Releases: runatlantis/atlantis
Releases · runatlantis/atlantis
v0.3.4
Description
This release delivers some speed improvements through caching plugins and
not running terraform workspace select unnecessarily. In my testing it saves ~20s per run.
Features
- All config flags can now be specified by environment variables. Fixes (#38).
- Completed thanks to @psalaberria002!
- Run terraform with the
TF_PLUGIN_CACHE_DIRenv var set. Fixes (#34).- This will cache plugins and make
terraform initfaster. Terraform will still download new versions of plugins. See https://www.terraform.io/docs/configuration/providers.html#provider-plugin-cache for more details. - In my testing this saves >10s per run.
- This will cache plugins and make
- Run terraform with
TF_IN_AUTOMATION=trueso the output won't contain suggestions to run commands that you can't run via Atlantis. (#82). - Don't run
terraform workspace selectunless we actually need to switch workspaces. (#82).- In my testing this saves ~10s.
Bug Fixes
- Validate that workspace doesn't contain a path when running ex.
atlantis plan -w /jdlkj. This was already not a valid workspace name according to Terraform. (#78). - Error out if
ngrokis already running when runningatlantis bootstrap(#81).
Backwards Incompatibilities / Notes:
- None
v0.3.3
v0.3.2
Description
This release focused on some security issues reported by @eriksw, thanks Erik!
By default, Atlantis will be more secure now and you'll have to specify which repositories
you want it to work on.
Features
- New flag
--allow-fork-prsadded toatlantis servercontrols whether Atlantis will operate on pull requests from forks. Defaults tofalse.
This flag was added because on a public repository anyone could open up a pull request to your repo and use your Atlantis
install. - New mandatory flag
--repo-whitelistadded toatlantis servercontrols which repos Atlantis will operate on. This flag was added
so that if a webhook secret is compromised (or you're not using webhook secrets) Atlantis won't be used on repos you don't control. - Warn if running
atlantis serverwithout any webhook secrets set. This is dangerous because without a webhook secret, an attacker
could spoof requests to Atlantis. - Make CLI output more readable by setting a fixed column width.
Bug Fixes
- None
Backwards Incompatibilities / Notes:
- Must set
--allow-fork-prsnow if you want to run Atlantis on pull requests from forked repos. - Must set
--repo-whitelistin order to startatlantis server. Seeatlantis server --helpfor how that flag works.
v0.3.1
v0.3.0
Features
- Fix security issue where Atlantis wasn't escaping the optional "extra args" that could be appended to comments (#16)
- example exploit:
atlantis plan ; cat /etc/passwd
- example exploit:
- Atlantis moved to new repo:
atlantisrun/atlantis. Read why here - New -w/--workspace and -d/--dir flags in comments (#14)
- You can now specify which directory to plan/apply in, ex.
atlantis plan -d dir1/dir2
- You can now specify which directory to plan/apply in, ex.
- Better feedback from atlantis when asking for help via comments, ex.
atlantis plan -h
Bug Fixes
- Convert
--data-dirpaths to absolute from relative. Fixes (#245) - Don't run plan in the parent of
modules/unless there's amain.tfpresent. Fixes (#12)
Backwards Incompatibilities / Notes:
- You must use the
-wflag to specify a workspace when commenting now- Previously:
atlantis plan staging, now:atlantis plan -w staging
- Previously:
- You must use a double-dash between Atlantis flags and extra args to be appended to the terraform command
- Previously:
atlantis plan -target=resource, now:atlantis plan -- -target=resource
- Previously:
- Atlantis will no longer run
planin the parent directory ofmodules/unless there is amain.tfin that directory.
