v0.8.3

Description

This release contains an important security fix in addition to some fixes and
changes for Terraform Cloud/Enterprise users. It's highly recommended that all
Atlantis users upgrade to this release. See the Security
section below for more details.

Security

• Additional arguments specified in Atlantis comments, ex. atlantis plan -- -var=foo=bar
  are now escaped before being appended to the relevant Terraform command. (Fixes #697).
  Previously, a comment like atlantis plan -- -var=$(touch foo) would execute
  the touch foo command because the extra arguments weren't being escaped properly.
  This means anyone with comment access to an Atlantis repo could execute arbitrary
  code. Because of the severity of this issue, all users should upgrade to this version.
• Upgrade to latest version of Alpine Linux in our Docker image to mitigate
  vulnerabilities found in libssh2. (Fixes #687)

Features

• Upgrade Terraform to 0.12.3 in our base Docker image.
• Additional arguments specified in Atlantis comments, ex. atlantis plan -- -var=foo=bar
  are now available in custom run steps as the COMMENT_ARGS environment variable. (Fixes #670)
• A new flag --tfe-hostname is available for specifying a Terraform Enterprise private installation's hostname
  when using the remote backend integration. (#706)

Bugfixes

• Parse Bitbucket Cloud pull request rejected events properly. (Fixes #676)
• Terraform >= 0.12.0 works with Terraform Cloud/Enterprise remote operations. (Fixes #704)

Backwards Incompatibilities / Notes:

• If you were previously relying on being able to execute code in the additional
  arguments of comments, ex. atlantis plan -- -var='foo=$(echo $SECRET)' this
  is no longer possible. Instead you will need to write a custom workflow with a
  custom step or the extra_args config.
• If you're using the Atlantis Docker image and aren't setting the --default-tf-version flag
  then the default version of Terraform will now be 0.12.3. Simply set the above
  flag to your desired default version to avoid any issues.

Docker

runatlantis/atlantis:v0.8.3

Diff v0.8.2..v0.8.3

v0.8.2...v0.8.3

v0.8.2

v0.8.2

Description

Small bugfix release for Bitbucket Cloud users running with "require mergeable".

Features

• Update default Terraform version to 0.12.1.
• Include directory in Slack message (#660).

Bugfixes

• Atlantis would not allow applies for all Bitbucket Cloud pull requests if running with "require mergeable"
  even if the pull request was mergeable due to an API change. (Fixes #672)

Backwards Incompatibilities / Notes:

• If you're using the Atlantis Docker image and aren't setting the --default-tf-version flag
  then the default version of Terraform will now be 0.12.1. Simply set the above
  flag to your desired default version to avoid any issues.

Docker

runatlantis/atlantis:v0.8.2

Diff v0.8.1..v0.8.2

v0.8.1...v0.8.2

v0.8.1

v0.8.1

Description

Small bugfix release for Bitbucket Cloud users running with require approval.

Features

None

Bugfixes

• Atlantis would panic when checking if pull requests were approved for Bitbucket
  Cloud due to an API change. (Fixes #652)

Backwards Incompatibilities / Notes:

None

Docker

runatlantis/atlantis:v0.8.1

Diff v0.8.0..v0.8.1

v0.8.0...v0.8.1

v0.8.0

v0.8.0

Description

This release upgrades the default version of Terraform to 0.12.
If you're running Atlantis with the --default-tf-version flag set (which
you always should) then this won't affect you at all.

Features

• Upgrade default Terraform version to 0.12
• Add new --disable-apply-all flag that disables running atlantis apply
  without any flags. (#645)

Bugfixes

None

Backwards Incompatibilities / Notes:

• If you're using the Atlantis Docker image and aren't setting the --default-tf-version flag
  then the default version of Terraform will now be 0.12. Simply set the above
  flag to your desired default version of Terraform and 0.12 won't be used.

Docker

runatlantis/atlantis:v0.8.0

Diff v0.7.2..v0.8.0

v0.7.2...v0.8.0

v0.7.2

v0.7.2

Description

Small release containing an important security fix and some bugfixes.

Features

None

Bugfixes

• Atlantis would post its Git credentials as pull request comment and in logs if the git clone failed. (Fixes #615)
• Atlantis would comment the same output twice during errors of custom run steps. (Fixes #519)
• atlantis testdrive had unreadable output on solarized terminals. (Fixes #575)

Backwards Incompatibilities / Notes:

None

Docker

runatlantis/atlantis:v0.7.2

Diff v0.7.1..v0.7.2

v0.7.1...v0.7.2

v0.7.1

v0.7.1

Description

Small bugfix release to fix an issue when using --checkout-strategy=merge.

Features

• PROJECT_NAME is now available as an environment variable to custom run steps. (#578)

Bugfixes

• Fix deleting unapplied plans when --checkout-strategy=merge is used. (Fixes #582)

Backwards Incompatibilities / Notes:

None

Docker

runatlantis/atlantis:v0.7.1

Diff v0.7.0..v0.7.1

v0.7.0...v0.7.1

v0.7.0

Description

This release implements Server-Side Repo Config which allows users to write
atlantis.yaml-style config on the server rather than in individual repos.
The Server Side config also allow Atlantis operators to control what individual
repos can do in their atlantis.yaml files. Read docs for more details.

Features

• Server-Side Repo Config. Read docs
  and use cases for full details. (#47)
  • New flag atlantis server flag --repo-config for specifying the
    repo config file .
  • New flag --repo-config-json for specifying the repo config as a JSON string
    instead of having to write a config file to disk.
  • All repos can now create atlantis.yaml files to configure their projects,
    however by default, those files can't create custom workflows or set Apply
    Requirements.
• New version 3 of atlantis.yaml fixes a small issue with how we were parsing
  custom run steps. Previously we were doing additional parsing which caused some
  users to have to add extra escaping to their commands. Now this is no longer
  required. See the Backwards Compatibility section for more details.

Bugfixes

• Fix bug where running atlantis apply to apply all outstanding plans wouldn't work if
  you had more than one project defined in the exact same directory and workspace. (Fixes #365)

Backwards Incompatibilities / Notes:

• The server-side config changes are fully backwards compatible. The biggest
  difference is that all repos can now create atlantis.yaml files, but without
  being able to create custom workflows or set apply requirements. This will
  allow users to configure their projects, workspaces and terraform versions
  at a repo level without enabling those repos to run custom code or circumvent
  apply requirements set server-side.

• atlantis.yaml has a new version 3. If you continue to use version 2, you
  will experience no changes. If you want to upgrade to version 3, then
  if you're not using any custom run steps in your workflows you can upgrade
  the version number without additional changes.

  If you are using run steps, check our upgrade guide
  to see if you need to make any changes before upgrading.

• Flags --require-approval, --require-mergeable and --allow-repo-config are
  deprecated in favour of creating a server-side repo config file that applies
  the same configuration. If you run atlantis server with those flags, a
  deprecation warning will be printed telling you what server-side config is
  recommended instead.

• If you have projects configured with the same directory and workspace (which means
  you're probably using the -backend-config flag) and their names contain /'s,
  then you'll have to re-run atlantis plan after upgrading if you had any unapplied plans.

  An example of what config would mean you need to re-plan:

  projects:
  - name: name/with/slashes
    dir: samedir
    workflow: a
  - name: another/with/slashes
    dir: samedir
    workflow: b
  a:
     plan:
       steps:
       - run: rm -rf .terraform
       - init:
           extra_args: [-backend-config=staging.backend.tfvars]
       - plan
  b:
     plan:
       steps:
       - run: rm -rf .terraform
       - init:
           extra_args: [-backend-config=staging.backend.tfvars]
       - plan

Docker

runatlantis/atlantis:v0.7.0

Diff v0.6.0..v0.7.0

v0.6.0...v0.7.0

v0.7.0-alpha1

⚠️ Alpha Release ⚠️ for testing server-side config.

v0.6.0

Description

This release introduces a new flag --default-tf-version=<version> that allows users
to set the version of Terraform that Atlantis defaults to. Atlantis will automatically
download that version on startup so users don't need to build their own custom
Docker images.

Atlantis will also now automatically download any Terraform version specified in
atlantis.yaml:

version: 2
projects:
- dir: .
  terraform_version: v0.12.0-beta1 # Will be downloaded automatically.

Features

• New flag: --default-tf-version=<version> will cause Atlantis to automatically download
  and use that version of Terraform by default. Atlantis will also automatically
  download terraform versions specified in atlantis.yaml via the terraform_version
  config key. (#538)
• New status check names mean that the Atlantis checks will appear together (at least on GitHub).
  (#545)
• Upgrade base Docker image to use Alpine 3.9. Alpine 3.9 mitigates
  CVE-2018-19486. (#541)

Bugfixes

None

Backwards Incompatibilities / Notes:

• Our Docker image runatlantis/atlantis has Terraform v0.11.13 now. If you
  use the new flag --default-tf-version=<desired version> then you won't
  be affected by this change (nor for subsequent version upgrades).

• The Atlantis status checks have been renamed from what they looked like in v0.5.*.
  Previously the names were: plan/atlantis and apply/atlantis. Now the
  names are atlantis/plan and atlantis/apply.

  This change will only affect you if you're requiring those status checks to pass via a setting in
  your Git host (ex. via GitHub protected branches). If so, you'll need to change
  your settings to require the new names to pass and un-require the old names.

  If you were on a version lower than v0.5.* then read the backwards compatiblity
  notes for release 0.5.0.

  NOTE from the maintainer: I take backwards compatibility seriously and I
  apologize that the status checks are changing again so soon after the 0.5 release
  also changed them. I know that if you have many repos and require the checks
  to pass that it is a large task to change them all again.

  In this case, I decided that the tradeoff was worth it because the
  0.5 release has only been out for a couple of weeks so hopefully not everyone
  has upgraded to it. The new check names makes them a lot easier to read
  (at least on GitHub) because they appear next to each other now due to
  alphabetical sorting. In this case I felt like it was better to get this change
  done as soon as possible rather than having this annoying UX issue stay around
  forever.

Docker

runatlantis/atlantis:v0.6.0

Diff v0.5.1..v0.6.0

v0.5.1...v0.6.0

v0.5.1

v0.5.1

Description

This is a bugfix release to fix a bug where Atlantis was replying to comments
that weren't directed to it.

Diff: v0.5.0...v0.5.1

Features

• On Bitbucket Cloud and Server, Atlantis now responds if it's invoked with the
  username it's running under, ex. @my-bb-atlantis-user. This is the same
  functionality as GitHub and GitLab. (#534)

Bugfixes

• Atlantis ignore comments that aren't addressed to it. (Fixes #533)

Backwards Incompatibilities / Notes:

• On Bitbucket Cloud and Server, Atlantis now responds if it's invoked with the
  username it's running under, ex. @my-bb-atlantis-user. This is the same
  functionality as GitHub and GitLab.

Docker

runatlantis/atlantis:v0.5.1