github cloudposse/atmos v1.222.0-rc.15

pre-release3 hours ago
feat: local Terraform tests against cloud emulators @osterman (#2663) ## what
  • Run atmos terraform test (Terraform's native *.tftest.hcl framework) against a local cloud emulator instead of a real cloud account, via a new examples/terraform-tests example.
  • Add before.terraform.test / after.terraform.test lifecycle events and wire cmd/terraform/test.go to capture output and fire them — which drives both component hooks: and the native-CI plugin from one place.
  • New emulator workflow step type that drives emulator up/down/reset, so declarative kind: step hooks can bring a sandbox up before tests and tear it down after (when: always), with no manual atmos emulator up/down.
  • Native-CI job step summary for terraform test: pass/fail/skip badges and a per-run results table, alongside the existing plan/apply summaries.
  • Bug fix: under the Podman runtime, parsePodmanContainer dropped the container Ports array, so the emulator endpoint resolved empty and Terraform silently hit real AWS (403 InvalidAccessKeyId). Podman's structured Ports are now parsed into Info.Ports.
  • Docs (emulator step type, hook events, job summaries, hooks guide), a changelog blog post, a roadmap milestone, and a docs/fixes/ write-up for the Podman fix.

why

  • terraform test's apply run blocks create real infrastructure, so they need a cloud account and spend and rarely run locally — pointing them at an emulator makes them free, hermetic, and identical local↔CI.
  • A single hook-events seam keeps the emulator lifecycle declarative (in the component) rather than a hand-written custom command, and reuses the existing kind: step machinery.
  • The Podman fix is required for any emulator-backed Terraform to reach the sandbox at all on Podman (it also fixes the existing emulator-aws example), and is documented in docs/fixes/ rather than the changelog because it restores already-intended behavior.

references

  • Builds on the emulators feature (#2647).
  • Podman fix rationale: docs/fixes/2026-06-27-podman-port-readback-emulator-endpoint.md.
  • Changelog: website/blog/2026-06-27-local-terraform-tests-with-emulators.mdx.

Summary by CodeRabbit

  • New Features

    • Added support for terraform test, including CI summaries, test result parsing, JUnit output, and inline annotations.
    • Introduced new workflow step and hook capabilities for emulator runs and ordered multi-step actions.
    • Added support for fixture-based local Terraform tests against cloud emulators.
  • Bug Fixes

    • Improved handling of Podman port detection to help emulator-backed runs reach the correct endpoint.
  • Documentation

    • Updated docs and examples for Terraform tests, emulator workflows, hooks, and CI job summaries.
[codex] Fix mobile gutters and name runtime CSS @osterman (#2673) ## what
  • Renamed the homepage runtime stylesheet from landing-redesign.css to landing-runtime.css.
  • Updated the homepage import to use the new runtime stylesheet name.
  • Tightened mobile and tablet hero CSS so the homepage content keeps consistent left/right gutters and CTA elements stay within the content column.
  • Added a more compact phone hero by reducing vertical spacing, scaling mobile type, hiding the heavier demo/runs band on small screens, centering the overall mobile content column, placing cloud logos in the whitespace to the right of the value props, and centering the CTA row.
  • Optimized the mobile AI section by hiding the decorative badge, reducing text scale/line-height, tightening spacing, and using left-aligned copy on phones.

why

  • Makes the stylesheet name describe the current homepage theme instead of a past redesign event.
  • Fixes the mobile homepage hero feeling clipped or overly left-aligned on narrow viewports without making the lower action area look disconnected.
  • Helps the primary mobile hero and AI section content fit better above the fold on common devices.
  • Protects the runtime hero from legacy broad landing-page header rules at responsive breakpoints.

references

  • Validation: pre-commit hooks passed during commit.
  • Validation: Docusaurus dev server compiled successfully with src/css/landing-runtime.css and AISection/styles.css.
  • Validation: postcss.parse passed for the updated CSS files.

Summary by CodeRabbit

  • New Features
    • Updated the landing page to use the runtime-themed stylesheet, including refreshed “New”/“Pro” badge styling and a reworked hero layout/spacing.
  • Bug Fixes
    • Improved mobile responsiveness for the AI section and landing hero by refining typography, alignment, spacing, and gaps.
    • Prevented CTA/content overflow on smaller screens and hid non-essential hero visuals to improve readability.
  • Tests
    • Updated demo-globs test expectations to reflect the removed Docker Compose file.
    • Adjusted proxy test server shutdown cleanup behavior.
feat: native Kubernetes components with GitOps deployment-repo delivery @osterman (#2607) ## what
  • Native kubernetes component type. Define Kubernetes objects in stacks and run atmos kubernetes render|diff|plan|apply|deploy|delete <component> -s <stack> through the Kubernetes Go SDKs (server-side apply) — no kubectl or kustomize binary required.
  • Inputs can be inline manifests, files/directories (paths), and Kustomize overlays; full stack semantics (vars/env/auth/metadata/inheritance/overrides), --all/--affected DAG ordering, Atmos Auth (e.g. EKS) integration, and dotted lifecycle hooks (before/after.kubernetes.*).
  • GitOps delivery via provision.targets. apply/deploy deliver to a target selected by kind: kubernetes applies to the cluster (default), git renders the manifests and commits them to a managed Git deployment repository (Argo CD/Flux source-of-truth) instead. Selected with --target (precedence: --targetprovision.default → implicit cluster), so existing components are unaffected.
  • New reusable, component-agnostic target-provisioner registry (pkg/provisioner/target, registry pattern) + a ProvisionArtifact model. The git target composes the pkg/git service: clone-reconcile a git.repositories.<name>, replace the managed templated path with the rendered files, path-scoped commit with provenance trailers, and push-with-retry. Credentials come from Atmos Auth (GitHub STS); pull_request publishing is deferred.
  • Schema, LSP, docs, examples, changelog. Typed kubernetes component and provision.targets in Go schema and both JSON schemas; LSP; command/config/stack docs; examples/kubernetes and examples/kustomize; a changelog blog post and a roadmap milestone.

why

  • Kubernetes should be orchestrated by the same stack-based engine as Terraform/Helmfile/Ansible — one set of inheritance, auth, and affected-detection — rather than shelling out to kubectl/kustomize from glue scripts.
  • GitOps pipelines have always needed ad hoc glue to render manifests into a deployment repo, commit, survive push races, and wire credentials. Atmos already owns rendering, lifecycle events, and authentication, so provision.targets adds the delivery step with centralized safety rules — the same component config can apply to a cluster in dev and publish to a GitOps repo in prod with one flag.

references

  • Builds on the Atmos Git foundational capability (#2597), now merged into main, which provides the reusable pkg/git service and git.repositories configuration consumed by the git target.
  • Docs: Kubernetes component, atmos kubernetes.

Summary by CodeRabbit

  • New Features
    • Added native Kubernetes component support with atmos kubernetes commands: render, diff/plan, apply/deploy, delete, and validate (plus k8s alias).
    • Added server-side diff/validate and GitOps-style delivery targets for applying manifests to either clusters or Git repositories.
  • Bug Fixes
    • Improved Kubernetes affected selection, component path resolution, and config merging; refined Kubernetes diff masking/summaries (including Secret redaction).
  • Documentation
    • Expanded CLI, configuration, CI, and examples for Kubernetes and local GitOps workflows.

Don't miss a new atmos release

NewReleases is sending notifications on new releases.