Post-workflow hooks not possible to configure for policy_check step

[jlubins]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

My post-workfow hook does not run after the policy_check step.

I want to send custom metrics/events to Datadog after a policy_check Conftest run, which involves running a script to do so. This script needs access to $POLICYCHECKFILE to determine if there were any errors in the policy_check step.

Earlier, I had a post-workflow hook after the plan step, but I specifically need the policy_check output, as Conftest policies are overridden to pass on atlantis approve_policies, and I want to capture that when determining the time of a success for a particular PR.

Reproduction Steps

Add a post-workflow step and configure it to run on the policy_check command. See server-side config below.

Logs

Environment details

If not already included, please provide the following:

• Atlantis version: v0.29.0
• Deployment method: helm
• If not running the latest Atlantis version have you tried to reproduce this issue on the latest version: No (no release notes related to it in later versions)
• Atlantis flags: --enable-policy-checks

Atlantis server-side config file:
Relevant portions included:

repos:
      - id: /.*/
        apply_requirements: [approved, mergeable]
        workflow: conftest
        allowed_overrides: [workflow, policy_check]
        allow_custom_workflows: true
        delete_source_branch_on_merge: true
        pre_workflow_hooks:
          - run: /home/atlantis/scripts/get-conftest-policies.sh
            commands: plan
        post_workflow_hooks:
          - run: /home/atlantis/scripts/send-conftest-events.sh
            commands: policy_check
      workflows:
        conftest:
          plan:
            steps:
            - init
            - plan
            - show
            - run:
                command: |
                  cp $SHOWFILE /tmp/$BASE_REPO_NAME-$PULL_NUM-$PULL_AUTHOR.json
          policy_check:
            steps:
            - show
            - policy_check:
                extra_args: ["--update", "git::<redacted link>", "--namespace", "example-namespace"]
          apply:
            steps:
            - env:
                name: VAULT_TOKEN
                command: 'cat /vault/secrets/token'
            - apply

Repo atlantis.yaml file is not relevant, using default workflow defined in server-side config above.

Any other information you can provide about the environment/deployment (efs/nfs, aws/gcp, k8s/fargate, etc)
Running on EKS in AWS

Additional Context

n/a