New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
plan_requirements (similar to apply_requirements) #2073
Comments
We are also very interested in As described here: https://www.runatlantis.io/docs/security.html#protect-terraform-planning, planning involves security risks similar to applying (i.e. by simply |
While not directly related to this, one of our passionate contributions has been working on For anything interested in contributing |
It looks like this is implemented in #2979 and scheduled to be released with v0.23.0. Unfortunately, the documentation was updated at the same time. So, it falsely appears to be available already. |
@hanpeter feel free to contribute a pr to say that it will be available in the upcoming release. You can also use the |
@hanpeter I thought I was going crazy tonight 馃槅 This is my first venture into Atlantis and I'm using the repos:
- id: /.*/
plan_requirements: [undiverged]
apply_requirements: [approved, mergeable, undiverged]
import_requirements: [approved, mergeable, undiverged] Per @nitrocode's comment, changing my dockerfile to pull from That's as far as I've gotten on this journey... getting it started. No idea if the rest of it works 馃槅 |
Community Note
"apply_requirements": ["mergeable"]
(with appropriate branch protection settings) is great for preventing accidental applying of a plan generated based on a branch that isn't up-to-date with changes in master. However, we still waste time and resources on planning those branches. Since the apply requirements prevent the plan from being applied without merging/rebasing the base branch, and since that merge/rebase will cause a new plan to be generated, running a plan before the merge/rebase is done serves no purpose.It would be great if there was a way to make atlantis refuse to run a plan if the branch is not up-to-date with all changes from the base branch. This way, we don't have locks held unnecessarily, for plans that can never be applied anyway, blocking other work from progressing.
The text was updated successfully, but these errors were encountered: