Open bongardino opened 2 years ago
We also ran into this and it was a bit unclear ... we were missing the Organization level Members & Webhooks (may be unneeded but made it match the repo level) permissions and it wasn't setup by default when creating the app. We require the PR's approval for atlantis apply.
Is it possible that Organization level webhooks' permissions are not required?
Here are screenshots of what we have to make things work as expected:
Repository permissions
Organization permissions
User permissions
Subscribe to events
I hope this helps @bongardino and I agree there needs to be better documentation for the Github App config.
@jeff-clearcover thanks for that config info. I am stuck simply getting the webhook yaml config to work. I'm not sure where in my repo atlantis.yaml config i should place that block. I've tried putting it within the project or at top or within a workflow and getting various errors. Even tried to do it on the server side config yaml with no luck. How does it actually look in relation to working atlantis.yaml repo config is basically my question.
@jeff-clearcover thanks! this is useful - we ended up with a similar set of repo permissions / webhook settings. No User or Org permissions were needed, and we require approval and mergable. Do you know what required R/W for Contents in your setup?
Sharing for posterity.
Actions RO is also not required, we're just testing something.
@bongardino can i posit my question to you as well, i'm a bit confused as to where the webhook config should be placed in my repo atlantis.yaml config. I see the documentation here.
config snippet
webhooks:
- event: apply
workspace-regex: .*
kind: slack
channel: my-channel
but i've tried to place in my repo's atlantis.yaml file
version: 3
automerge: true
delete_source_branch_on_merge: true
projects:
- name: test1
dir: .
workspace: default
workflow: dev-wf
- name: test2
dir:
workspace: default
delete_source_branch_on_merge: true
autoplan:
when_modified: ["*.tf", "*.tfvars"]
enabled: true
apply_requirements: [mergeable, approved]
workflow: stage-wf
webhooks:
- event: apply
workspace-regex: .*
kind: slack
channel: my-channel
workflows:
dev-wf:
plan:
steps:
- init
- plan
@kangman sorry! haven't tried webhooks yet, and it looks like you already found the PR page for the docs so I've got nothing useful 🤷♂️
I'm in the same boat, webhooks does not seem to work
FWIW I also had trouble with this. I was able to get pr comments triggering atlantis, but not commits (autoplan). Here is what I ended up with which finally got autoplan working:
Documentation for using a Github App doesn't include what permissions are required for the App itself. Its a much different set of scopes than the Github user
Is there a configuration guide for this, or does anyone know what scopes / permissions are required for baseline Atlantis config for a repo via Github App? Bonus points if they support the PR approval workflow
also, thankyou!