fix: purge stale .tfplan files when updating working dir to new ref#6358
Open
bakayolo wants to merge 1 commit intorunatlantis:mainfrom
Open
fix: purge stale .tfplan files when updating working dir to new ref#6358bakayolo wants to merge 1 commit intorunatlantis:mainfrom
bakayolo wants to merge 1 commit intorunatlantis:mainfrom
Conversation
dosubot
bot
added
bug
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes a safety issue where untracked .tfplan files can survive git reset --hard during updateToRef, allowing a subsequent bare atlantis apply to apply a stale plan created for a previous commit.
Changes:
- After updating the working directory ref (branch strategy and merge strategy), remove stale
.tfplanfiles from the workspace. - Add
deletePlanFiles()helper to walk the workspace and delete.tfplanfiles (skipping.terragrunt-cache). - Update clone/reset tests to assert that stale plan files are deleted after moving to a new commit.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
server/events/working_dir.go |
Deletes stale .tfplan files after updateToRef to prevent applying plans from a previous commit. |
server/events/working_dir_test.go |
Updates reset-on-wrong-commit tests (branch + merge strategy) to assert .tfplan cleanup occurs. |
bakayolo
force-pushed
the
fix/purge-stale-plans-on-ref-update
branch
from
c71302d to
7407ffb
Compare
nandiheath
approved these changes
Apr 2, 2026
When a new commit is pushed to a PR, updateToRef runs `git reset --hard` to move to the new ref. Since .tfplan files are untracked, git reset does not remove them. A subsequent bare `atlantis apply` would then discover these stale plans via PendingPlanFinder and apply plans generated for a previous commit against the current state. Fix this by deleting all .tfplan files (excluding .terragrunt-cache dirs) after every updateToRef, for both the branch and merge checkout strategies. This ensures that a bare apply can never pick up plans from a previous commit. Co-authored-by: Amp <amp@ampcode.com> Signed-off-by: Ben Apprederisse <bena@squareup.com> Amp-Thread-ID: https://ampcode.com/threads/T-019d4fcc-fbba-7678-92bd-d1cfa957e5cb
bakayolo
force-pushed
the
fix/purge-stale-plans-on-ref-update
branch
from
7407ffb to
c435213
Compare
nandiheath
reviewed
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What happened
When a new commit is pushed to a PR,
updateToRefrunsgit reset --hardto move to the new ref. Since.tfplanfiles are untracked,git resetdoes not remove them. A subsequent bareatlantis applydiscovers these stale plans viaPendingPlanFinderand applies plans generated for a previous commit against the current infrastructure state.This was introduced in #5895 ("Do not delete working dir if git falls behind"), which replaced the full reclone with
git reset --hard+ merge for performance. The full reclone naturally wiped all.tfplanfiles, butgit reset --hardleaves untracked files intact.Reproduction scenario
default.tfplanupdateToRefdoesgit reset --hardto commit Bdefault.tfplanfrom commit A survives (untracked files are not cleaned bygit reset --hard)atlantis apply(bare) →PendingPlanFinder.Find()discovers the stale plan → applies itPrior art
--plan-timeoutduration flag as a heavier, timeout-based mitigationHow I fixed it
Added a
deletePlanFilesmethod toFileWorkspacethat walks the clone directory and removes all.tfplanfiles (skipping.terragrunt-cachedirectories). This is called at the end ofupdateToReffor both the branch and merge checkout strategies, immediately after the ref is updated.This is the narrowest fix — it catches the problem at the earliest possible point (when the commit changes), before any plan discovery runs.
Changes
server/events/working_dir.go:deletePlanFiles()helper that usesfilepath.Walkto find and delete.tfplanfilesupdateToRef()server/events/working_dir_test.go:TestClone_ResetOnWrongCommitandTestClone_ResetOnWrongCommitWithMergeStrategyto assert that stale plan files are deleted (previously they asserted plan files survived — that was the buggy behavior)Testing
All existing tests pass with the updated assertions. The fix was validated against both the branch strategy (
TestClone_ResetOnWrongCommit) and merge strategy (TestClone_ResetOnWrongCommitWithMergeStrategy) code paths.