cloudposse/atmos v1.204.0-rc.5

on GitHub

• Added spinner feedback during auto-provisioning in vendorToTarget()
• Introduced PromptForConfirmation() to pkg/flags/interactive.go for reusable destructive action confirmation prompts
• Updated delete command to prompt interactively instead of requiring --force flag
• Delete operation now shows spinner during deletion with consistent visual feedback
• Added blog post and roadmap milestone documenting the enhancement

why

These changes improve UX consistency across the CLI by providing:

• Better visual feedback during vendoring operations with spinners matching other long-running operations
• Interactive confirmation prompts for destructive actions that gracefully degrade in non-TTY environments
• A reusable pattern for other commands that need confirmation prompts

references

Related to source provisioner improvements for better developer experience with JIT vendoring.

Summary by CodeRabbit

• New Features

  • Interactive confirmation for destructive actions (requires TTY unless --force).
  • Interactive component/stack selection added to pull, delete, describe, and list; positional args now optional.
  • Shell completion for component and stack names.
  • Progress spinners for vendoring, provisioning and deletion flows; clearer interactive/error messaging.

• Tests

  • Expanded coverage for prompts, confirmations, non‑TTY flows, provisioning detection, and completion helpers.

• Documentation

  • UX docs updated with TTY vs non‑TTY guidance and force behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

• Override Docusaurus default fixed 30px height on the announcement bar at desktop widths
• Allow the announcement bar to wrap gracefully to multiple lines at mid-range viewport widths instead of clipping text

why

• At viewport widths between 997px and ~1400px, the announcement bar was clipping the text to a single 30px line
• Very wide screens displayed correctly (text fit on one line), and mobile displayed correctly (height: auto)
• The fix enables responsive text wrapping at mid-range widths where the message needs multiple lines

references

• Docusaurus AnnouncementBar default styles: website/node_modules/@docusaurus/theme-classic/src/theme/AnnouncementBar/styles.module.css

Summary by CodeRabbit

• Style
  • Improved announcement bar layout and text wrapping on desktop viewports (997px and above) for better content visibility and presentation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Fixes minor error w/ docs so that role_arn is properly nested under assume_role.

why

Docs incorrectly had role_arn at the top-level of s3 backend configuration.

references

https://developer.hashicorp.com/terraform/language/backend/s3

Summary by CodeRabbit

Release Notes

• Documentation
  • Updated Terraform S3 backend configuration examples to reflect the new nested assume_role structure for specifying IAM role access.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

• Added examples/source-provisioning/ demonstrating the source provisioner feature for Just-in-Time component vendoring
• Includes separate dev and prod stacks using different module versions
• Demonstrates workdir isolation for terraform execution
• Simple, focused example showing one feature without catalog complexity

why

• Provides a working reference for users learning source provisioning
• Complements existing test fixtures and documentation with a clean runnable example
• Enables quick validation that source provisioning works end-to-end

references

• Source Provisioner PRD
• Provisioner System

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Added source provisioning example with comprehensive README documentation and configuration samples demonstrating just-in-time component vendoring across development and production environments.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

New Feature: Automatic Toolchain Integration

• Custom commands and workflows now automatically load tools from .tool-versions file
• Workflow-specific dependencies can be declared in the workflow definition and override .tool-versions
• Command-specific dependencies can be declared in the command definition
• Tools are automatically installed and PATH is updated before execution
• Component-level tool dependencies - Terraform/Helmfile/Packer components can declare tool dependencies that are resolved and installed before execution

Bug Fixes (Toolchain Bootstrap)

• Fix atmos bootstrap failures for AWS CLI, jq, gum, and replicated by removing unconditional version prefix
• Follow Aqua's actual behavior where version_prefix defaults to empty string, not "v"
• Include ErrHTTP404 in 404 errors to enable version fallback mechanism
• Fix template expansion in files.src for tools like Helm that use {{.OS}}-{{.Arch}} paths
• Preserve all fields in resolveVersionOverrides for version-specific configs
• Add darwin_all pattern support for universal macOS binaries

Bug Fixes (Workflows)

• Fix workflow conditional stack processing - Workflows no longer require stacks configuration when --stack flag is not provided. Previously, running atmos workflow <name> would fail with "stack base path must be provided" even for simple shell workflows that don't use stacks. Now stacks are only validated when --stack is explicitly passed.

Bug Fixes (Batch Install UX)

• Prevent .tool-versions duplication - Add SkipToolVersionsUpdate option to prevent duplicate entries when both InstallSingleTool and updateToolVersionsFile are called
• Enable spinner during batch installs - Spinner now animates during downloads, not just after each tool completes
• Reduce batch install message noise - Add ShowInstallDetails option to show only simple "Installed X" messages in batch mode, while single-tool mode retains verbose output (path, size, registered)
• Add showProgressBar parameter - RunInstall now accepts showProgressBar to control spinner visibility for custom command installs

Bug Fixes (Error Handling)

• Guard against nil error in ErrorBuilder.WithCause - Prevent panic when b.err is nil by using cause directly as the stored error
• Preserve error hints through error chain propagation - Hints from cause errors are now properly preserved via GetAllHints()
• Add alias configuration hint - When tool not found in registry, suggest adding an alias in atmos.yaml
• Suppress PATH hint for dependency installs - Only show PATH export hint when running toolchain install directly

Documentation & Examples

• Add documentation for toolchain integration in custom commands and workflows
• Add examples/toolchain/ with working examples showing:
  • .tool-versions file with tool dependencies
  • Custom command with dependencies declaration
  • Workflow with dependencies declaration
  • Component-level tool dependencies - Mock component with opentofu: "^1.10.0" constraint
  • Inline registry with custom tool definitions (jq, yq)
  • SemVer constraint examples (^1.7.0, ~> 4.40.0)

Test Coverage

• Add DependencyProvider interface for testability
• Add 9 new tests for ensureToolchainDependencies() covering all code paths
• Add tests for extraction edge cases (gzip, tar.gz, MIME type dispatch)
• Add test for .tool-versions directory error path
• Add workflow conditional stack processing tests:
  • TestWorkflowWithoutStacksConfig - workflows succeed without stacks config
  • TestWorkflowWithStackFlagRequiresStacksConfig - workflows fail when --stack passed but stacks not configured
  • TestWorkflowWithStackFlagAndStacksConfigured - workflows succeed when both are present
• Coverage improvements: executor ~19% → 100%, extract functions to 100%

why

Toolchain Integration

Users managing infrastructure often need specific tool versions (terraform, kubectl, helm). The .tool-versions file is a standard way to declare these dependencies (used by asdf, mise). This PR enables Atmos to:

1. Read .tool-versions and automatically install required tools
2. Allow workflows to override versions for specific requirements
3. Update PATH so commands execute with the correct tool versions
4. Support component-level dependencies so different components can require different tool versions

Bootstrap Fixes

After PR #1948, multiple tools failed to install during bootstrap because version prefix handling didn't match Aqua's behavior. The code was unconditionally adding a "v" prefix when version_prefix was empty, breaking HTTP URLs (AWS CLI expects AWSCLIV2-2.32.31 not AWSCLIV2-v2.32.31).

Workflow Conditional Stack Processing

The workflow command was always requiring stacks configuration even when running simple shell workflows that don't reference any stacks. This was because InitCliConfig(info, true) unconditionally validated stacks. Now the second parameter is set based on whether --stack flag was provided, allowing workflows to run without any stacks configured.

Batch Install UX Improvements

The batch installer had several UX issues:

• Duplicate entries - Both handleInstallSuccess and updateToolVersionsFile were writing to .tool-versions with different keys (e.g., "gum" vs "charmbracelet/gum")
• No animation during downloads - Spinner only animated after each tool completed, leaving users with no feedback during 5-30 second downloads
• Too noisy - Each tool produced 3 lines of output; reduced to 1 concise line in batch mode

Error Handling Robustness

• ErrorBuilder.WithCause could panic if called with nil base error - now handles gracefully
• Error hints from wrapped causes were being lost - now preserved through the chain

Example Usage

.tool-versions:

terraform 1.10.3
kubectl 1.32.0
helm 3.16.4

Workflow with override:

workflows:
  deploy:
    description: Deploy infrastructure
    dependencies:
      tools:
        terraform: "1.11.0"  # Override .tool-versions
    steps:
      - command: terraform init
      - command: terraform apply

Component with tool dependency:

components:
  terraform:
    mock:
      metadata:
        component: mock
      dependencies:
        tools:
          opentofu: "^1.10.0"  # Install OpenTofu before execution
      vars:
        message: "Hello from toolchain demo"

references

• Related to bootstrap failures in PR #1948
• Documentation: website/docs/core-concepts/custom-commands/commands.mdx
• Documentation: website/docs/core-concepts/workflows/workflows.mdx
• Examples: examples/toolchain/

Summary by CodeRabbit

• New Features

  • Automatic tool management from .tool-versions in commands and workflows; injectable dependency provider; batch installs; richer install options (progress bar, PATH hint, skip .tool-versions update); explicit version_prefix support so templates/URLs and SemVer behave only when configured.

• Bug Fixes

  • Better 404 detection for version fallbacks, more robust archive extraction and binary detection, and spinner suppressed during debug to avoid garbled output.

• Documentation

  • New docs and many examples for toolchain integration.

• Tests

  • Large expansion of unit and integration tests across installs, prefix handling, extraction, dependency flows, and UI helpers.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

• Fix create command not appearing in subcommands list (Use field was wrong)
• Add ErrorBuilder pattern for missing --stack flag with helpful context
• Add ErrProvisioningNotConfigured sentinel error to errors/errors.go
• Fix false success bug: ProvisionBackend now returns error when provisioning not configured (strict behavior)
• Update all affected tests to expect errors instead of nil returns

why

The backend commands had multiple issues:

1. create subcommand wasn't visible in help because Use: "<component>" doesn't include the command name
2. Error messages said "required flag not provided" without indicating which flag or how to fix it
3. Running create without provisioning configuration would show "Successfully provisioned" even though nothing was done (false success)
4. Tests incorrectly expected nil returns when configuration was missing

These fixes ensure the backend commands are discoverable, errors are helpful and actionable, and operations fail-fast with clear context.

references

• Fixes false success bug in backend provisioning
• Improves error messages for CLI usability
• Ensures backend create command is discoverable in help

Summary by CodeRabbit

• New Features

  • Optional positional args with interactive prompting for backend commands; bracket-style usage.
  • Automatic, opt-in backend provisioning during Terraform init with progress spinner, backend existence/name detection, and clearer progress messages.

• Bug Fixes

  • Clear, actionable error when backend provisioning is missing or disabled; improved provisioning error signaling.

• Tests

  • Expanded unit, integration, and end-to-end tests for backend flows, S3 backend (fake S3), prompting, and provisioning scenarios.

• Documentation

  • New blog post and reference updates describing automatic backend provisioning and prompting behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

• Fixed atmos list workflows command showing <no value> for workflow names
• The workflow name column now correctly displays workflow names instead of <no value>

why

• The default column template for "Workflow" used {{ .name }} but the data extractor uses "workflow" as the key
• This mismatch caused Go templates to output <no value> when the .name field wasn't found in the data
• Users were seeing output like:

  networking.yaml  <no value>  Run terraform plan on all vpc components...
  

  Instead of:

  networking.yaml  plan-all-vpc  Run terraform plan on all vpc components...
  

Changes

1. cmd/list/workflows.go - Changed default column template from {{ .name }} to {{ .workflow }} to match the extractor's key
2. pkg/list/column/column.go - Added explicit mapping for "workflow" key in buildTemplateContext() for consistency
3. Tests - Added tests to verify default columns use the correct template keys

Testing

# Before fix
$ atmos list workflows
networking.yaml  <no value>  Run terraform plan...

# After fix  
$ atmos list workflows
networking.yaml  plan-all-vpc  Run terraform plan...

Summary by CodeRabbit

• Bug Fixes

  • Fixed the Workflow column in workflow lists to display the correct data source.

• New Features

  • Added support for configuring workflow columns and templates via atmos.yaml configuration file.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

• Fixed workflow command parsing to correctly handle quoted arguments like -var="key=value"
• Previously, strings.Fields() was used which doesn't handle shell quoting, causing quoted arguments to be passed with literal quote characters
• Now uses shell.Fields() from mvdan.cc/sh/v3/shell which properly parses shell-style quoting

why

• Workflow commands with -var="access_roles_enabled=false" were failing with:

  Error: Value for undeclared variable
  A variable named "\"access_roles_enabled" was assigned on the command line
  

• The issue was that strings.Fields() splits on whitespace but preserves quote characters, so -var="enabled=false" was passed to Terraform with the literal quotes included
• Running the same command directly from the CLI worked because the shell strips the quotes before passing to the process
• shell.Fields() correctly parses shell quoting and strips quotes, matching the behavior users expect

Example

Before (broken):

# Workflow command
command: terraform deploy tfstate-backend -var="access_roles_enabled=false"

# Parsed as: ["terraform", "deploy", "tfstate-backend", "-var=\"access_roles_enabled=false\""]
# Terraform sees variable name as: "access_roles_enabled (with leading quote)

After (fixed):

# Same workflow command
command: terraform deploy tfstate-backend -var="access_roles_enabled=false"

# Parsed as: ["terraform", "deploy", "tfstate-backend", "-var=access_roles_enabled=false"]
# Terraform correctly sees variable name as: access_roles_enabled

Testing

Added comprehensive tests for the fix:

Unit Tests (internal/exec/workflow_test.go)

• TestShellFieldsQuoteParsing - verifies shell.Fields() correctly parses various quoted argument patterns

Unit Tests (internal/exec/workflow_utils_test.go)

• TestShellFieldsFallback - tests shell parsing with various argument patterns
• TestExecuteWorkflow_WithQuotedVarFlag - tests -var="key=value" pattern in workflows
• TestPrepareStepEnvironment_WithGlobalEnv - tests global env merging
• TestExecuteWorkflow_* - multiple tests for stack overrides, dry run, from-step, identity precedence

Workflow Test Fixtures (tests/fixtures/scenarios/workflows/stacks/workflows/test.yaml)

• terraform-var-double-quotes - -var="key=value" pattern
• terraform-var-single-quotes - -var='key=value' pattern
• terraform-var-multiple - multiple var flags
• terraform-var-with-spaces - values containing spaces
• terraform-var-equals-in-value - values containing =

references

• Uses same approach as pkg/workflow/executor.go:332-337 which already had the correct implementation
• mvdan.cc/sh/v3/shell is already a dependency used in other parts of the codebase

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Improved command argument parsing to correctly handle quoted strings and complex flags (e.g., Terraform -var with spaces and equals signs).

• Tests

  • Expanded test coverage for quoted argument parsing and workflow execution scenarios.
  • Added test cases for various Terraform variable flag quoting patterns.

• Dependencies

  • Updated Go module dependencies to latest patch versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}