Atlantis: --hide-prev-plan-comments flag fails to hide prev comments if using Github App

Created on 19 Aug 2020 · 7Comments · Source: runatlantis/atlantis

Problem

I have ATLANTIS_HIDE_PREV_PLAN_COMMENTS=true and running 0.15.0 as a github app in ECS Fargate. I run plan manually in my repo using the following.

atlantis plan -d iam-policies/engineer

When I run that multiple times in the same PR, it does not hide my previous plan comments.

Configuration

I have the following env vars setup in my module.

  custom_environment_variables = [
    {
      "name" : "ATLANTIS_WRITE_GIT_CREDS",
      "value" : "true",
    },
    {
      "name" : "ATLANTIS_HIDE_PREV_PLAN_COMMENTS",
      "value" : "true",
    },
    {
      "name" : "ATLANTIS_LOG_LEVEL",
      "value" : "debug",
    },
    # set default version
    {
      "name" : "ATLANTIS_DEFAULT_TF_VERSION",
      "value" : local.terraform_version,
    },
    {
      "name" : "DEFAULT_TERRAFORM_VERSION",
      "value" : local.terraform_version,
    },
    # for the github bot
    {
      "name" : "ATLANTIS_GH_APP_ID",
      "value" : "12345",
    },
    {
      "name" : "ATLANTIS_GH_APP_KEY_FILE",
      "value" : "/home/atlantis/atlantis-app-key.pem",
    },
  ]

and my server atlantis.yaml is

# https://www.runatlantis.io/docs/server-configuration.html#repo-config-json
repos:
  - # apply config to repos matching this regex
    id: /.*/
    # allow repo level custom workflows
    allow_custom_workflows: true
    # allow repo level configs to override the following
    allowed_overrides:
      - apply_requirements
      - workflow
    # `terraform apply` requires the PR to be
    apply_requirements:
      - approved
      # - mergeable
    workflow: default
    terraform_version: 0.12.29
# custom workflows
# https://www.runatlantis.io/docs/server-side-repo-config.html#allow-repos-to-choose-a-server-side-workflow
workflows:
  default:
    apply:
      steps:
        # - apply
        - run: echo 'Apply is disabled for now. Please apply locally or contact dev_ops / noc_ops slack channels'
        - run: if [ `cat /home/atlantis/users | grep -i "^$USERNAME$" | wc -l` != 1 ]; then echo "Not in users file" && exit 1; else echo "Authenticated"; fi
    plan:
      steps:
        - init
        - run: echo 'Running tflint...' && tflint
        - run: echo 'Running checkov...' && checkov --quiet -d .
        - plan

Logs

$ ecs-cli logs --cluster atlantis --task-id mytaskid | grep 'terraform_scripts#319'
2020/08/19 13:04:20+0000 [DBUG] project_command_builder.go:204 ghorg/terraform_scripts#319: Building plan command
2020/08/19 13:04:20+0000 [DBUG] project_command_builder.go:211 ghorg/terraform_scripts#319: Cloning repository
2020/08/19 13:04:20+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:30 ghorg/terraform_scripts#319: Wrote git credentials to /home/atlantis/.git-credentials
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:60 ghorg/terraform_scripts#319: Successfully ran git config --global credential.helper store
2020/08/19 13:04:20+0000 [INFO] git_cred_writer.go:66 ghorg/terraform_scripts#319: Successfully ran git config --global url.https://[email protected] ssh://[email protected]
2020/08/19 13:04:20+0000 [INFO] working_dir.go:172 ghorg/terraform_scripts#319: Creating dir "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default"
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:238 ghorg/terraform_scripts#319: Ran: git clone --branch engineer-assume --depth=1 --single-branch https://:<redacted>@github.com/ghorg/terraform_scripts.git /home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default. Output: Cloning into '/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default'...
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:189 ghorg/terraform_scripts#319: Building config based on server-side config
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allowed_overrides: [apply_requirements,workflow] from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allow_custom_workflows: true from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting apply_requirements: [approved] from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting workflow: "default" from repos[1], id: /.*/
2020/08/19 13:04:21+0000 [INFO] project_command_builder.go:483 ghorg/terraform_scripts#319: Cannot determine which version to use from terraform configuration, detected 2 possibilities.
2020/08/19 13:04:21+0000 [INFO] project_locker.go:80 ghorg/terraform_scripts#319: Acquired lock with id "ghorg/terraform_scripts/iam-policies/engineer/default"
2020/08/19 13:04:21+0000 [DBUG] project_command_runner.go:144 ghorg/terraform_scripts#319: Acquired lock for project
2020/08/19 13:04:21+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:04:21+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:04:21+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:04:32+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:32+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running tflint...' && tflint" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:36+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running checkov...' && checkov --quiet -d ." in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:36+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 workspace show" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:54+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 plan -input=false -refresh -no-color -out \"/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer/default.tfplan\"" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:04:55+0000 [DBUG] command_runner.go:584 ghorg/terraform_scripts#319: Updating DB with pull results
2020/08/19 13:05:31+0000 [DBUG] project_command_builder.go:204 ghorg/terraform_scripts#319: Building plan command
2020/08/19 13:05:31+0000 [DBUG] project_command_builder.go:211 ghorg/terraform_scripts#319: Cloning repository
2020/08/19 13:05:31+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:05:31+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:189 ghorg/terraform_scripts#319: Building config based on server-side config
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting apply_requirements: [approved] from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting workflow: "default" from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allowed_overrides: [apply_requirements,workflow] from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [DBUG] global_cfg.go:319 ghorg/terraform_scripts#319: Setting allow_custom_workflows: true from repos[1], id: /.*/
2020/08/19 13:05:31+0000 [INFO] project_command_builder.go:483 ghorg/terraform_scripts#319: Cannot determine which version to use from terraform configuration, detected 2 possibilities.
2020/08/19 13:05:31+0000 [INFO] project_locker.go:80 ghorg/terraform_scripts#319: Acquired lock with id "ghorg/terraform_scripts/iam-policies/engineer/default"
2020/08/19 13:05:31+0000 [DBUG] project_command_runner.go:144 ghorg/terraform_scripts#319: Acquired lock for project
2020/08/19 13:05:31+0000 [INFO] github_app_working_dir.go:26 ghorg/terraform_scripts#319: Refreshing git tokens for Github App
2020/08/19 13:05:31+0000 [DBUG] git_cred_writer.go:37 ghorg/terraform_scripts#319: Git credentials file has expected contents, not modifying
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:84 ghorg/terraform_scripts#319: Clone directory "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default" already exists, checking if it's at the right commit
2020/08/19 13:05:31+0000 [DBUG] working_dir.go:107 ghorg/terraform_scripts#319: Repo is at correct commit "6b8d7c2c3726db1431ce9b92d7728d664940e5bc" so will not re-clone
2020/08/19 13:05:36+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 init -input=false -no-color -upgrade" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:36+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running tflint...' && tflint" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:40+0000 [INFO] run_step_runner.go:74 ghorg/terraform_scripts#319: Successfully ran "echo 'Running checkov...' && checkov --quiet -d ." in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:40+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 workspace show" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:58+0000 [INFO] terraform_client.go:235 ghorg/terraform_scripts#319: Successfully ran "/usr/local/bin/terraform0.12.29 plan -input=false -refresh -no-color -out \"/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer/default.tfplan\"" in "/home/atlantis/.atlantis/repos/ghorg/terraform_scripts/319/default/iam-policies/engineer"
2020/08/19 13:05:59+0000 [DBUG] command_runner.go:584 ghorg/terraform_scripts#319: Updating DB with pull results

https://github.com/runatlantis/atlantis/issues/1009

Source

nitrocode

👍11

Most helpful comment

# server configuration file
atlantis_hide_prev_plan_comments: "true"
hide_prev_plan_comments: "true"
atlantis-hide-prev-plan-comments: "true"
hide-prev-plan-comments: "true"

# Environment variable
ATLANTIS_HIDE_PREV_PLAN_COMMENTS  = "true"

# Docker image arguments
["server", "--hide-prev-plan-comments"]

And yet the GitHub comments do not hide...at this point I'm questioning my sanity! 😄

taiidani on 10 Nov 2020

👍4

All 7 comments

In my case I was using the Fargate Module and after reviewing the inputs I noticed that the value for atlantis_hide_prev_plan_comments defaults to false. It seems that setting overrides environment variables that are set in the docker image, which is where I set my env vars. It's possible that it overrides the custom_environment_variables argument as well.

Setting atlantis_hide_prev_plan_comments = "true" in the configuration solved the issue for me.

hoppalotta on 23 Oct 2020

I'm using the same module, latest version 2.24.0, and tried both ways, using the custom env var and the argument, but still seeing the same result.

nitrocode on 23 Oct 2020

# server configuration file
atlantis_hide_prev_plan_comments: "true"
hide_prev_plan_comments: "true"
atlantis-hide-prev-plan-comments: "true"
hide-prev-plan-comments: "true"

# Environment variable
ATLANTIS_HIDE_PREV_PLAN_COMMENTS  = "true"

# Docker image arguments
["server", "--hide-prev-plan-comments"]

And yet the GitHub comments do not hide...at this point I'm questioning my sanity! 😄

taiidani on 10 Nov 2020

👍4

I am using Atlantis with the GitHub application and I see the same behavior as above, comments doesn't hide. I don't see any errors in the logs. If you need more information, don't hesitate to ask.

We especially have plans on several comments.

We are running Atlantis v0.15.0 on GitHub with a Team plan and ownership of the app have been given to our organization.

arthur-leclerc on 10 Nov 2020

We just switched to using app authentication and are also seeing this error. Previously (yesterday) we were using token authentication and had no issues with this setting.