fix: improve describe affected detection for YAML functions and source/provision sections

[aknysh]

what

• Fix YAML functions (!terraform.state, !terraform.output) failing when processing BASE stacks that reference components not present in HEAD
• Fix describe affected not detecting changes to source and provision sections

why

Fix 1: YAML functions ignore BASE paths

When running describe affected, YAML functions like !terraform.state would fail with "Could not find component" errors when:

• BASE (main branch) has a component that doesn't exist in HEAD (PR branch)
• A stack in BASE references that component via !terraform.state or !terraform.output

Root cause: YAML functions created a new AtmosConfiguration from the current working directory (HEAD) instead of using the modified configuration pointing to BASE.

Fix: Pass AtmosConfig through the YAML function resolution chain instead of nil.

Fix 2: Source and provision sections not detected

Changes to source and provision sections were silently ignored:

• source.version changes (e.g., upgrading vendored module versions) were not detected
• provision.workdir.enabled changes were not detected

Root cause: Only metadata, vars, env, settings, and component folder files were checked.

Fix: Add source and provision section checks with affected reasons stack.source and stack.provision.

references

• Test fixtures added for both scenarios
• Documentation: docs/fixes/2026-02-07-describe-affected-yaml-functions-ignore-base-paths.md
• Documentation: docs/fixes/2026-02-07-describe-affected-source-provision-sections.md

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Fixed describe-affected to detect changes in source versioning and workdir configurations for components
  • Resolved YAML function resolution to properly handle base path lookups in describe-affected

• Chores

  • Updated Atmos CLI version to 1.206.0
  • Updated Go module dependencies

[mergify]

Warning

This PR exceeds the recommended limit of 1,000 lines.

Large PRs are difficult to review and may be rejected due to their size.

Please verify that this PR does not address multiple issues.
Consider refactoring it into smaller, more focused PRs to facilitate a smoother review process.

[mergify]

Important

Cloud Posse Engineering Team Review Required

This pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes.

To expedite this process, reach out to us on Slack in the #pr-reviews channel.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Files

• go.mod

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated dependency versions and Atmos CLI to 1.206.0. Added AtmosConfig field to ExecuteDescribeComponentParams for proper path resolution in YAML functions. Introduced source and provision section change detection in describe-affected logic. Added comprehensive test fixtures and test cases for edge cases involving new components in BASE and source vendoring.

Changes

Cohort / File(s)	Summary
Dependency Updates LICENSES.txt, go.mod	Updated 11 dependency version tags and corresponding LICENSE URLs to reflect newer releases (e.g., cloud.google.com/go/storage v1.58.0 → v1.59.2, charmbracelet/bubbles → v0.21.1). No functional logic changes.
Atmos CLI Version Bump examples/quick-start-advanced/Dockerfile, pkg/devcontainer/lifecycle_rebuild_test.go	Updated ATMOS_VERSION from 1.205.0 to 1.206.0 in Dockerfile and test expectations. No control flow changes.
AtmosConfig Propagation internal/exec/component_describer_adapter.go, internal/exec/describe_component.go, internal/exec/terraform_state_utils.go, pkg/terraform/output/executor.go	Added optional AtmosConfig field to ExecuteDescribeComponentParams and propagated it through perf.Track and DescribeComponent execution paths. Ensures YAML functions can resolve components using correct BASE paths.
Source and Provision Section Detection internal/exec/describe_affected_components.go	Added detection logic for source.version and provision.workdir changes in processTerraformComponentsIndexed, processHelmfileComponentsIndexed, and processPackerComponentsIndexed. Introduced new constants: affectedReasonStackSource, affectedReasonStackProvision, sectionNameSource, sectionNameProvision.
Test Infrastructure and Fixtures internal/exec/describe_affected_test.go, internal/exec/describe_affected_utils_test.go, tests/fixtures/scenarios/atmos-describe-affected-new-component-in-base/*, tests/fixtures/scenarios/atmos-describe-affected-source-vendoring/*	Added setupDescribeAffectedTestWithFixture, setupDescribeAffectedNewComponentInBaseTest, setupDescribeAffectedSourceVendoringTest helpers. Added test cases: TestDescribeAffectedNewComponentInBase, TestDescribeAffectedNewComponentInBaseWithYamlFunctions, TestDescribeAffectedSourceVersionChange, TestProcessComponentsSourceAndProvisionChanges. Includes comprehensive fixture configurations for testing edge cases.
Documentation docs/fixes/2026-02-07-describe-affected-source-provision-sections.md, docs/fixes/2026-02-07-describe-affected-yaml-functions-ignore-base-paths.md	Added detailed documentation of two bug fixes: source/provision section detection and YAML function BASE-path resolution. Includes problem statements, implementation approaches, test results, and code examples.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Update atmos describe affected command #1267: Modifies describe-affected execution paths and affected-output handling through similar AtmosConfiguration propagation patterns.
• Deferred YAML Function Evaluation in Merge #1821: Introduces YAMLFunctionProcessor and deferred-merge application that directly aligns with the YAML function path-resolution fixes in this PR.
• fix: Describe Affected Detects Component File Changes. fix: Vendored components with source #2003: Modifies describe-affected component-detection logic for vendored components and git-diff handling, overlapping with this PR's source/provision change detection.

Suggested reviewers

• osterman

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main changes: fixing describe-affected detection for YAML functions and source/provision sections, which are the core objectives.
Docstring Coverage	✅ Passed	Docstring coverage is 86.67% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch aknysh/update-describe-affected-8

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 72.09302% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.06%. Comparing base (3ca5359) to head (ca2fa0f).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/exec/describe_affected_components.go	66.66%	6 Missing and 6 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2061      +/-   ##
==========================================
+ Coverage   76.04%   76.06%   +0.01%     
==========================================
  Files         797      797              
  Lines       74558    74598      +40     
==========================================
+ Hits        56699    56740      +41     
+ Misses      14318    14317       -1     
  Partials     3541     3541              

Flag	Coverage Δ
unittests	76.06% <72.09%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
internal/exec/component_describer_adapter.go	93.54% <100.00%> (+0.21%)	⬆️
internal/exec/describe_component.go	69.04% <100.00%> (ø)
internal/exec/terraform_state_utils.go	73.43% <100.00%> (+3.59%)	⬆️
pkg/terraform/output/executor.go	91.79% <100.00%> (+0.06%)	⬆️
internal/exec/describe_affected_components.go	62.21% <66.66%> (+0.70%)	⬆️

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates dependencies, adds two fix documentation files (source/provision section detection in describe-affected, and AtmosConfig propagation through YAML function evaluation), enhances describe-affected to detect changes in source and provision sections, threads AtmosConfig through component description call chains, and introduces test fixtures and helpers for the new scenarios.

Changes

Cohort / File(s)	Summary
Dependency Updates LICENSED DEPENDENCIES, go.mod, examples/quick-start-advanced/Dockerfile, pkg/devcontainer/lifecycle_rebuild_test.go	Version bumps for cloud.google.com/go/storage, aws-sdk-go-v2, chroma, doublestar, bubbles, and other dependencies; Atmos version updated from 1.205.0 to 1.206.0.
AtmosConfig Propagation internal/exec/describe_component.go, internal/exec/terraform_state_utils.go, internal/exec/component_describer_adapter.go, pkg/terraform/output/executor.go	Added AtmosConfig field to ExecuteDescribeComponentParams and DescribeComponentParams; propagated config through GetTerraformState, ExecuteDescribeComponent, GetOutput, and fetchAndCacheOutputs to preserve configuration context across call chains.
Describe-Affected Enhancements internal/exec/describe_affected_components.go	Introduced new constants for source and provision sections; extended component processing for Terraform, Helmfile, and Packer to detect and flag changes in source.version and provision.workdir.enabled as affected reasons.
Test Scaffolding and Coverage internal/exec/describe_affected_test.go	Added test helpers (setupDescribeAffectedTestWithFixture, setupDescribeAffectedNewComponentInBaseTest, setupDescribeAffectedSourceVendoringTest) and new test cases covering new components in BASE, YAML function resolution with missing components, and source version changes.
Test Fixtures tests/fixtures/scenarios/atmos-describe-affected-new-component-in-base/*, tests/fixtures/scenarios/atmos-describe-affected-source-vendoring/*	New scenario fixtures including atmos.yaml config, stacks configurations with new/modified components, terraform mock components, and variants simulating HEAD vs. BASE state differences.
Documentation docs/fixes/2026-02-07-describe-affected-source-provision-sections.md, docs/fixes/2026-02-07-describe-affected-yaml-functions-ignore-base-paths.md	Added documentation for two fixes: detection of source and provision section changes, and correct AtmosConfig threading through YAML function evaluation to prevent unwanted HEAD-path lookups.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant GetTerraformState
    participant ExecuteDescribeComponent
    participant YAMLResolver
    
    Client->>GetTerraformState: GetTerraformState(atmosConfig)
    GetTerraformState->>ExecuteDescribeComponent: ExecuteDescribeComponent(params with atmosConfig)
    ExecuteDescribeComponent->>YAMLResolver: Resolve YAML functions (e.g., !terraform.state)
    Note over YAMLResolver: Uses params.atmosConfig (BASE path)<br/>instead of nil (recreates from HEAD)
    YAMLResolver-->>ExecuteDescribeComponent: Resolved values
    ExecuteDescribeComponent-->>GetTerraformState: Component state
    GetTerraformState-->>Client: Terraform outputs

Loading

sequenceDiagram
    participant DescribeAffected
    participant ComponentProcessor
    participant SectionComparison
    participant AffectedRegistry
    
    DescribeAffected->>ComponentProcessor: Process component (HEAD vs BASE)
    ComponentProcessor->>SectionComparison: Check metadata/vars/env
    ComponentProcessor->>SectionComparison: Check source section (NEW)
    alt source changed
        SectionComparison->>AffectedRegistry: Mark with stack.source reason
    end
    ComponentProcessor->>SectionComparison: Check provision section (NEW)
    alt provision changed
        SectionComparison->>AffectedRegistry: Mark with stack.provision reason
    end
    AffectedRegistry-->>DescribeAffected: Affected components list

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: Path-based component resolution for all commands #1774: Directly overlaps with broad refactoring to thread AtmosConfiguration and path-based resolution through the execution chain.
• fix: resolve relative component_path against BasePath for --chdir support #2029: Modifies pkg/terraform/output/executor.go similarly to pass AtmosConfig into downstream component resolution.
• fix: Describe Affected Detects Component File Changes. fix: Vendored components with source #2003: Modifies describe-affected component-detection code and tests in parallel.

Suggested reviewers

• osterman
• aknysh

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly summarizes the main changes: fixing describe affected detection for YAML functions and source/provision sections.
Docstring Coverage	✅ Passed	Docstring coverage is 92.31% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch aknysh/update-describe-affected-8

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@internal/exec/describe_affected_test.go`:
- Around line 1222-1234: The test currently only logs whether the prometheus
component was found (variable foundPrometheus) but never asserts, so failures
are silent; update the test after the loop over affected to assert that
foundPrometheus is true (e.g., use t.Fatalf or t.Errorf) with a clear message
mentioning prometheus and the affected slice length, ensuring the test fails
when the prometheus component is not detected by the code under test (keep the
existing t.Logf for extra context).

🧹 Nitpick comments (4)

internal/exec/component_describer_adapter.go (1)

14-36: AtmosConfig propagation through the adapter — solid.

One small thing: line 15 uses perf.Track(nil, ...) but params.AtmosConfig is now available. Could pass it for consistency with the rest of the chain.

Optional fix

-	defer perf.Track(nil, "exec.componentDescriberAdapter.DescribeComponent")()
+	defer perf.Track(params.AtmosConfig, "exec.componentDescriberAdapter.DescribeComponent")()

internal/exec/describe_affected_components.go (1)

301-322: Consider extracting the repeated source/provision check blocks.

The source and provision checks are now copy-pasted across all three processors (Terraform, Helmfile, Packer), identical except for the component type and Spacelift parameters. The doc itself mentions Option B (generic section iteration) as a cleaner approach. Given the existing duplication in the file, this isn't urgent, but worth considering to avoid drift.

Also applies to: 411-432

internal/exec/describe_affected_test.go (2)

1335-1337: Prefer require.NoError over t.Fatalf for consistency.

The rest of the file uses require.NoError(t, err) for fatal error checks. This one spot uses t.Fatalf with a manual format string.

Suggested change

-	if err != nil {
-		t.Fatalf("Unexpected error: %v", err)
-	}
+	require.NoError(t, err)

---

1365-1393: Mix of t.Errorf and assert for the same kind of check.

foundVpcSource/foundVpcSourceWorkdir/foundWorkdirOnly use t.Errorf when not found but assert.Equal when found. Consider using require.True for the found checks to fail fast, then assert.Equal for the reason — keeps the pattern uniform.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

NOTICE (1)

1-1: ⚠️ Potential issue | 🟡 Minor

NOTICE file is out of date per CI.

The pipeline reports this file needs regeneration. Run ./scripts/generate-notice.sh locally and commit the result. Based on learnings, this file is programmatically generated and should not be manually edited.

🧹 Nitpick comments (3)

internal/exec/describe_affected_components.go (1)

301-322: Helmfile and Packer source/provision checks are consistent.

Both pass false, nil for Spacelift admin stacks, matching the existing convention in those functions. The three-way duplication is acknowledged via nolint:dupl — the doc's Option B (loop-based approach) could reduce this in the future if more sections are added.

Also applies to: 411-432

internal/exec/describe_affected_test.go (2)

1129-1184: Good extraction of the common setup pattern.

This reusable helper cuts duplication across the new test scenarios. The copy options and skip logic mirror the existing setupDescribeAffectedTest — you could extract the cp.Options construction into a shared helper to eliminate the remaining duplication, but that's optional cleanup.

---

1279-1295: Error-matching logic is pragmatic but fragile.

String-matching "not provisioned" vs "Could not find" in the error message works for validating this specific bug fix, but if upstream error messages change, this test could silently pass or fail for the wrong reason. Consider defining sentinel errors or at least a comment noting the dependency on specific error wording.

Not blocking — this is a reasonable tradeoff for an integration test verifying a specific fix.

[github-actions]

These changes were released in v1.206.0-rc.3.