivery via
provision.targets.apply/deploydeliver to a target selected bykind:kubernetesapplies to the cluster (default),gitrenders the manifests and commits them to a managed Git deployment repository (Argo CD/Flux source-of-truth) instead. Selected with--target(precedence:--target→provision.default→ implicit cluster), so existing components are unaffected. - New reusable, component-agnostic target-provisioner registry (
pkg/provisioner/target, registry pattern) + aProvisionArtifactmodel. The git target composes thepkg/gitservice: clone-reconcile agit.repositories.<name>, replace the managed templatedpathwith the rendered files, path-scoped commit with provenance trailers, and push-with-retry. Credentials come from Atmos Auth (GitHub STS);pull_requestpublishing is deferred. - Schema, LSP, docs, examples, changelog. Typed
kubernetescomponent andprovision.targetsin Go schema and both JSON schemas; LSP; command/config/stack docs;examples/kubernetesandexamples/kustomize; a changelog blog post and a roadmap milestone.
why
- Kubernetes should be orchestrated by the same stack-based engine as Terraform/Helmfile/Ansible — one set of inheritance, auth, and affected-detection — rather than shelling out to
kubectl/kustomizefrom glue scripts. - GitOps pipelines have always needed ad hoc glue to render manifests into a deployment repo, commit, survive push races, and wire credentials. Atmos already owns rendering, lifecycle events, and authentication, so
provision.targetsadds the delivery step with centralized safety rules — the same component config can apply to a cluster in dev and publish to a GitOps repo in prod with one flag.
references
- Builds on the Atmos Git foundational capability (#2597), now merged into
main, which provides the reusablepkg/gitservice andgit.repositoriesconfiguration consumed by the git target. - Docs: Kubernetes component,
atmos kubernetes.
Summary by CodeRabbit
- New Features
- Added native Kubernetes component support with
atmos kubernetescommands:render,diff/plan,apply/deploy,delete, andvalidate(plusk8salias). - Added server-side diff/validate and GitOps-style delivery targets for applying manifests to either clusters or Git repositories.
- Added native Kubernetes component support with
- Bug Fixes
- Improved Kubernetes affected selection, component path resolution, and config merging; refined Kubernetes diff masking/summaries (including Secret redaction).
- Documentation
- Expanded CLI, configuration, CI, and examples for Kubernetes and local GitOps workflows.