From 5706f4e4c19e0f4a23749db9f50a5cf170b69be0 Mon Sep 17 00:00:00 2001 From: cw-atkhry Date: Tue, 19 May 2026 09:48:51 +0900 Subject: [PATCH] atlantis-aws: bump Atlantis to 0.42.0 to fix expired HashiCorp GPG key Atlantis <= 0.41.0 ships hc-install v0.9.2, which embeds the HashiCorp GPG key 72D7468F that expired on 2026-04-18. At runtime, Atlantis uses hc-install to verify Terraform binaries it downloads on demand, so any Terraform version not baked into this image (e.g., 1.15.x) fails with: error downloading terraform version : unable to verify checksums signature: openpgp: key expired Upstream fix (runatlantis/atlantis#6410) bumped hc-install to v0.9.4, which carries the renewed key (valid until 2030-03-01 per HCSEC-2026-03). That fix shipped in atlantis v0.42.0. Refs: - runatlantis/atlantis#6405 - runatlantis/atlantis#6410 - https://discuss.hashicorp.com/t/hcsec-2026-03-hashicorp-gpg-key-72d7468f-update/77237 --- atlantis-aws/Dockerfile | 2 +- atlantis-aws/goss/goss.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/atlantis-aws/Dockerfile b/atlantis-aws/Dockerfile index a98d756e1..84769e1b9 100644 --- a/atlantis-aws/Dockerfile +++ b/atlantis-aws/Dockerfile @@ -1,7 +1,7 @@ FROM chatwork/aws:2.34.15 ARG TARGETARCH -ARG ATLANTIS_VERSION=0.40.0 +ARG ATLANTIS_VERSION=0.42.0 ARG GOSU_VERSION=1.19 ARG GIT_LFS_VERSION=3.7.1 ARG DUMB_INIT_VERSION=1.2.5 diff --git a/atlantis-aws/goss/goss.yaml b/atlantis-aws/goss/goss.yaml index 6da713d29..3f1dc733d 100644 --- a/atlantis-aws/goss/goss.yaml +++ b/atlantis-aws/goss/goss.yaml @@ -33,7 +33,7 @@ command: /usr/local/bin/atlantis version: exit-status: 0 stdout: - - 0.40.0 + - 0.42.0 /usr/bin/git-lfs --version: exit-status: 0 stdout: