v1.223.0-rc.1
Pre-release
Pre-release
🚀 Enhancements
Split help command sections and redesign error formatting Erik Osterman (Cloud Posse) (@osterman) (#2678)
## what- Split help output into
BUILT-IN COMMANDSandCUSTOM COMMANDS, while keeping config aliases in the dedicatedALIASESsection. - Redesign error formatting so explanations render without a heading as styled callouts, and hints render as standalone
💡action lines. - Reclassified clear hint/explanation misuses and regenerated affected CLI snapshots.
why
- Makes command help clearer by separating Atmos built-ins from commands loaded from configuration.
- Makes error output distinguish diagnostic context from remediation steps without noisy section headers.
- Keeps fallback/non-colored help and error paths consistent with the primary renderer.
references
- Validation:
go test ./errors,go test ./cmd, targeted CLI snapshot checks, fullTestCLICommandssnapshot regeneration, and pre-commit hooks.
Summary by CodeRabbit
-
New Features
atmos --helpnow groups commands into BUILT-IN COMMANDS and CUSTOM COMMANDS (with clearer alignment and sectioning).
-
Bug Fixes
- Error output formatting is more consistent: reduced/cleaned spacing, normalized trailing newlines, and improved “explanation vs guidance” rendering.
- Many missing/invalid-context messages now surface as explanations (with guidance/hints shown more consistently), and
--help/command errors reflect the updated layout.
Fix GitHub artifact signed URL download Erik Osterman (Cloud Posse) (@osterman) (#2683)
## what- Fetch GitHub artifact REST redirect signed blob URLs with the unauthenticated blob client instead of the OAuth-backed GitHub API client.
- Reuse the signed blob status/body handling before zip extraction for both runtime and REST artifact download paths.
- Add regression coverage for REST fallback downloads where a signed blob endpoint rejects requests carrying an
Authorizationheader.
why
- GitHub's REST artifact download endpoint redirects to a signed blob URL that can reject extra GitHub authorization headers and return non-zip XML.
- This fixes completed-run planfile downloads so deploy verification receives the uploaded artifact zip instead of passing an error response to the zip reader.
references
- Closes #2680
Summary by CodeRabbit
- Bug Fixes
- Improved artifact downloads so redirected blob content is fetched reliably.
- Prevented authentication headers from being sent to the final blob download endpoint.
- Enhanced download failures to include the server’s response message, making errors easier to understand.
Fix native CI dogfood regressions Erik Osterman (Cloud Posse) (@osterman) (#2681)
## what- Fix native CI bootstrap so
atmos git clonecan run before repo-local profile/config files exist, and make the cache action fail fast when Atmos cache metadata is missing. - Add regressions and fixes for local backend
pathstate reads, remote source-provisioned lock persistence, Dockerpython3, Aqua latest lookup fallback, and emulator job-container networking. - Attach emulator containers to the current GitHub job container network with aliases so Terraform can reach emulator endpoints without a nested
docker run --network hostwrapper.
why
- Dogfooding Atmos native CI exposed release gaps across checkout bootstrap, cache setup, Terraform fixture state reads, source-provisioned workdirs, inherited toolchain installs, and emulator endpoint resolution.
- These changes let GitHub Actions run the Atmos image as the job container while still using the host Docker socket for emulator-backed Terraform tests.
references
- Dogfood PR: cloudposse-examples/atmos-native-ci#49
Summary by CodeRabbit
- New Features
- Added support for container network attachments with per-network DNS aliases.
- Improved emulator endpoint resolution to use container/GitHub Actions network aliasing.
- Added support for overriding Terraform local backend state file paths.
- Bug Fixes
- Improved CI
git clonebootstrap handling during configuration initialization. - Added validation for cache metadata before saving cache.
- Retry unauthenticated toolchain registry requests after a forbidden response.
- Disabled per-instance lock persistence for remote workdir sources.
- Improved CI
- Chores
- Updated CI workflow settings and ensured Python 3 is available in the Docker image.