Better handling of PATH env var with initConfig (#401)

* 👔 add new exclusion for PATH env

* ⬆️ bump chart

* ⬆️ bump chart minor

* ✨ Add new PATH envvar logic

* ✅ Add test for new logic

* 📝 update doc

charts/atlantis/Chart.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.28.3
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 5.2.1
+version: 5.3.0
 keywords:
   - terraform
 home: https://www.runatlantis.io

charts/atlantis/README.md

@@ -105,6 +105,7 @@ extraManifests:
 | extraArgs | list | `[]` | Optionally specify extra arguments for the Atlantis pod. Check values.yaml for examples. |
 | extraContainers | list | `[]` | Optionally specify extra containers for the Atlantis pod. Check values.yaml for examples. |
 | extraManifests | list | `[]` | Optionally specify additional manifests to be created. Check values.yaml for examples. |
+| extraPath | string | `""` | Additional path (`:` separated) that will be appended to the system `PATH` environment variable. |
 | extraVolumeMounts | list | `[]` | Optionally specify additional volume mounts for the container. Check values.yaml for examples. |
 | extraVolumes | list | `[]` | Optionally specify additional volumes for the pod. Check values.yaml for examples. |
 | fullnameOverride | string | `""` | Provide a name to substitute for the full names of resources. |

charts/atlantis/templates/_helpers.tpl

@@ -128,3 +128,16 @@ heritage: {{ .Release.Service }}
 {{ toYaml .Values.commonLabels }}
 {{- end }}
 {{- end -}}
+
+{{/*
+Define PATH environment variable that will be used system-wide.
+*/}}
+{{- define "atlantis.pathEnvironmentVariable" -}}
+{{- if .Values.extraPath }}
+{{- printf "%s:" .Values.extraPath -}}
+{{- end -}}
+{{- if .Values.initConfig.sharedDir }}
+{{- printf "%s:" .Values.initConfig.sharedDir -}}
+{{- end -}}
+{{- printf "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" }}
+{{- end -}}

charts/atlantis/templates/statefulset.yaml

@@ -251,6 +251,8 @@ spec:
           {{- toYaml . | nindent 10 }}
           {{- end }}
           {{- end }}
+          - name: PATH
+            value: {{ template "atlantis.pathEnvironmentVariable" . }}
           {{- range $key, $value := .Values.environment }}
           - name: {{ $key }}
             value: {{ $value | quote }}
@@ -485,8 +487,6 @@ spec:
             value: {{ .Values.aws.directory }}/config
           {{- end }}
           {{- if .Values.initConfig.enabled }}
-          - name: PATH
-            value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:{{ .Values.initConfig.sharedDir }}
           - name: INIT_SHARED_DIR
             value: {{ .Values.initConfig.sharedDir }}
           {{- end }}

charts/atlantis/tests/statefulset_test.yaml

@@ -117,6 +117,8 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].env
           value:
+            - name: PATH
+              value: /plugins:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
             - name: ATLANTIS_DATA_DIR
               value: /atlantis-data
             - name: ATLANTIS_REPO_ALLOWLIST
@@ -895,3 +897,58 @@ tests:
       - equal:
           path: spec.template.spec.terminationGracePeriodSeconds
           value: 30
+  - it: extraPath
+    template: statefulset.yaml
+    set:
+      extraPath: "/foo:/bar"
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].env
+          value:
+            - name: PATH
+              value: /foo:/bar:/plugins:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+            - name: ATLANTIS_DATA_DIR
+              value: /atlantis-data
+            - name: ATLANTIS_REPO_ALLOWLIST
+              value: <replace-me>
+            - name: ATLANTIS_PORT
+              value: "4141"
+            - name: ATLANTIS_ATLANTIS_URL
+              value: http://
+  - it: sharedDirPath
+    template: statefulset.yaml
+    set:
+      initConfig.sharedDir: "/home/atlantis"
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].env
+          value:
+            - name: PATH
+              value: /home/atlantis:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+            - name: ATLANTIS_DATA_DIR
+              value: /atlantis-data
+            - name: ATLANTIS_REPO_ALLOWLIST
+              value: <replace-me>
+            - name: ATLANTIS_PORT
+              value: "4141"
+            - name: ATLANTIS_ATLANTIS_URL
+              value: http://
+  - it: extraPathWithSharedDirPath
+    template: statefulset.yaml
+    set:
+      initConfig.sharedDir: "/home/atlantis"
+      extraPath: "/foo:/bar"
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].env
+          value:
+            - name: PATH
+              value: /foo:/bar:/home/atlantis:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+            - name: ATLANTIS_DATA_DIR
+              value: /atlantis-data
+            - name: ATLANTIS_REPO_ALLOWLIST
+              value: <replace-me>
+            - name: ATLANTIS_PORT
+              value: "4141"
+            - name: ATLANTIS_ATLANTIS_URL
+              value: http://

charts/atlantis/values.schema.json

@@ -866,6 +866,10 @@
       "type": "string",
       "description": "Name of a Secret for Atlantis' HTTPS certificate containing the following data items `tls.crt` with the public certificate and `tls.key` with the private key."
     },
+    "extraPath": {
+      "type": "string",
+      "description": "Additional paths that will be appended to the system `PATH` environment variable. These paths should be separated with `:` to match system notation."
+    },
     "environment": {
       "type": "object",
       "description": "Map of environment variables for the container.",

charts/atlantis/values.yaml

@@ -470,6 +470,9 @@ enableKubernetesBackend: false
 # -- TLS Secret Name for Atlantis pod.
 tlsSecretName: ""
 
+# -- Additional path (`:` separated) that will be appended to the system `PATH` environment variable.
+extraPath: ""
+
 # -- Environtment values to add to the Atlantis pod.
 # Check values.yaml for examples.
 environment: {}