Atlantis Acting on Non-Whitelisted GitHub Repositories

[gulzat214]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

Atlantis is incorrectly processing events and attempting to act on GitHub repositories that are not included in the orgAllowlist configuration. Specifically, it is trying to handle events for a repository named Company/development, which is outside the defined orgAllowlist. This behavior disrupts workflows for repositories where Atlantis is not configured, leading to unnecessary noise and potential workflow issues. Below is an example of my values.yaml configuration for the Helm chart deployment:

This repo is not allowlisted for Atlantis

Environment details

Expected Behavior Atlantis should only process events for repositories matching the orgAllowlist pattern (Company/tf-* in this case) and ignore all others. Actual Behavior Atlantis is processing events for repositories outside the allowlist (e.g., Company/development), which is causing disruptions.

[dosubot[bot]]

Hey @gulzat214! I'm here to help you with any bugs, questions, or contributions. Feel free to ask for assistance while waiting for a human maintainer.

To address the issue of Atlantis processing events for non-allowlisted repositories, you should first verify the orgAllowlist configuration in your values.yaml file. Ensure that the pattern is correctly specified to match only the intended repositories. For example, if you want to allowlist repositories with names starting with tf- under the Company organization, your configuration should look like this:

orgAllowlist: github.com/Company/tf-*

Here are some steps to troubleshoot and verify the configuration:

1. Check the orgAllowlist Syntax: Ensure that the syntax in your values.yaml file is correct and matches the intended pattern. The use of wildcards (*) should be precise to avoid unintended matches.

2. Review the Logs: Examine the Atlantis logs to see how it is interpreting the orgAllowlist. Look for entries related to the RepoAllowlistChecker to understand why a non-allowlisted repository might be processed.

3. Test with a Minimal Configuration: Temporarily simplify your orgAllowlist to a very specific pattern to see if the issue persists. For example, use github.com/Company/tf-specific-repo to test if Atlantis correctly restricts its actions.

4. Check for Recent Changes: If there have been recent updates to Atlantis or your configuration, review those changes to ensure they haven't inadvertently affected the allowlist behavior.

If the issue persists despite these checks, it might be helpful to look into any recent changes in the Atlantis codebase that could affect the orgAllowlist feature, although no specific updates were identified in the available information.

To continue talking to Dosu, mention @dosu.

[gulzat214]

@dosu there were no recent changes in the atlantis config. It was not pulling events from repos that are not in the allow list. Everything is the same in my config file as it was before

[dosubot[bot]]

If there haven't been any recent changes in your Atlantis configuration and it was previously working as expected, consider the following steps to further investigate the issue:

1. Double-Check the Configuration: Even if there were no changes, it's worth re-examining the orgAllowlist configuration to ensure there are no unnoticed typos or syntax errors.

2. Atlantis Version: Verify the version of Atlantis you are using. If there was an automatic update or deployment change, it might have introduced a bug affecting the orgAllowlist behavior.

3. Logs for Clues: Look at the Atlantis logs for any anomalies or error messages that might indicate why it is processing non-allowlisted repositories. Pay special attention to entries related to the RepoAllowlistChecker.

4. Environment Changes: Consider any changes in your environment that might affect how Atlantis interacts with GitHub, such as network configurations, permissions, or GitHub webhook settings.

5. Test with a Specific Pattern: As a diagnostic step, try setting the orgAllowlist to a very specific pattern that should only match one repository. This can help determine if the issue is with pattern matching.

If these steps do not resolve the issue, it might be beneficial to look into any potential bugs or issues in the Atlantis codebase related to the orgAllowlist feature, although no specific issues were identified in the available information.

To continue talking to Dosu, mention @dosu.

[gulzat214]

@dosu this is my repo allow list orgAllowlist: github.com/Company/terraform,github.com/Company/tf-*,github.com/Company-marketing-services/tf-* And altantis is responding to the events in a repo name github.com/Company-marketing-services/test