Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conftest checks all repositories even when specified for a single repo #3431

Closed
rodrigocustodio92 opened this issue May 22, 2023 · 0 comments 路 Fixed by #3503
Closed

Conftest checks all repositories even when specified for a single repo #3431

rodrigocustodio92 opened this issue May 22, 2023 · 0 comments 路 Fixed by #3503
Labels
bug Something isn't working

Comments

@rodrigocustodio92
Copy link

rodrigocustodio92 commented May 22, 2023
edited

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

I created a new repository id with a new workflow to test the conftest policies, but when I make any changes to any repo it checks all repositories.
New repo id: github.com/Myorg/terraform
New workflow: custom

Environment details

  • Atlantis version: 0.23.1
  • Deployment method: ecs/eks/helm/tf module

Repo atlantis.yaml file:

repos:
  - id: github.com/Myorg/terraform
    # apply_requirements sets the Apply Requirements for all repos that match.
    apply_requirements: [mergeable ]
    workflow: custom
    allowed_overrides: [workflow]
    allowed_workflows: [custom]
    delete_source_branch_on_merge: true
    pre_workflow_hooks:
      - run: | 
          /usr/bin/git clone -b staging https://github.com/Myorg/terraform.git /tmp/atlantis/policies/
  - id: /.*/
    # apply_requirements sets the Apply Requirements for all repos that match.
    apply_requirements: [mergeable, approved]
    workflow: terraform
    allowed_overrides: [workflow]
    allowed_workflows: [terraform,terragrunt]
    delete_source_branch_on_merge: true
policies:
  owners:
    users:
      - user
  policy_sets:
    - name: example-conf-tests
      path: /tmp/atlantis/policies/conftest
      source: local
workflows:
  terraform:
    plan:
      steps: [init, plan]
    apply:
      steps: [apply]
  terragrunt:
    plan:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - env:
            name: TF_CLI_ARGS
            value: '-no-color'
        - run: terragrunt plan -out=$PLANFILE
        - run: terragrunt show -json $PLANFILE > $SHOWFILE
    apply:
      steps:
        - env:
            name: TERRAGRUNT_TFPATH
            command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
        - env:
            name: TF_CLI_ARGS
            value: '-no-color'
        - run: terragrunt apply $PLANFILE
  custom:
    plan:
      steps: [init, plan]
    policy_check:
      steps:
        - show
        - policy_check:
            extra_args: ["--update", "-p", "/tmp/atlantis/policies/conftest/", "--all-namespaces"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Disable policy check on some repositories AndreZiviani/atlantis
1 participant
@rodrigocustodio92