V3.0.0

What's Changed

• Replace deprecated set-output command and apply minor fix to post-build-attest by @odasko in #18
• Add run-security-scans workflow with binary attestation by @odasko in #14
• [SKIP-644] Remove unsafe inputs by @anderssonw in #22
• Fix Terraform Workspace Creation/Selection in run_terraform by @anderssonw in #24
• [SKIP-647] [SKIP-648] Multi option safe string terraform by @anderssonw in #25
• Fix environment scoping for security scans by @anderssonw in #26
• [SKIP-678] Simplify WIF process for product teams by @anderssonw in #27
• [SKIP-678] Add wif improvements to all workflows by @anderssonw in #29

Full Changelog: v2.7.6...v3.0.0

New workflows

Post build attestation

A workflow for performing a binary attestation on a built image. The README should provide a good starting point for using this workflow.

Run security scans

A workflow for running security scans on your docker images and performs binary attestation if no high or critical vulnerabilities are found. The README should provide a good starting point for using this workflow.

Migrating from previous release

All workflows

• workload_identity_provider: Is no longer in use
• auth_project_number: The unique numeral identifier of the project, a 12 digit number. Used to set up workload identity provider. The project number is the same as the project in which the service account running the deployment lies.
• workload_identity_provider_override: A field for overriding the default workload identity provider given by project number and product name.

run-terraform

The following fields must be updated from v2.7.6 and earlier:

• workload_identity_provider: Is no longer in use
• terraform_backend_options: Is split into new input fields called terraform_init_option_x where X is an integer between 1-3.
• terraform_options: Same as with terraform_backend_options, but with the new field terraform_option_x where X also is an integer between 1-3.

The following new fields are added:

• terraform_init_option_x: Replacement for terraform_backend_options. For every option/flag needed in terraform init, put these in separate fields, for example terraform_init_option_1: -backend-config="var=value"
• terraform_option_x: Same as terraform_option_x. Used for terraform plan || destroy