Toolchain prepends relative paths to PATH, causing exec: "terraform": cannot run executable found relative to current directory in custom commandsΒ #2089
Description
Describe the Bug
Custom command steps that invoke atmos terraform subcommands fail with the error:
exec: "terraform": cannot run executable found relative to current directory
This only occurs when the command is executed through a custom command step. Running the exact same atmos terraform command directly from the shell succeeds without issues.
For example, this fails:
atmos util lock <component> -s <stack>
But the underlying command it executes works fine when run directly:
atmos terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=linux_amd64 <component> -s <stack>
The toolchain feature is enabled with .tool-versions managing terraform and atmos versions.
Expected Behavior
The toolchain should prepend absolute paths to PATH (e.g., /absolute/path/to/project/.tools/bin/hashicorp/terraform/1.14.2) so that subprocess invocations resolve toolchain binaries correctly regardless of working directory context.
Steps to Reproduce
- Configure
atmos.yamlwith toolchain enabled:
toolchain:
file_path: ".tool-versions"
install_path: ".tools"
components:
terraform:
command: terraform
- Create
.tool-versions:
atmos 1.206.2
terraform 1.14.2
- Define a custom command in
.atmos.d/commands.yaml:
commands:
- name: util
commands:
- name: lock
description: Execute 'terraform lock' command for all OS platforms
arguments:
- name: component
description: Name of the component
flags:
- name: stack
shorthand: s
description: Name of the stack
required: true
steps:
- atmos terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=linux_amd64 {{ .Arguments.component }} -s {{ .Flags.stack }}
- Run the custom command:
atmos util lock <component> -s <stack>
- Observe the error:
Error: exec: "terraform": cannot run executable found relative to current directory
- Verify by adding a debug step (echo "PATH=$PATH") β PATH shows:
PATH=.tools/bin/cloudposse/atmos/1.206.2:.tools/bin/hashicorp/terraform/1.14.2:/usr/local/bin:...
- Running the same command directly works:
atmos terraform providers lock -platform=windows_amd64 -platform=darwin_amd64 -platform=linux_amd64 <component> -s <stack>
Screenshots
No response
Environment
- Atmos version: 1.206.2
- Terraform version: 1.14.2
- OS: macOS (darwin/arm64)
Additional Context
The root cause is in the toolchain PATH setup logic. When atmos prepends toolchain directories to PATH for custom command execution, it uses relative paths like .tools/bin/hashicorp/terraform/1.14.2 instead of resolving them to absolute paths first. This conflicts with Go's exec.LookPath security change in Go 1.19 that rejects executables found via relative PATH entries.
Current workaround is to override PATH in the custom command step with absolute paths:
steps:
- >-
PATH="$(pwd)/.tools/bin/cloudposse/atmos/1.206.2:$(pwd)/.tools/bin/hashicorp/terraform/1.14.2:$PATH"
atmos terraform providers lock ...