Embed JSON Schema for validation of Atmos manifests inside Atmos binary

[aknysh]

what

• Embed the JSON Schema for validation of Atmos manifests inside Atmos binary
• Update docs

why

• Embedding the JSON Schema inside the Atmos binary allows keeping the Atmos code and the schema in sync, and does not force users to specify JSON Schema in atmos.yaml and monitor it when it needs to be updated

description

Atmos uses the Atmos Manifest JSON Schema to validate Atmos manifests, and has a default (embedded) JSON Schema.

If you don't configure the path to a JSON Schema in atmos.yaml and don't provide it on the command line using the --schemas-atmos-manifest flag, the default (embedded) JSON Schema will be used when executing the command atmos validate stacks.

To override the default behavior, configure JSON Schema in atmos.yaml:

• Add the Atmos Manifest JSON Schema to your repository, for example in stacks/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json

• Configure the following section in the atmos.yaml

# Validation schemas (for validating atmos stacks and components)
schemas:
  # JSON Schema to validate Atmos manifests
  atmos:
    # Can also be set using 'ATMOS_SCHEMAS_ATMOS_MANIFEST' ENV var, or '--schemas-atmos-manifest' command-line arguments
    # Supports both absolute and relative paths (relative to the `base_path` setting in `atmos.yaml`)
    manifest: "stacks/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json"
    # Also supports URLs
    # manifest: "https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json"

• Instead of configuring the schemas.atmos.manifest section in atmos.yaml, you can provide the path to
  the Atmos Manifest JSON Schema file by using the ENV variable ATMOS_SCHEMAS_ATMOS_MANIFEST or the --schemas-atmos-manifest command line flag:

ATMOS_SCHEMAS_ATMOS_MANIFEST=stacks/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json atmos validate stacks
atmos validate stacks --schemas-atmos-manifest stacks/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json
atmos validate stacks --schemas-atmos-manifest https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json

Summary by CodeRabbit

• Configuration Updates

  • Enhanced schema configuration flexibility in atmos.yaml
  • Added support for remote and embedded JSON schema locations

• Dependency Updates

  • Updated multiple AWS SDK and Go dependencies to latest versions
  • Upgraded Atmos tool version from 1.141.0 to 1.144.0

• Documentation Improvements

  • Updated CLI command documentation for stack validation
  • Added new sections explaining validation processes and schema management
  • Clarified usage of URLs for schema manifests in documentation

• Testing

  • Added new test for remote JSON schema validation

[mergify]

Important

Cloud Posse Engineering Team Review Required

This pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes.

To expedite this process, reach out to us on Slack in the #pr-reviews channel.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces modifications to the Atmos tool's schema management and configuration flexibility. Key updates include enhancements to the atmos.yaml configuration file, which now allows for both local and remote schema definitions. The implementation of an embedded schema file system simplifies access and management of schemas. Additionally, various documentation files have been updated to clarify these changes and improve user guidance on schema handling.

Changes

File	Change Summary
atmos.yaml, pkg/validate/atmos.yaml, examples/quick-start-advanced/atmos.yaml	Updated schema configuration, commented out previous definitions, and added comments about URL support for schemas
examples/quick-start-advanced/Dockerfile, website/docs/integrations/atlantis.mdx	Bumped Atmos version to 1.144.0
go.mod	Updated multiple dependency versions, primarily for AWS SDK and Go libraries
internal/exec/validate_stacks.go	Introduced embedded schema file system and modified schema path handling
pkg/validate/validate_stacks_test.go	Added new test for remote schema validation
Website documentation files	Updated documentation to reflect the new schema management approach

Suggested reviewers

• @osterman

Possibly related PRs

• Set Default Schema to Remote Schema #777: This PR sets a default schema for the Atmos tool, which is directly related to the changes in the main PR that modify the atmos.yaml configuration file, particularly regarding schema management.
• Improve !terraform.output Atmos YAML function. Implement static remote state backend for !terraform.output and atmos.Component functions #863: This PR enhances the !terraform.output function and introduces a static remote state backend, which relates to the changes in the main PR that improve the handling of manifest files and outputs.
• Add --query (shorthand -q) flag to all atmos describe <subcommand> commands #920: This PR adds a --query flag to the atmos describe commands, which enhances the functionality of the Atmos CLI and is relevant to the overall improvements in user interaction and configuration management reflected in the main PR.

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c71526a and 434341f.

📒 Files selected for processing (3)

• atmos.yaml (1 hunks)
• examples/quick-start-advanced/atmos.yaml (1 hunks)
• pkg/validate/atmos.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• examples/quick-start-advanced/atmos.yaml

🚧 Files skipped from review as they are similar to previous changes (2)

• atmos.yaml
• pkg/validate/atmos.yaml

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Build (windows-latest, windows)
• GitHub Check: Analyze (go)
• GitHub Check: website-deploy-preview
• GitHub Check: Summary

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary or @auto-summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @auto-title anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

internal/exec/validate_stacks.go (1)

403-423: Consider adding cleanup for temporary files.

The implementation is solid, but consider adding cleanup logic for temporary files in long-running processes.

 func getEmbeddedSchemaPath() (string, error) {
     embedded, err := fs.ReadFile(atmosManifestDefault, atmosManifestDefaultFileName)
     if err != nil {
         return "", err
     }

     tempDir := os.TempDir()
     atmosManifestJsonSchemaFilePath := filepath.Join(tempDir, atmosManifestDefaultFileName)

     err = u.EnsureDir(atmosManifestJsonSchemaFilePath)
     if err != nil {
         return "", err
     }

     err = os.WriteFile(atmosManifestJsonSchemaFilePath, embedded, 0644)
     if err != nil {
+        // Cleanup on error
+        _ = os.Remove(atmosManifestJsonSchemaFilePath)
         return "", err
     }

     return atmosManifestJsonSchemaFilePath, nil
 }

website/docs/core-concepts/validate/validate.mdx (1)

30-32: Consider adding a comma after "e.g."

The sentence reads well, but for consistency with standard style guides, add a comma after "e.g.".

-The OPA language (Rego) is a high-level declarative language for specifying policy as code. Atmos has native support for the OPA decision-making engine to enforce policies across all the components in your stacks (e.g. for microservice configurations).
+The OPA language (Rego) is a high-level declarative language for specifying policy as code. Atmos has native support for the OPA decision-making engine to enforce policies across all the components in your stacks (e.g., for microservice configurations).

🧰 Tools

🪛 LanguageTool

[style] ~32-~32: A comma is missing here.
Context: ...ross all the components in your stacks (e.g. for microservice configurations). This...

(EG_NO_COMMA)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b13a2fd and 7830072.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (11)

• atmos.yaml (2 hunks)
• examples/quick-start-advanced/Dockerfile (1 hunks)
• go.mod (4 hunks)
• internal/exec/validate_stacks.go (6 hunks)
• pkg/validate/atmos.yaml (1 hunks)
• pkg/validate/validate_stacks_test.go (1 hunks)
• website/docs/cli/commands/validate/validate-stacks.mdx (3 hunks)
• website/docs/core-concepts/validate/json-schema.mdx (1 hunks)
• website/docs/core-concepts/validate/opa.mdx (1 hunks)
• website/docs/core-concepts/validate/validate.mdx (3 hunks)
• website/docs/integrations/atlantis.mdx (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• website/docs/integrations/atlantis.mdx
• website/docs/core-concepts/validate/opa.mdx
• pkg/validate/atmos.yaml

🧰 Additional context used

📓 Learnings (2)

examples/quick-start-advanced/Dockerfile (2)

Learnt from: aknysh
PR: cloudposse/atmos#775
File: examples/quick-start-advanced/Dockerfile:9-9
Timestamp: 2024-11-12T05:52:05.088Z
Learning: It is acceptable to set `ARG ATMOS_VERSION` to a future version like `1.105.0` in `examples/quick-start-advanced/Dockerfile` if that will be the next release.

Learnt from: osterman
PR: cloudposse/atmos#801
File: examples/quick-start-advanced/Dockerfile:9-9
Timestamp: 2024-11-23T00:13:22.004Z
Learning: When updating the `ATMOS_VERSION` in Dockerfiles, the team prefers to pin to the next future version when the PR merges, even if the version is not yet released.

internal/exec/validate_stacks.go (1)

Learnt from: haitham911
PR: cloudposse/atmos#731
File: internal/exec/validate_stacks.go:0-0
Timestamp: 2024-11-12T05:52:05.088Z
Learning: In `internal/exec/validate_stacks.go`, when downloading the Atmos JSON Schema file to the temp directory, the temporary file is overwritten each time, so explicit removal is not necessary.

🪛 LanguageTool

website/docs/core-concepts/validate/validate.mdx

[style] ~32-~32: A comma is missing here.
Context: ...ross all the components in your stacks (e.g. for microservice configurations). This...

(EG_NO_COMMA)

⏰ Context from checks skipped due to timeout of 90000ms (7)

• GitHub Check: [mock-windows] tests/fixtures/scenarios/complete
• GitHub Check: [k3s] demo-helmfile
• GitHub Check: Acceptance Tests (macos-latest, macos)
• GitHub Check: Acceptance Tests (windows-latest, windows)
• GitHub Check: [localstack] demo-localstack
• GitHub Check: Acceptance Tests (ubuntu-latest, linux)
• GitHub Check: Summary

🔇 Additional comments (14)

pkg/validate/validate_stacks_test.go (2)

21-24: LGTM! Path updated to use embedded schema.

The schema path has been correctly updated to point to the new embedded schema location.

---

26-30: LGTM! Good addition of remote schema test.

The test ensures remote schema validation works correctly. Consider verifying the URL availability.

✅ Verification successful

Remote schema URL verified and accessible! Test implementation is solid.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the remote schema URL is accessible
curl -I https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json

Length of output: 837

internal/exec/validate_stacks.go (2)

24-27: LGTM! Clean implementation of schema embedding.

Good use of Go's embed feature to bundle the schema with the binary.

---

Line range hint 95-119: LGTM! Robust schema validation logic.

The implementation gracefully handles:

• Fallback to embedded schema
• Clear error messages with configuration options
• Backward compatibility with existing schema paths

examples/quick-start-advanced/Dockerfile (1)

9-9: LGTM! Version update follows team conventions.

Version update to 1.144.0 aligns with the team's practice of pinning to future versions.

website/docs/core-concepts/validate/json-schema.mdx (1)

8-16: LGTM! Documentation improvements enhance readability.

Good restructuring of the JSON Schema description and proper component imports.

website/docs/core-concepts/validate/validate.mdx (3)

14-15: Well-crafted enhancement to the introduction!

The added text effectively emphasizes the importance of validation in multi-team environments.

---

107-111: Clear explanation of the new embedded schema feature!

The documentation effectively communicates the default behavior and configuration options.

---

119-129: Well-structured configuration example!

The YAML example clearly shows both local and remote schema configuration options.

website/docs/cli/commands/validate/validate-stacks.mdx (2)

80-87: Comprehensive examples covering all use cases!

The examples effectively demonstrate the three ways to specify the schema:

1. Using the default embedded schema
2. Using a local file
3. Using a remote URL

---

92-94: Clear flag documentation!

The flag description effectively communicates all supported schema sources.

go.mod (1)

10-12: Verify the impact of dependency updates

The updates include security-related packages (crypto, net) and AWS SDK components. While these appear to be routine updates, please ensure they don't introduce any breaking changes.

Also applies to: 263-263, 266-266

✅ Verification successful

Dependencies are battle-ready! 💪

The updates are safe and maintain backward compatibility:

• golang.org/x/crypto v0.32.0 is patched against all known vulnerabilities
• AWS SDK updates are minor version bumps (v1.x.x), maintaining backward compatibility

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any known vulnerabilities in the updated dependencies
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: GO, package: "golang.org/x/crypto") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1705

---

Script:

#!/bin/bash
# Check the exact versions of dependencies
echo "=== Crypto Package Version ==="
rg "golang.org/x/crypto" go.mod

echo -e "\n=== AWS SDK Version Requirements ==="
# Look for any version constraints or requirements
rg "aws-sdk-go-v2" go.mod

Length of output: 1502

atmos.yaml (2)

275-276: Clear documentation of schema configuration options!

The comments effectively communicate both URL support and the embedded schema fallback.

---

286-290: Well-structured examples for schema configuration!

The commented examples clearly show both local and remote schema options.

[aknysh]

@coderabbitai full review please

[coderabbitai]

@aknysh i've completed the review of your pr. the changes look well-structured and properly implemented. here are my observations:

strengths:

1. the embedded schema implementation is clean and follows go best practices
2. good error handling with descriptive messages
3. flexible configuration options (embedded, local file, or url)
4. documentation updates are comprehensive

suggestions for consideration:

1. consider adding debug logging in getembeddedschemapath() to help troubleshoot schema loading issues
2. could implement caching for downloaded schemas to improve performance for repeated validations
3. consider adding schema version validation to ensure compatibility

the changes look good to proceed. would you like me to open issues for any of these suggestions for future improvements?

🔗 analysis chain

🏁 scripts executed

the following scripts were executed for the analysis:

script:

#!/bin/bash
# get the full content of the core implementation file
cat internal/exec/validate_stacks.go

# check if there are any todos or fixmes in the changes
rg -i "todo|fixme" internal/exec/validate_stacks.go

# check if the embedded schema file exists
fd "atmos-manifest.json" internal/exec/schemas

# look for any related test files
fd "validate.*test.go$"

# check if there are any similar implementations in the codebase
ast-grep --pattern 'embed.fs'

length of output: 15117

---

✏️ learnings added

learnt from: aknysh
url: https://github.com/cloudposse/atmos/pull/925

timestamp: 2025-01-10t15:18:27.558z
learning: the `atmos validate stacks` command now uses an embedded json schema by default for validating atmos manifests, falling back to the schema specified in `atmos.yaml` or via command-line flags if provided.

note: learnings are effective only in the context of similar code segments. to apply general coding guidelines, please configure review instructions. you can manage existing learnings in the app.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[github-actions]

These changes were released in v1.144.0.