feat: draftplan #3275
feat: draftplan #3275
Conversation
|
@finnag This is pretty interesting, I will be happy to review when is ready |
|
This is interesting. I'd prefer that all plans have dynamodb lock and atlantis lock disabled since we only really need to lock on apply. If the plan generated is stale, atlantis will run terraform which will announce that the plan is stale which would force a replan anyway. |
|
We run atlantis in merge mode now, and we rely on the plans for reviews. The reviewer looks at the plan output in addition to the PR change itself to decide whether to approve or not. It's hard to see how the plans can stay true (as in not stale) unless the lock is grabbed before the plan is created, and held until after the PR is merged? If applying triggers a new plan, the review must be done again and you're entering some sort of loop... |
nitrocode
changed the title
|
I'm looking forward to seeing this being implemented and released out, a much needed function. |
I believe the approvals are only required again if there are any file changes, if not the approval persists. |
|
@jamengual Finally had some time to clean this up a bit, if you could review and give some feedback that would be nice. We've been running with variants of this patch for a while now, it's quite useful. |
|
@finnag does this delete the previous |
It behaves like this, at least on GitHub:
The latter is sort of a fortunate accident because "plan" is a substring of "draftplan", and |
jamengual
added
waiting-on-review
|
Would it be possible to add a setting to make autoplan always run a |
GenPage
added
waiting-on-response
|
Big fan of this (as the locking/unlocking is a pain when you have larger terraform workspaces with backlogged PRs), i think the comments around the plan being not a perfect representation are valid and i wonder if putting/allowing some sort of prefix to the plan output could be possible (that provides a clear disclaimer that the output isn't perfectly representative). Even better would be somehow allowing atlantis administrators to set this to be specific to their orgs terminology, so something like this could be achievable on a draft plan. Warning This is a draft plan and may not truly be representative of the run due to atlantis sequential locking behaviour - it's strictly to aid in code review blah blah. Ran Draft Plan for dir: terraform/environment/aws/prod workspace: default |
|
This issue is stale because it has been open for 1 month with no activity. Remove stale label or comment or this will be closed in 1 month. |
|
Not stale |
jamengual
requested review from
lukemassa and
nitrocode
and removed request for
a team
draftplan acts like a normal plan command, except it does not grab a project lock or a terraform lock, and does not refresh state. The resulting plan will only be printed as a comment, it will not be stored and so cannot be applied. It is intended a a lightweight method to see what a plan would look like.
|
rebased to v0.30.0, added fix suggested by @peikk0 .. We've run with this in production for a year + now, so it "works for us". |
what
Implement a new atlantis command "draftplan" for making draft plans.
Draft plans can run at pretty much any time in any PR as long as a terraform isn't already running for that PR, and the only result is a comment in the PR about what the plan would look like.
The draft plans do the following:
This revision of the implementation is a bit more reasonable than the previous draft version.
why
It's often useful to see what plan a PR would result in, even if you do not want to apply the plan yet. Also, many times there are locks preventing a normal plan from running.
This mode could also maybe be a pretty useful mode for draft PRs, you can see what the plan would look like without affecting other PRs.
tests
references
atlantis plan -lock=falseand disable lock on draft PRs #2237