Add a branch matcher to the server side repo config #1383
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dghubble
changed the title
Codecov Report
@@ Coverage Diff @@
## master #1383 +/- ##
==========================================
- Coverage 69.65% 69.53% -0.13%
==========================================
Files 93 93
Lines 6282 6299 +17
==========================================
+ Hits 4376 4380 +4
- Misses 1529 1542 +13
Partials 377 377
Continue to review full report at Codecov.
|
pinkavaj
reviewed
Feb 6, 2021
| withoutSlashes := r.Branch[1 : len(r.Branch)-1] | ||
| // checked in repo Validate() | ||
| branchRegex = regexp.MustCompile(withoutSlashes) | ||
| } |
There was a problem hiding this comment.
Consider allowing specify single branch using plain branch-name syntax, similar to non-regex for the id.
There was a problem hiding this comment.
I considered this. id allows a string or regex, but it feels kinda cumbersome. The default value needs to continue matching all branches. I favored branch field always being a regex (default .*) (and if you want to match a single name, you could just set it to ^master$) so we don't need to condition on which sort of string it is.
If a maintainer prefers the opposite, I'm happy to refactor.
|
One reason #1292 wouldn't work in our case, we don't enable the mergeable requirement (we have other Github Apps later in our workflow). We also want Atlantis to completely ignore certain branches, rather than erroring. I think Atlantis being able to filter/ignore PRs for certain branches is independent of Atlantis mergeble/approved concepts. |
nishkrishnan
approved these changes
Feb 24, 2021
|
I'll rebase! |
* Add a branch regex to the repo.yaml config to allow Atlantis to
accept only pull requests with a given base branch (the branch
a PR would merge _into_).
* `branch` is optional. By default its unset and Atlantis will match
webhooks for pull requests for any branch (no change)
Match any PR,
```
repos:
- id: /.*/
branch: /.*/
```
Match only PRs with master or main base branch.
```
repos:
- id: /.*/
branch: /(main|master)/
```
Some repos have special pull request branching practices. For example,
plan/apply from feature branches merging into master, but separate flows
for merging master into a release branch (where Atlantis isn't used).
Adding a regex allows for flexible workflow options. For example, you
could have Atlantis ignore "release" branches.
|
Fixed conflict |
minamijoyo
added a commit
to minamijoyo/atlantis
that referenced
this pull request
Aug 23, 2021
Fixes runatlantis#1539 The branch matcher feature has been introduced in runatlantis#1383, but the current implementation was broken and doesn't work at all (runatlantis#1539). If my understanding is correct, there are two problems: (1) The `GlobalCfg` has a default `Repo` instance which always matches any repositries and branches. Therefore the branch matcher never be functional. (2) Validating base branches in `DefaultPreWorkflowHooksCommandRunner.RunPreHooks()` implicitly assumed that users customize `pre_workflow_hooks`, but the assumption isn't always true because it defaults to empty. For (1), I added a new method `MatchingRepo()` to `GlobalCfg` to check `BranchMatches()` for a single `Repo` instance. For (2), I moved validating branch to `DefaultCommandRunner.validateCtxAndComment()`. Since the method has already validated meta data of pull request, I think it's suitable place to check base branches, but please let me know if there is anywhere more suitable.
minamijoyo
added a commit
to minamijoyo/atlantis
that referenced
this pull request
Aug 23, 2021
Fixes runatlantis#1539 The branch matcher feature has been introduced in runatlantis#1383, but the current implementation was broken and doesn't work at all (runatlantis#1539). If my understanding is correct, there are two problems: (1) The `GlobalCfg` has a default `Repo` instance which always matches any repositries and branches. Therefore the branch matcher never be functional. (2) Validating base branches in `DefaultPreWorkflowHooksCommandRunner.RunPreHooks()` implicitly assumed that users customize `pre_workflow_hooks`, but the assumption isn't always true because it defaults to empty. For (1), I added a new method `MatchingRepo()` to `GlobalCfg` to check `BranchMatches()` for a single `Repo` instance. For (2), I moved validating branch to `DefaultCommandRunner.validateCtxAndComment()`. Since the method has already validated meta data of pull request, I think it's suitable place to check base branches, but please let me know if there is anywhere more suitable.
nishkrishnan
pushed a commit
that referenced
this pull request
Aug 30, 2021
Fixes #1539 The branch matcher feature has been introduced in #1383, but the current implementation was broken and doesn't work at all (#1539). If my understanding is correct, there are two problems: (1) The `GlobalCfg` has a default `Repo` instance which always matches any repositries and branches. Therefore the branch matcher never be functional. (2) Validating base branches in `DefaultPreWorkflowHooksCommandRunner.RunPreHooks()` implicitly assumed that users customize `pre_workflow_hooks`, but the assumption isn't always true because it defaults to empty. For (1), I added a new method `MatchingRepo()` to `GlobalCfg` to check `BranchMatches()` for a single `Repo` instance. For (2), I moved validating branch to `DefaultCommandRunner.validateCtxAndComment()`. Since the method has already validated meta data of pull request, I think it's suitable place to check base branches, but please let me know if there is anywhere more suitable.
minamijoyo
added a commit
to minamijoyo/atlantis
that referenced
this pull request
Sep 2, 2021
…nfig Fixes runatlantis#1695 The branch matcher feature has been implemented in runatlantis#1383 and runatlantis#1768. There is only an example for it, but not in the reference. https://github.com/runatlantis/atlantis/pull/1383/files#diff-5dd8dd3b7c37191b78109efaaa1bb73184ff7a1690632d687fed7cd748847f5eR31-R34 Add missing the `branch` key in the reference for server side repo config. I also add a warning for `mergeable` requirement to check the `branch` setting because I think a typical branch protection rule only restricts a default branch. We should let users know that someone can potentially bypass it without the `branch` restriction in atlantis.
minamijoyo
added a commit
to minamijoyo/atlantis
that referenced
this pull request
Sep 2, 2021
Fixes runatlantis#1695 The branch matcher feature has been implemented in runatlantis#1383 and runatlantis#1768. There is only an example for it, but not in the reference. https://github.com/runatlantis/atlantis/pull/1383/files#diff-5dd8dd3b7c37191b78109efaaa1bb73184ff7a1690632d687fed7cd748847f5eR31-R34 Add missing the `branch` key in the reference for server side repo config. I also add a warning for `mergeable` requirement to check the `branch` setting because I think a typical branch protection rule only restricts a default branch. We should let users know that someone can potentially bypass it without the `branch` restriction in atlantis.
nishkrishnan
pushed a commit
that referenced
this pull request
Sep 14, 2021
) Fixes #1695 The branch matcher feature has been implemented in #1383 and #1768. There is only an example for it, but not in the reference. https://github.com/runatlantis/atlantis/pull/1383/files#diff-5dd8dd3b7c37191b78109efaaa1bb73184ff7a1690632d687fed7cd748847f5eR31-R34 Add missing the `branch` key in the reference for server side repo config. I also add a warning for `mergeable` requirement to check the `branch` setting because I think a typical branch protection rule only restricts a default branch. We should let users know that someone can potentially bypass it without the `branch` restriction in atlantis.
msarvar
referenced
this pull request
in lyft/atlantis
Sep 27, 2021
Fixes #1539 The branch matcher feature has been introduced in #1383, but the current implementation was broken and doesn't work at all (#1539). If my understanding is correct, there are two problems: (1) The `GlobalCfg` has a default `Repo` instance which always matches any repositries and branches. Therefore the branch matcher never be functional. (2) Validating base branches in `DefaultPreWorkflowHooksCommandRunner.RunPreHooks()` implicitly assumed that users customize `pre_workflow_hooks`, but the assumption isn't always true because it defaults to empty. For (1), I added a new method `MatchingRepo()` to `GlobalCfg` to check `BranchMatches()` for a single `Repo` instance. For (2), I moved validating branch to `DefaultCommandRunner.validateCtxAndComment()`. Since the method has already validated meta data of pull request, I think it's suitable place to check base branches, but please let me know if there is anywhere more suitable.
krrrr38
pushed a commit
to krrrr38/atlantis
that referenced
this pull request
Dec 16, 2022
Fixes runatlantis#1539 The branch matcher feature has been introduced in runatlantis#1383, but the current implementation was broken and doesn't work at all (runatlantis#1539). If my understanding is correct, there are two problems: (1) The `GlobalCfg` has a default `Repo` instance which always matches any repositries and branches. Therefore the branch matcher never be functional. (2) Validating base branches in `DefaultPreWorkflowHooksCommandRunner.RunPreHooks()` implicitly assumed that users customize `pre_workflow_hooks`, but the assumption isn't always true because it defaults to empty. For (1), I added a new method `MatchingRepo()` to `GlobalCfg` to check `BranchMatches()` for a single `Repo` instance. For (2), I moved validating branch to `DefaultCommandRunner.validateCtxAndComment()`. Since the method has already validated meta data of pull request, I think it's suitable place to check base branches, but please let me know if there is anywhere more suitable.
krrrr38
pushed a commit
to krrrr38/atlantis
that referenced
this pull request
Dec 16, 2022
…natlantis#1784) Fixes runatlantis#1695 The branch matcher feature has been implemented in runatlantis#1383 and runatlantis#1768. There is only an example for it, but not in the reference. https://github.com/runatlantis/atlantis/pull/1383/files#diff-5dd8dd3b7c37191b78109efaaa1bb73184ff7a1690632d687fed7cd748847f5eR31-R34 Add missing the `branch` key in the reference for server side repo config. I also add a warning for `mergeable` requirement to check the `branch` setting because I think a typical branch protection rule only restricts a default branch. We should let users know that someone can potentially bypass it without the `branch` restriction in atlantis.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
a PR would merge into).
branchis optional. By default its unset and Atlantis will match webhooks for pull requests for any branch (no change)Match any PR,
Match only PRs with master or main base branch.
Why?
Some repos have unique pull request branching practices. For example, plan/apply from feature branches merging into master, but separate flows for merging master into a release branch (where Atlantis isn't used). Adding a regex allows for flexible workflow options. For example, you could have Atlantis ignore "release" branches.