feat: Add use plugin cache flag (runatlantis#3720)

* feat: Add use plugin cache bool flag

* feat: Added use-plugin-cache doc

* feat: refactor to reflect terrafrom in plugin cache flag

Co-authored-by: Simon Heather <32168619+X-Guardian@users.noreply.github.com>

* fix: missing closing in bash block documentation

* fix: typo in flag example

* feat: improve docs

* feat: performance implications documented

* feat: increase terraform minor version to 1.3.10

---------

Co-authored-by: Simon Heather <32168619+X-Guardian@users.noreply.github.com>

Dockerfile

@@ -125,7 +125,7 @@ ENV DEFAULT_TERRAFORM_VERSION=1.5.7
 
 # In the official Atlantis image, we only have the latest of each Terraform version.
 # Each binary is about 80 MB so we limit it to the 4 latest minor releases or fewer
-RUN AVAILABLE_TERRAFORM_VERSIONS="1.2.9 1.3.9 1.4.6 ${DEFAULT_TERRAFORM_VERSION}" && \
+RUN AVAILABLE_TERRAFORM_VERSIONS="1.2.9 1.3.10 1.4.6 ${DEFAULT_TERRAFORM_VERSION}" && \
     case "${TARGETPLATFORM}" in \
         "linux/amd64") TERRAFORM_ARCH=amd64 ;; \
         "linux/arm64") TERRAFORM_ARCH=arm64 ;; \

cmd/server.go

@@ -134,6 +134,7 @@ const (
 	RestrictFileList           = "restrict-file-list"
 	TFDownloadFlag             = "tf-download"
 	TFDownloadURLFlag          = "tf-download-url"
+	UseTFPluginCache             = "use-tf-plugin-cache"
 	VarFileAllowlistFlag       = "var-file-allowlist"
 	VCSStatusName              = "vcs-status-name"
 	TFEHostnameFlag            = "tfe-hostname"
@@ -568,6 +569,10 @@ var boolFlags = map[string]boolFlag{
 		description:  "Remove no-changes plan comments from the pull request.",
 		defaultValue: false,
 	},
+	UseTFPluginCache: {
+		description:  "Enable the use of the Terraform plugin cache",
+		defaultValue: true,
+	},
 }
 var intFlags = map[string]intFlag{
 	CheckoutDepthFlag: {

runatlantis.io/docs/server-configuration.md

@@ -989,6 +989,21 @@ Setting this to `false` can be useful in an air-gapped environment where a downl
   ```
   A token for Terraform Cloud/Terraform Enterprise integration. See [Terraform Cloud](terraform-cloud.html) for more details.
 
+### `--use-tf-plugin-cache`
+```bash
+atlantis server --use-tf-plugin-cache=false
+# or
+ATLANTIS_USE_TF_PLUGIN_CACHE=false
+```
+Set to false if you want to disable terraform plugin cache.
+
+This flag is useful when having multiple projects that need to run a plan and apply in the same PR to avoid the race condition of `plugin_cache_dir` concurrently, this is a terraform known issue, more info:
+
+- [plugin_cache_dir concurrently discussion](https://github.com/hashicorp/terraform/issues/31964)
+- [PR to improve the situation](https://github.com/hashicorp/terraform/pull/33479)
+
+The effect of the race condition is more evident when using parallel configuration to run plan and apply, by disabling the use of plugin cache will impact in the performance when starting a new plan or apply, but in large atlantis deployments with multiple projects and shared modules the use of `--parallel_plan` and `--parallel_apply` is mandatory for an efficient managment of the PRs.
+
 ### `--var-file-allowlist`
   ```bash
   atlantis server --var-file-allowlist='/path/to/tfvars/dir'

server/server.go

@@ -413,7 +413,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 		userConfig.TFDownloadURL,
 		&terraform.DefaultDownloader{},
 		userConfig.TFDownload,
-		true,
+		userConfig.UseTFPluginCache,
 		projectCmdOutputHandler)
 	// The flag.Lookup call is to detect if we're running in a unit test. If we
 	// are, then we don't error out because we don't have/want terraform

server/user_config.go

@@ -125,6 +125,7 @@ type UserConfig struct {
 	WebPassword            string          `mapstructure:"web-password"`
 	WriteGitCreds          bool            `mapstructure:"write-git-creds"`
 	WebsocketCheckOrigin   bool            `mapstructure:"websocket-check-origin"`
+	UseTFPluginCache         bool            `mapstructure:"use-tf-plugin-cache"`
 }
 
 // ToAllowCommandNames parse AllowCommands into a slice of CommandName