#atlantis (2020-10)
Discuss the Atlantis (<http://runatlantis.io | runatlantis.io>) |
**Archive: ** https://archive.sweetops.com/atlantis/
2020-10-01
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Probably want to squash some of those commits
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
nothing secret in there but actually I do not know how to delete some
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Rebase?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
I tried, it became a huge mess
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
I should have done it before I created the PR
2020-10-13
![Callum Robertson avatar](https://avatars.slack-edge.com/2019-06-20/659129332226_04b6b33e0a3f105d3bc7_72.jpg)
Hey all - I have a couple of questions for this channel around management of Atlantis.
- Right now we’re the Terragrunt IAC repo pattern for all of our infrastructure. This has expanded quite quickly due to how awesome the self-service of Atlantis has been for us. However, maintaining such a busy repo with trunk-based deployment has started to become a bit of a worry. Has anyone had any thoughts about splitting up repos or abandoning this pattern in favour of workspaces?
- With the way that the Terraform operations are being handled with Atlantis - if another PR of the same repo is merged into master, is there any recommended approach to getting those merged changes added into any open Atlantis PRs? We’re consistently rebasing the feature branches with master during lengthly PR’s. We’re looking at Github actions etc and potentially set up a PoC to try workspaces but wanted to the opinion of others who have experienced a similar situation?
A repo used to show examples file/folder structures you can use with Terragrunt and Terraform - gruntwork-io/terragrunt-infrastructure-live-example
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Interesting, at my company we have about 20 eng who touch infra code in a monorepo with trunk-based deployment with about 500 modules and haven’t experienced too much trouble.
You should only need to rebase if another PR affected the same modules or otherwise would affect output
values from dependencies of the module you are running on, which brings up two questions:
- Are your modules maybe too large that multiple devs frequently are changing them at the same time? This should happen now and then, but if you have small enough modules shouldn’t be a constant thing
- If you really are having multiple devs touch the same modules all the time, how would having smaller repos help? You’d just move the problem of touching file X into whichever smaller repo manages file X Is it maintaining the atlantis.yaml that’s worrying you maintenance wise, or something else?
A repo used to show examples file/folder structures you can use with Terragrunt and Terraform - gruntwork-io/terragrunt-infrastructure-live-example
2020-10-22
![zeid.derhally avatar](https://avatars.slack-edge.com/2019-11-07/812667730610_1068425b9d918de21373_72.png)
Have people here integrated checkov into their atlantis workflows? or do they utilize github actions?
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
i added checkov
to atlantis but not through a github action
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
i added it to via atlantis workflow so it comments the output of checkov’s scan of the tf plan directly in the PR
![zeid.derhally avatar](https://avatars.slack-edge.com/2019-11-07/812667730610_1068425b9d918de21373_72.png)
that’s my thinking, was thinking of running it before the plan
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
done similar with conftest/OPA
![zeid.derhally avatar](https://avatars.slack-edge.com/2019-11-07/812667730610_1068425b9d918de21373_72.png)
also it helps not to rely on dev teams having to configure github actions
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
did you use a script and a -run
command to run checkov/conftest in the workflow?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@barak might have some tips
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I definitely know they have a #github-actions for it
![barak avatar](https://avatars.slack-edge.com/2020-09-15/1387349496032_1e9e17165edfe4550501_72.jpg)
Hey @zeid.derhally, haven’t tried it with atlantis. Sounds like a great fit. @RB do you mind sharing a sample conf? I would be happy to add it to checkov’s docs
cc: @Matt Johnson
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
Basic terraform cicd setup using atlantis. Contribute to nitrocode/atlantis-terraform-module development by creating an account on GitHub.
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
awesome, now I can copy paste
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
that’s not the current one we’re using but it’s an example of how to adopt checkov and tflint and add additional ones like tfsec, opa, etc
![zeid.derhally avatar](https://avatars.slack-edge.com/2019-11-07/812667730610_1068425b9d918de21373_72.png)
![barak avatar](https://avatars.slack-edge.com/2020-09-15/1387349496032_1e9e17165edfe4550501_72.jpg)
@barak has joined the channel
2020-10-26
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
can Atlantis perform a rolling upgrade style upgrade using the upstream AWS terraform module on Fargate?
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
On itself? No, it cannot lobotomies itself AFAIK
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Does anyone use Atlantis + Terraform Cloud, or is it more of a one or the other situation? I haven’t looked at the cloud much, as it wasn’t around when I set up all our infra code
![Igor avatar](https://avatars.slack-edge.com/2022-03-17/3244104166391_48a8db73944f03735a65_72.jpg)
IMHO it’s one or the other. I wanted to give TC a go, but Atlantis just handles far more at this point and isn’t as opinionated.