Post-workflow hooks not possible to configure for `policy_check` step

Question

Post-workflow hooks not possible to configure for `policy_check` step

Opened this issue a month ago · 0 comments

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

My post-workfow hook does not run after the policy_check step.

I want to send custom metrics/events to Datadog after a policy_check Conftest run, which involves running a script to do so. This script needs access to $POLICYCHECKFILE to determine if there were any errors in the policy_check step.

Earlier, I had a post-workflow hook after the plan step, but I specifically need the policy_check output, as Conftest policies are overridden to pass on atlantis approve_policies, and I want to capture that when determining the time of a success for a particular PR.

Reproduction Steps

Add a post-workflow step and configure it to run on the policy_check command. See server-side config below.

Logs

Environment details

If not already included, please provide the following:

Atlantis version: v0.29.0
Deployment method: helm
If not running the latest Atlantis version have you tried to reproduce this issue on the latest version: No (no release notes related to it in later versions)
Atlantis flags: --enable-policy-checks

Atlantis server-side config file:
Relevant portions included:

repos:
      - id: /.*/
        apply_requirements: [approved, mergeable]
        workflow: conftest
        allowed_overrides: [workflow, policy_check]
        allow_custom_workflows: true
        delete_source_branch_on_merge: true
        pre_workflow_hooks:
          - run: /home/atlantis/scripts/get-conftest-policies.sh
            commands: plan
        post_workflow_hooks:
          - run: /home/atlantis/scripts/send-conftest-events.sh
            commands: policy_check
      workflows:
        conftest:
          plan:
            steps:
            - init
            - plan
            - show
            - run:
                command: |
                  cp $SHOWFILE /tmp/$BASE_REPO_NAME-$PULL_NUM-$PULL_AUTHOR.json
          policy_check:
            steps:
            - show
            - policy_check:
                extra_args: ["--update", "git::<redacted link>", "--namespace", "example-namespace"]
          apply:
            steps:
            - env:
                name: VAULT_TOKEN
                command: 'cat /vault/secrets/token'
            - apply

Repo atlantis.yaml file is not relevant, using default workflow defined in server-side config above.

Any other information you can provide about the environment/deployment (efs/nfs, aws/gcp, k8s/fargate, etc)
Running on EKS in AWS

Additional Context

n/a