Releases: runatlantis/atlantis
v0.8.3
Description
This release contains an important security fix in addition to some fixes and
changes for Terraform Cloud/Enterprise users. It's highly recommended that all
Atlantis users upgrade to this release. See the Security
section below for more details.
Security
- Additional arguments specified in Atlantis comments, ex.
atlantis plan -- -var=foo=bar
are now escaped before being appended to the relevant Terraform command. (Fixes #697).
Previously, a comment likeatlantis plan -- -var=$(touch foo)
would execute
thetouch foo
command because the extra arguments weren't being escaped properly.
This means anyone with comment access to an Atlantis repo could execute arbitrary
code. Because of the severity of this issue, all users should upgrade to this version. - Upgrade to latest version of Alpine Linux in our Docker image to mitigate
vulnerabilities found in libssh2. (Fixes #687)
Features
- Upgrade Terraform to 0.12.3 in our base Docker image.
- Additional arguments specified in Atlantis comments, ex.
atlantis plan -- -var=foo=bar
are now available in custom run steps as theCOMMENT_ARGS
environment variable. (Fixes #670) - A new flag
--tfe-hostname
is available for specifying a Terraform Enterprise private installation's hostname
when using the remote backend integration. (#706)
Bugfixes
- Parse Bitbucket Cloud pull request rejected events properly. (Fixes #676)
- Terraform >= 0.12.0 works with Terraform Cloud/Enterprise remote operations. (Fixes #704)
Backwards Incompatibilities / Notes:
- If you were previously relying on being able to execute code in the additional
arguments of comments, ex.atlantis plan -- -var='foo=$(echo $SECRET)'
this
is no longer possible. Instead you will need to write a custom workflow with a
custom step or the extra_args config. - If you're using the Atlantis Docker image and aren't setting the
--default-tf-version
flag
then the default version of Terraform will now be 0.12.3. Simply set the above
flag to your desired default version to avoid any issues.
Docker
Diff v0.8.2..v0.8.3
v0.8.2
v0.8.2
Description
Small bugfix release for Bitbucket Cloud users running with "require mergeable".
Features
- Update default Terraform version to 0.12.1.
- Include directory in Slack message (#660).
Bugfixes
- Atlantis would not allow applies for all Bitbucket Cloud pull requests if running with "require mergeable"
even if the pull request was mergeable due to an API change. (Fixes #672)
Backwards Incompatibilities / Notes:
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-version
flag
then the default version of Terraform will now be 0.12.1. Simply set the above
flag to your desired default version to avoid any issues.
Docker
Diff v0.8.1..v0.8.2
v0.8.1
v0.8.1
Description
Small bugfix release for Bitbucket Cloud users running with require approval.
Features
None
Bugfixes
- Atlantis would panic when checking if pull requests were approved for Bitbucket
Cloud due to an API change. (Fixes #652)
Backwards Incompatibilities / Notes:
None
Docker
Diff v0.8.0..v0.8.1
v0.8.0
v0.8.0
Description
This release upgrades the default version of Terraform to 0.12.
If you're running Atlantis with the --default-tf-version
flag set (which
you always should) then this won't affect you at all.
Features
- Upgrade default Terraform version to 0.12
- Add new
--disable-apply-all
flag that disables runningatlantis apply
without any flags. (#645)
Bugfixes
None
Backwards Incompatibilities / Notes:
- If you're using the Atlantis Docker image and aren't setting the
--default-tf-version
flag
then the default version of Terraform will now be 0.12. Simply set the above
flag to your desired default version of Terraform and 0.12 won't be used.
Docker
Diff v0.7.2..v0.8.0
v0.7.2
v0.7.2
Description
Small release containing an important security fix and some bugfixes.
Features
None
Bugfixes
- Atlantis would post its Git credentials as pull request comment and in logs if the git clone failed. (Fixes #615)
- Atlantis would comment the same output twice during errors of custom run steps. (Fixes #519)
atlantis testdrive
had unreadable output on solarized terminals. (Fixes #575)
Backwards Incompatibilities / Notes:
None
Docker
Diff v0.7.1..v0.7.2
v0.7.1
v0.7.1
Description
Small bugfix release to fix an issue when using --checkout-strategy=merge
.
Features
PROJECT_NAME
is now available as an environment variable to customrun
steps. (#578)
Bugfixes
- Fix deleting unapplied plans when
--checkout-strategy=merge
is used. (Fixes #582)
Backwards Incompatibilities / Notes:
None
Docker
Diff v0.7.0..v0.7.1
v0.7.0
Description
This release implements Server-Side Repo Config which allows users to write
atlantis.yaml
-style config on the server rather than in individual repos.
The Server Side config also allow Atlantis operators to control what individual
repos can do in their atlantis.yaml
files. Read docs for more details.
Features
- Server-Side Repo Config. Read docs
and use cases for full details. (#47)- New flag
atlantis server
flag--repo-config
for specifying the
repo config file . - New flag
--repo-config-json
for specifying the repo config as a JSON string
instead of having to write a config file to disk. - All repos can now create
atlantis.yaml
files to configure their projects,
however by default, those files can't create custom workflows or set Apply
Requirements.
- New flag
- New version
3
ofatlantis.yaml
fixes a small issue with how we were parsing
customrun
steps. Previously we were doing additional parsing which caused some
users to have to add extra escaping to their commands. Now this is no longer
required. See the Backwards Compatibility section for more details.
Bugfixes
- Fix bug where running
atlantis apply
to apply all outstanding plans wouldn't work if
you had more than one project defined in the exact same directory and workspace. (Fixes #365)
Backwards Incompatibilities / Notes:
-
The server-side config changes are fully backwards compatible. The biggest
difference is that all repos can now createatlantis.yaml
files, but without
being able to create custom workflows or set apply requirements. This will
allow users to configure their projects, workspaces and terraform versions
at a repo level without enabling those repos to run custom code or circumvent
apply requirements set server-side. -
atlantis.yaml
has a new version3
. If you continue to use version2
, you
will experience no changes. If you want to upgrade to version3
, then
if you're not using any customrun
steps in your workflows you can upgrade
the version number without additional changes.If you are using
run
steps, check our upgrade guide
to see if you need to make any changes before upgrading. -
Flags
--require-approval
,--require-mergeable
and--allow-repo-config
are
deprecated in favour of creating a server-side repo config file that applies
the same configuration. If you runatlantis server
with those flags, a
deprecation warning will be printed telling you what server-side config is
recommended instead. -
If you have projects configured with the same directory and workspace (which means
you're probably using the-backend-config
flag) and their names contain/
's,
then you'll have to re-runatlantis plan
after upgrading if you had any unapplied plans.An example of what config would mean you need to re-plan:
projects: - name: name/with/slashes dir: samedir workflow: a - name: another/with/slashes dir: samedir workflow: b a: plan: steps: - run: rm -rf .terraform - init: extra_args: [-backend-config=staging.backend.tfvars] - plan b: plan: steps: - run: rm -rf .terraform - init: extra_args: [-backend-config=staging.backend.tfvars] - plan
Docker
Diff v0.6.0..v0.7.0
v0.7.0-alpha1
v0.6.0
Description
This release introduces a new flag --default-tf-version=<version>
that allows users
to set the version of Terraform that Atlantis defaults to. Atlantis will automatically
download that version on startup so users don't need to build their own custom
Docker images.
Atlantis will also now automatically download any Terraform version specified in
atlantis.yaml
:
version: 2
projects:
- dir: .
terraform_version: v0.12.0-beta1 # Will be downloaded automatically.
Features
- New flag:
--default-tf-version=<version>
will cause Atlantis to automatically download
and use that version of Terraform by default. Atlantis will also automatically
download terraform versions specified inatlantis.yaml
via theterraform_version
config key. (#538) - New status check names mean that the Atlantis checks will appear together (at least on GitHub).
(#545) - Upgrade base Docker image to use Alpine 3.9. Alpine 3.9 mitigates
CVE-2018-19486. (#541)
Bugfixes
None
Backwards Incompatibilities / Notes:
-
Our Docker image
runatlantis/atlantis
has Terraformv0.11.13
now. If you
use the new flag--default-tf-version=<desired version>
then you won't
be affected by this change (nor for subsequent version upgrades). -
The Atlantis status checks have been renamed from what they looked like in
v0.5.*
.
Previously the names were:plan/atlantis
andapply/atlantis
. Now the
names areatlantis/plan
andatlantis/apply
.This change will only affect you if you're requiring those status checks to pass via a setting in
your Git host (ex. via GitHub protected branches). If so, you'll need to change
your settings to require the new names to pass and un-require the old names.If you were on a version lower than
v0.5.*
then read the backwards compatiblity
notes for release0.5.0
.NOTE from the maintainer: I take backwards compatibility seriously and I
apologize that the status checks are changing again so soon after the 0.5 release
also changed them. I know that if you have many repos and require the checks
to pass that it is a large task to change them all again.In this case, I decided that the tradeoff was worth it because the
0.5 release has only been out for a couple of weeks so hopefully not everyone
has upgraded to it. The new check names makes them a lot easier to read
(at least on GitHub) because they appear next to each other now due to
alphabetical sorting. In this case I felt like it was better to get this change
done as soon as possible rather than having this annoying UX issue stay around
forever.
Docker
Diff v0.5.1..v0.6.0
v0.5.1
v0.5.1
Description
This is a bugfix release to fix a bug where Atlantis was replying to comments
that weren't directed to it.
Diff: v0.5.0...v0.5.1
Features
- On Bitbucket Cloud and Server, Atlantis now responds if it's invoked with the
username it's running under, ex. @my-bb-atlantis-user. This is the same
functionality as GitHub and GitLab. (#534)
Bugfixes
- Atlantis ignore comments that aren't addressed to it. (Fixes #533)
Backwards Incompatibilities / Notes:
- On Bitbucket Cloud and Server, Atlantis now responds if it's invoked with the
username it's running under, ex. @my-bb-atlantis-user. This is the same
functionality as GitHub and GitLab.