cloudposse/atmos v1.196.0-rc.3 on GitHub

fix: Relax stack config requirement for commands that don't operate on stacks @osterman (#1717)

## Summary

Fixes stack configuration requirement for 6 commands that don't actually operate on stack manifests. These commands were incorrectly requiring stacks.base_path and stacks.included_paths to be configured, causing errors like:

Error: failed to initialize atmos config
stack base path must be provided in 'stacks.base_path' config or ATMOS_STACKS_BASE_PATH' ENV variable

What

Updated 6 commands to use processStacks=false in InitCliConfig:

Auth Commands (Commit 1)

atmos auth env - Export cloud credentials as environment variables
atmos auth exec - Execute commands with cloud credentials
atmos auth shell - Launch authenticated shell

List/Docs Commands (Commit 2)

atmos list workflows - List workflows from workflows/ directory
atmos list vendor - List vendor configurations from component.yaml files
atmos docs <component> - Display component README files

Why

These commands only need:

Auth configuration from atmos.yaml
Component base paths (terraform, helmfile, etc.)
Workflow or vendor configurations

They do NOT need:

Stack manifests to exist
stacks.base_path to be configured
stacks.included_paths to be configured

This makes Atmos more flexible for use cases like:

CI/CD pipelines that only need auth or vendor management
Development environments without full stack setup
Documentation browsing without infrastructure configs
Workflow management separate from stack operations

Technical Details

Changes Made

InitCliConfig parameter: Changed processStacks from true to false
- Prevents validation requiring stacks.base_path and stacks.included_paths
- Skips processing of stack manifest files
checkAtmosConfig option (for list vendor only): Added WithStackValidation(false)
- Prevents checking if stacks directory exists
- Required because list vendor calls checkAtmosConfig() with additional validation

Files Changed

cmd/auth_env.go
cmd/auth_exec.go
cmd/auth_shell.go
cmd/list_workflows.go
cmd/list_vendor.go
cmd/docs.go

Commands That Still Require Stacks (Unchanged)

These were NOT modified because they genuinely need stack manifests:

atmos list stacks
atmos list components
atmos list settings
atmos list values
atmos list metadata

Testing

✅ All existing tests pass
✅ Linter passes with 0 issues
✅ Pre-commit hooks pass
✅ Manual testing confirms commands work without stack directories
✅ No regressions in existing functionality

References

Addresses user issue where atmos auth exec -- aws sts get-caller-identity failed with stack configuration error.

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

Summary by CodeRabbit

New Features
- Auth and utility commands (auth env, auth exec, auth shell, list workflows, list vendor, docs) now run without requiring stack configuration, enabling use in CI/CD, vendor management, and documentation workflows.
Documentation
- Added a blog post describing the change, usage examples, migration tips, and CI/CD benefits.

Change runner type in nightly builds workflow @goruha (#1713)

## what * Use `large`runson runners for the go relaser

why

Go releaser need more disk space

Summary by CodeRabbit

Chores
- Updated GitHub Actions runner specifications across feature release, nightly build, and test workflows to standardize build infrastructure configuration.

Update nightlybuilds.yml @goruha (#1711)

## what * Run go releaser on RunsOn runner

why

Default runners have out of space

Summary by CodeRabbit

Chores
- Updated nightly release workflow to change how runner selection is provided: the workflow now accepts a JSON-like array of runner specifications, improving and broadening which runner(s) can be targeted for nightly builds.

Fix Terraform state authentication by passing auth context @osterman (#1695)

## what - Add authentication context parameter to Terraform backend operations - Refactor PostAuthenticate interface to use parameter struct - Extract nested logic to reduce complexity - Fix test coverage for backend functions

why

Terraform state operations need proper AWS credentials when accessing S3 backends
Multi-identity scenarios require passing auth context through the call chain
Reduces function parameter count from 6 to 2 (using PostAuthenticateParams struct)
Simplifies nested conditional logic for better maintainability

references

Part of multi-identity authentication context work
Follows established authentication context patterns
Related to docs/prd/auth-context-multi-identity.md

Summary by CodeRabbit

New Features
- Centralized per-command AuthContext enabling multiple concurrent identities (AWS, GitHub, Azure, etc.) and making in-process SDK and Terraform calls use Atmos-managed credentials.
- Console session duration configurable via provider console.session_duration with CLI flag override.
Bug Fixes
- More reliable in-process authentication for SDK and Terraform state reads.
Documentation
- Added design doc, blog post, and CLI docs describing AuthContext and session-duration behavior.
Tests
- Expanded tests for auth flows, AWS config loading, and YAML/Terraform tag auth propagation.

🚀 Enhancements

fix: Restore PATH inheritance in workflow shell commands @osterman (#1719)

## what - Refactored to **always** merge custom env vars with parent environment - Fixes workflow shell commands failing with "executable file not found in $PATH" - Adds comprehensive unit and integration tests demonstrating the bug and verifying the fix

why

After commit 9fd7d15 (PR #1543), workflow shell commands lost access to PATH environment variable
Users reported workflows that worked in v1.189.0 failed in v1.195.0 with commands like env, ls, grep not found
This is a critical regression affecting any workflow using external executables
Original fix conditionally replaced environment, which was inconsistent with executeCustomCommand behavior

Root Cause

The bug occurred in ExecuteShell() function in internal/exec/shell_utils.go:

Workflow commands call ExecuteShell with empty env slice: []string{}
ExecuteShell appends ATMOS_SHLVL to the slice: []string{"ATMOS_SHLVL=1"}
ShellRunner receives a non-empty env, so it doesn't fall back to os.Environ()
Shell command runs with ONLY ATMOS_SHLVL set, losing PATH and all other environment variables

Solution

Refactored ExecuteShell() to always merge custom env vars with parent environment:

// Always start with parent environment
mergedEnv := os.Environ()

// Merge custom env vars (overriding duplicates)
for _, envVar := range env {
    mergedEnv = u.UpdateEnvVar(mergedEnv, key, value)
}

// Add ATMOS_SHLVL
mergedEnv = append(mergedEnv, fmt.Sprintf("ATMOS_SHLVL=%d", newShellLevel))

This ensures:

✅ Empty env (workflows): Full parent environment including PATH
✅ Custom env (commands): Custom vars override parent, but PATH is preserved
✅ Consistent behavior: Matches executeCustomCommand pattern (line 393 in cmd_utils.go)

Testing

Unit Tests (internal/exec/shell_utils_test.go):

TestExecuteShell/empty_env_should_inherit_PATH_from_parent_process - Verifies env command works
TestExecuteShell/empty_env_should_inherit_PATH_for_common_commands - Tests ls, env, pwd, echo
TestExecuteShell/custom_env_vars_override_parent_env - Verifies custom vars properly override parent

Integration Test (tests/test-cases/workflows.yaml):

atmos workflow shell command with PATH - Full end-to-end workflow test using env | grep PATH

All tests pass, including existing workflow tests.

references

Closes #1718
Resolves DEV-3725
Regression introduced in: 9fd7d15 (PR #1543)

Summary by CodeRabbit

Bug Fixes
- Shell commands now correctly inherit environment variables (including PATH) from the parent process, with custom env vars properly overriding parent values.
Tests
- Added tests covering environment inheritance for commands that require PATH, shell builtins, and custom env var overrides.
Workflows / Snapshots
- Added a workflow demonstrating PATH-dependent shell commands and updated related test snapshots and test cases.