New api/plan endpoint throwing errors due to trying to add status

[endriu0]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

New api/plan endpoint is working and creating a plan fine but response from atlantis is 500 instead of 201. In logs I see a bunch of errors about the branch being used instead of sha for the api call :

https://github/api/v3/repos/my-org/my-repo/statuses/my-branch

Reproduction Steps

1. Enable api on atlantis / github
2. Call the api with similar data :

{
"Repository": "my-org/my-repos",
"Ref": "my-branch",
"Type": "Github",
"Paths": [{
"Directory": "my-directory",
"Workspace": "default"
}]
}

3. Plan gets returned but the call gives 500
4. Observe in the logs a bunch of errors about sha being too short for the job.

Logs

Provide log files from Atlantis server

Logs

{"level":"error","ts":"2022-08-18T08:45:07.784Z","caller":"events/project_command_runner.go:165","msg":"updating project PR status%!(EXTRA *github.ErrorResponse=POST https://github/api/v3/repos/my-org/my-repo/statuses/my-branch: 422 Validation Failed [{Resource:Status Field:sha Code:custom Message:sha must be a 40 character SHA1}])","json":{},"stacktrace":"github.com/runatlantis/atlantis/server/events.(*ProjectOutputWrapper).updateProjectPRStatus\n\tgithub.com/runatlantis/atlantis/server/events/project_command_runner.go:165\ngithub.com/runatlantis/atlantis/server/events.(*ProjectOutputWrapper).Plan\n\tgithub.com/runatlantis/atlantis/server/events/project_command_runner.go:149\ngithub.com/runatlantis/atlantis/server/events.RunAndEmitStats\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:39\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandRunner).Plan\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:13\ngithub.com/runatlantis/atlantis/server/controllers.(*APIController).apiPlan\n\tgithub.com/runatlantis/atlantis/server/controllers/api_controller.go:151\ngithub.com/runatlantis/atlantis/server/controllers.(*APIController).Plan\n\tgithub.com/runatlantis/atlantis/server/controllers/api_controller.go:89\nnet/http.HandlerFunc.ServeHTTP\n\tnet/http/server.go:2047\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\tgithub.com/gorilla/mux@v1.8.0/mux.go:210\ngithub.com/urfave/negroni.Wrap.func1\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/runatlantis/atlantis/server.(*RequestLogger).ServeHTTP\n\tgithub.com/runatlantis/atlantis/server/middleware.go:68\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Recovery).ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/recovery.go:193\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\tnet/http/server.go:2879\nnet/http.(*conn).serve\n\tnet/http/server.go:1930"}

{"level":"error","ts":"2022-08-18T08:45:07.784Z","caller":"events/project_command_runner.go:165","msg":"updating project PR status%!(EXTRA *github.ErrorResponse=POST https://github/api/v3/repos/my-org/my-repo/statuses/my-nranch: 422 Validation Failed [{Resource:Status Field:sha Code:custom Message:sha must be a 40 character SHA1}])","json":{},"stacktrace":"github.com/runatlantis/atlantis/server/events.(*ProjectOutputWrapper).updateProjectPRStatus\n\tgithub.com/runatlantis/atlantis/server/events/project_command_runner.go:165\ngithub.com/runatlantis/atlantis/server/events.(*ProjectOutputWrapper).Plan\n\tgithub.com/runatlantis/atlantis/server/events/project_command_runner.go:149\ngithub.com/runatlantis/atlantis/server/events.RunAndEmitStats\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:39\ngithub.com/runatlantis/atlantis/server/events.(*InstrumentedProjectCommandRunner).Plan\n\tgithub.com/runatlantis/atlantis/server/events/instrumented_project_command_runner.go:13\ngithub.com/runatlantis/atlantis/server/controllers.(*APIController).apiPlan\n\tgithub.com/runatlantis/atlantis/server/controllers/api_controller.go:151\ngithub.com/runatlantis/atlantis/server/controllers.(*APIController).Plan\n\tgithub.com/runatlantis/atlantis/server/controllers/api_controller.go:89\nnet/http.HandlerFunc.ServeHTTP\n\tnet/http/server.go:2047\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\tgithub.com/gorilla/mux@v1.8.0/mux.go:210\ngithub.com/urfave/negroni.Wrap.func1\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/runatlantis/atlantis/server.(*RequestLogger).ServeHTTP\n\tgithub.com/runatlantis/atlantis/server/middleware.go:68\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Recovery).ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/recovery.go:193\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\tgithub.com/urfave/negroni@v1.0.0/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\tnet/http/server.go:2879\nnet/http.(*conn).serve\n\tnet/http/server.go:1930"}

Environment details

If not already included, please provide the following:

• Atlantis version: v0.19.8
• If not running the latest Atlantis version have you tried to reproduce this issue on the latest version:
• Atlantis flags: --enable-policy-checks

Atlantis server-side config file:

Too big to post here - everything working except the new api addition

Repo atlantis.yaml file:

# config file

Any other information you can provide about the environment/deployment.

Github: Github Enterprise server / Self-Hosted

Additional Context

Looks that all that needs to be done is the status-update call needs to be skipped if the call type is on api/plan / api/apply and that should hopefully stop the 500s or if we want to keep it then we should add new field to apicall for sha instead of branch.

[endriu0]

Update since a lot of investigation was ongoing in the background.

1. This only throws 500 when policy checks are enabled. After disabling policy checks it gives 200 correctly even though the errors about not being able to update PR with status check are still there.
2. My current suspicion is that because we run below in plan step :

                 - run: terraform${ATLANTIS_TERRAFORM_VERSION} plan -input=false -refresh -no-color -out $PLANFILE $CLEAN_ARGS
                  - run: terraform${ATLANTIS_TERRAFORM_VERSION} show -json $PLANFILE > $PLANFILE.json

This $PLANFILE.json is then used by some of our policy checks to including module version / tags etc. When running normal PR the files including .terraform are left there until PR is either closed / applied or unlocked so they can be used by policy checks. On api calls none of those files persist (atleast looking at the pod dir straight after api plan the directory only has default configs as if it was just cloned ). Are we cleaning up the directory after plan step is done or after policy checks are done ?

3. Big thread with all the above investigation / information on Slack : https://atlantis-community.slack.com/archives/C5MGGAV0C/p1660813744175959

[jamengual]

@lilincmu

[github-actions]

This issue is stale because it has been open for 1 month with no activity. Remove stale label or comment or this will be closed in 1 month.'

[parmouraly]

Hey any news on this one?
I'm impacted by the same issue, api/plan returns 500 and I can see the status update failure in the logs

This only throws 500 when policy checks are enabled

@endriu0 I don't think policy checks affect this outcome at the latest version of Atlantis. I still get the same error.

[nitrocode]

@parmouraly no news. Feel free to propose a pr if you know of a fix and the maintainers would be happy to review 😄

[github-actions]

This issue is stale because it has been open for 1 month with no activity. Remove stale label or comment or this will be closed in 1 month.'