Merge branch 'main' into skip_clone_no_changes_fork_prs

Author: jamengual

.github/workflows/atlantis-image.yml

@@ -241,6 +241,7 @@ jobs:
     strategy:
       matrix:
         image_type: [alpine, debian]
+        platform: [linux/arm64/v8, linux/amd64, linux/arm/v7]
     runs-on: ubuntu-24.04
     steps:
       - run: 'echo "No build required"'

.github/workflows/lint.yml

@@ -55,7 +55,7 @@ jobs:
           go-version-file: go.mod
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6
+        uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6
         with:
           # renovate: datasource=github-releases depName=golangci/golangci-lint
           version: v1.62.2

.github/workflows/test.yml

@@ -48,7 +48,7 @@ jobs:
     if: needs.changes.outputs.should-run-tests == 'true'
     name: Tests
     runs-on: ubuntu-24.04
-    container: ghcr.io/runatlantis/testing-env:latest@sha256:45ec58ba11af5196fb70ced526ccb1996f0e58a7dbd93f7dcba96eed49209583
+    container: ghcr.io/runatlantis/testing-env:latest@sha256:3d7b17d02ced2cb68ecc9d2ea3d2bef61fe8da52cf1631e4dff4de6503cb7237
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 

Dockerfile

@@ -5,15 +5,19 @@ ARG DEBIAN_TAG=12.8-slim@sha256:d365f4920711a9074c4bcd178e8f457ee59250426441ab2a
 ARG GOLANG_TAG=1.23.4-alpine@sha256:c23339199a08b0e12032856908589a6d41a0dab141b8b3b21f156fc571a3f1d3
 
 # renovate: datasource=github-releases depName=hashicorp/terraform versioning=hashicorp
-ARG DEFAULT_TERRAFORM_VERSION=1.10.3
+ARG DEFAULT_TERRAFORM_VERSION=1.10.4
 # renovate: datasource=github-releases depName=opentofu/opentofu versioning=hashicorp
 ARG DEFAULT_OPENTOFU_VERSION=1.8.8
 # renovate: datasource=github-releases depName=open-policy-agent/conftest
 ARG DEFAULT_CONFTEST_VERSION=0.56.0
 
 # Stage 1: build artifact and download deps
 
-FROM golang:${GOLANG_TAG} AS builder
+FROM --platform=$BUILDPLATFORM golang:${GOLANG_TAG} AS builder
+
+# These are automatically populated by Docker
+ARG TARGETOS
+ARG TARGETARCH
 
 ARG ATLANTIS_VERSION=dev
 ENV ATLANTIS_VERSION=${ATLANTIS_VERSION}
@@ -42,7 +46,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 COPY . /app
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    CGO_ENABLED=0 go build -trimpath -ldflags "-s -w -X 'main.version=${ATLANTIS_VERSION}' -X 'main.commit=${ATLANTIS_COMMIT}' -X 'main.date=${ATLANTIS_DATE}'" -v -o atlantis .
+    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -trimpath -ldflags "-s -w -X 'main.version=${ATLANTIS_VERSION}' -X 'main.commit=${ATLANTIS_COMMIT}' -X 'main.date=${ATLANTIS_DATE}'" -v -o atlantis .
 
 FROM debian:${DEBIAN_TAG} AS debian-base
 

package-lock.json

@@ -948,6 +948,25 @@ func TestGitHubWorkflowWithPolicyCheck(t *testing.T) {
 				{"exp-output-merge.txt"},
 			},
 		},
+		{
+			Description:                "1 failing policy and 1 passing policy with --quiet-policy-checks",
+			RepoDir:                    "policy-checks-multi-projects",
+			ModifiedFiles:              []string{"dir1/main.tf,", "dir2/main.tf"},
+			PolicyCheck:                true,
+			ExpAutoplan:                true,
+			ExpPolicyChecks:            true,
+			ExpQuietPolicyChecks:       true,
+			ExpQuietPolicyCheckFailure: true,
+			Comments: []string{
+				"atlantis apply",
+			},
+			ExpReplies: [][]string{
+				{"exp-output-autoplan.txt"},
+				{"exp-output-auto-policy-check-quiet.txt"},
+				{"exp-output-apply.txt"},
+				{"exp-output-merge.txt"},
+			},
+		},
 		{
 			Description:     "failing policy without policies passing using extra args",
 			RepoDir:         "policy-checks-extra-args",
@@ -1183,7 +1202,7 @@ func TestGitHubWorkflowWithPolicyCheck(t *testing.T) {
 			userConfig.EnablePolicyChecksFlag = c.PolicyCheck
 			userConfig.QuietPolicyChecks = c.ExpQuietPolicyChecks
 
-			ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t, c.RepoDir, setupOption{})
+			ctrl, vcsClient, githubGetter, atlantisWorkspace := setupE2E(t, c.RepoDir, setupOption{userConfig: userConfig})
 
 			// Set the repo to be cloned through the testing backdoor.
 			repoDir, headSHA := initializeRepo(t, c.RepoDir)
@@ -1274,13 +1293,13 @@ type setupOption struct {
 	allowCommands           []command.Name
 	disableAutoplan         bool
 	disablePreWorkflowHooks bool
+	userConfig              server.UserConfig
 }
 
 func setupE2E(t *testing.T, repoDir string, opt setupOption) (events_controllers.VCSEventsController, *vcsmocks.MockClient, *mocks.MockGithubPullGetter, *events.FileWorkspace) {
 	allowForkPRs := false
 	discardApprovalOnPlan := true
 	dataDir, binDir, cacheDir := mkSubDirs(t)
-
 	// Mocks.
 	e2eVCSClient := vcsmocks.NewMockClient()
 	e2eStatusUpdater := &events.DefaultCommitStatusUpdater{Client: e2eVCSClient}
@@ -1493,7 +1512,18 @@ func setupE2E(t *testing.T, repoDir string, opt setupOption) (events_controllers
 	pullUpdater := &events.PullUpdater{
 		HidePrevPlanComments: false,
 		VCSClient:            e2eVCSClient,
-		MarkdownRenderer:     events.NewMarkdownRenderer(false, false, false, false, false, false, "", "atlantis", false),
+		MarkdownRenderer: events.NewMarkdownRenderer(
+			false,                            // gitlabSupportsCommonMark
+			false,                            // disableApplyAll
+			false,                            // disableApply
+			false,                            // disableMarkdownFolding
+			false,                            // disableRepoLocking
+			false,                            // enableDiffMarkdownFormat
+			"",                               // markdownTemplateOverridesDir
+			"atlantis",                       // executableName
+			false,                            // hideUnchangedPlanComments
+			opt.userConfig.QuietPolicyChecks, // quietPolicyChecks
+		),
 	}
 
 	autoMerger := &events.AutoMerger{

server/controllers/events/events_controller_e2e_test.go

@@ -0,0 +1,44 @@
+Ran Policy Check for 2 projects:
+
+1. dir: `dir1` workspace: `default`
+1. dir: `dir2` workspace: `default`
+---
+
+### 2. dir: `dir2` workspace: `default`
+**Policy Check Failed**: Some policy sets did not pass.
+#### Policy Set: `test_policy`
+```diff
+FAIL - <redacted plan file> - main - WARNING: Forbidden Resource creation is prohibited.
+
+1 test, 0 passed, 0 warnings, 1 failure, 0 exceptions
+
+```
+
+
+#### Policy Approval Status:
+```
+policy set: test_policy: requires: 1 approval(s), have: 0.
+```
+* :heavy_check_mark: To **approve** this project, comment:
+  ```shell
+  atlantis approve_policies -d dir2
+  ```
+* :put_litter_in_its_place: To **delete** this plan and lock, click [here](lock-url)
+* :repeat: To re-run policies **plan** this project again by commenting:
+  ```shell
+  atlantis plan -d dir2
+  ```
+
+---
+* :heavy_check_mark: To **approve** all unapplied plans from this Pull Request, comment:
+  ```shell
+  atlantis approve_policies
+  ```
+* :put_litter_in_its_place: To **delete** all plans and locks from this Pull Request, comment:
+  ```shell
+  atlantis unlock
+  ```
+* :repeat: To re-run policies **plan** this project again by commenting:
+  ```shell
+  atlantis plan
+  ```

server/controllers/events/testdata/test-repos/policy-checks-multi-projects/exp-output-auto-policy-check-quiet.txt

@@ -126,7 +126,7 @@ func setup(t *testing.T, options ...func(testConfig *TestConfig)) *vcsmocks.Mock
 	pullUpdater = &events.PullUpdater{
 		HidePrevPlanComments: false,
 		VCSClient:            vcsClient,
-		MarkdownRenderer:     events.NewMarkdownRenderer(false, false, false, false, false, false, "", "atlantis", false),
+		MarkdownRenderer:     events.NewMarkdownRenderer(false, false, false, false, false, false, "", "atlantis", false, false),
 	}
 
 	autoMerger = &events.AutoMerger{

server/events/command_runner_test.go

@@ -57,6 +57,7 @@ type MarkdownRenderer struct {
 	markdownTemplates         *template.Template
 	executableName            string
 	hideUnchangedPlanComments bool
+	quietPolicyChecks         bool
 }
 
 // commonData is data that all responses have.
@@ -72,6 +73,7 @@ type commonData struct {
 	EnableDiffMarkdownFormat  bool
 	ExecutableName            string
 	HideUnchangedPlanComments bool
+	QuietPolicyChecks         bool
 	VcsRequestType            string
 }
 
@@ -131,11 +133,12 @@ type policyCheckResultsData struct {
 }
 
 type projectResultTmplData struct {
-	Workspace   string
-	RepoRelDir  string
-	ProjectName string
-	Rendered    string
-	NoChanges   bool
+	Workspace    string
+	RepoRelDir   string
+	ProjectName  string
+	Rendered     string
+	NoChanges    bool
+	IsSuccessful bool
 }
 
 // Initialize templates
@@ -149,6 +152,7 @@ func NewMarkdownRenderer(
 	markdownTemplateOverridesDir string,
 	executableName string,
 	hideUnchangedPlanComments bool,
+	quietPolicyChecks bool,
 ) *MarkdownRenderer {
 	var templates *template.Template
 	templates, _ = template.New("").Funcs(sprig.TxtFuncMap()).ParseFS(templatesFS, "templates/*.tmpl")
@@ -166,6 +170,7 @@ func NewMarkdownRenderer(
 		markdownTemplates:         templates,
 		executableName:            executableName,
 		hideUnchangedPlanComments: hideUnchangedPlanComments,
+		quietPolicyChecks:         quietPolicyChecks,
 	}
 }
 
@@ -192,6 +197,7 @@ func (m *MarkdownRenderer) Render(ctx *command.Context, res command.Result, cmd
 		EnableDiffMarkdownFormat:  m.enableDiffMarkdownFormat,
 		ExecutableName:            m.executableName,
 		HideUnchangedPlanComments: m.hideUnchangedPlanComments,
+		QuietPolicyChecks:         m.quietPolicyChecks,
 		VcsRequestType:            vcsRequestType,
 	}
 
@@ -224,9 +230,10 @@ func (m *MarkdownRenderer) renderProjectResults(ctx *command.Context, results []
 
 	for _, result := range results {
 		resultData := projectResultTmplData{
-			Workspace:   result.Workspace,
-			RepoRelDir:  result.RepoRelDir,
-			ProjectName: result.ProjectName,
+			Workspace:    result.Workspace,
+			RepoRelDir:   result.RepoRelDir,
+			ProjectName:  result.ProjectName,
+			IsSuccessful: result.IsSuccessful(),
 		}
 		if result.PlanSuccess != nil {
 			result.PlanSuccess.TerraformOutput = strings.TrimSpace(result.PlanSuccess.TerraformOutput)