Skip to content

Latest commit

 

History

History
729 lines (504 loc) · 38.3 KB

CHANGELOG.md

File metadata and controls

729 lines (504 loc) · 38.3 KB
Raw

Changelog

This is the changelog for dflook/terraform-github-actions All notable changes to this project will be documented in this file.

For more information see the README.md.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

The actions are versioned as a suite. Some actions may have no change in behaviour between versions.

When using an action you can specify the version as:

  • @v1.42.0 to use an exact release
  • @v1.42 to use the latest patch release for the specific minor version
  • @v1 to use the latest patch release for the specific major version

1.42.0 - 2024-03-01

Added

  • A new GITHUB_DOT_COM_TOKEN environment variable may be set to an authentication token to use for GitHub.com API requests.

    This is only useful to avoid rate limiting when using the actions with GitHub Enterprise together with OpenTofu.

    Normally the GITHUB_TOKEN environment variable is used for API requests. When using GitHub Enterprise, the GITHUB_TOKEN is the token for the GitHub Enterprise instance, and not the GitHub.com API. OpenTofu requires the GitHub.com API to fetch release information.

1.41.2 - 2024-02-11

Fixed

  • Integration with Terraform cloud workspaces using Terraform >=1.6.

    Previously applying a plan to a Terraform cloud workspace that used Terraform >=1.6 would fail.

1.41.1 - 2024-01-17

Fixed

  • Reading the terraform version from a .tool-versions file in the workspace root. Previously this was only working when the .tool-versions file was in a subdirectory of the workspace.

1.41.0 - 2024-01-12

Added

  • Downloaded OpenTofu checksum files are now verified using the OpenTofu public gpg key, beginning with OpenTofu v1.6.0.

1.40.0 - 2024-01-10

Added

  • An optional plan_path input for dflook/terraform-apply, and matching plan_path output for dflook/terraform-plan.

    This allows passing the generated plan from the plan step to the apply step, if you have a secure place to store it.

    The default behaviour when this is not set is unchanged - the apply step will generate a fresh plan and compare it to the plan from the PR comment. By passing the plan from the plan step to the apply step, the apply step will skip generating a plan and use the passed plan instead. It must still match the plan in the PR comment.

    This can be much faster than planning the same change twice, but is not necessarily a better choice. See the dflook/terraform-apply docs for details.

  • A new to_import output for dflook/terraform-plan, which is the number of resources that would be imported by the plan.

    This joins the existing to_add, to_change, to_destroy and to_move outputs.

1.39.0 - 2023-12-24

Added

  • Coloured highlighting for the plan in PR comments.

    The plan shown in PR comments now uses diff syntax highlighting, making it easier to see the effect of the plan.

Fixed

  • Some workarounds were added for defective self-hosted runners that run docker based actions in broken environments.

    This includes Actions Runner Controller with containerMode: "kubernetes".

1.38.0 - 2023-12-08

Added

  • Terraform outputs are added to the PR comment after the plan is applied.

    This is useful for seeing the values of outputs that are only available after apply, e.g. the public IP of a created resource. Previously this was only visible in the workflow log.

  • The new always-new option for the add_github_comment input of dflook/terraform-plan.

    This will always add a new comment for each plan that is generated, instead of updating an existing comment if one exists. This can be preferable if you are iterating on a plan and want to see each plan in the correct place in the PR timeline.

    The default behaviour is unchanged and will update an existing comment if one exists, hiding outdated plans. The history of the plan is visible in the comment history.

Changed

  • PR comments will no longer be updated once a plan has been applied.

    When dflook/terraform-apply applies a plan, any PR comment will be updated with the results of the apply, and then no further updates will be made. Any further plans generated by dflook/terraform-plan will result in a new plan in a different PR comment.

    This is to avoid the comment being updated after the plan has been applied, which can be confusing. This would only happen if your workflow is to apply changes before merging the PR.

1.37.0 - 2023-10-29

Added

1.36.2 - 2023-08-17

Fixed

  • When no terraform version is specified and no state file exists the actions will now use the latest terraform version, instead of incorrectly using Terraform 0.9.

1.36.1 - 2023-07-15

Fixed

  • The selected workspace was not being shown in the workflow log when using a partial cloud block.

1.36.0 - 2023-06-27

Added

  • Support for being triggered by repository_dispatch events.

    Previously dflook/terraform-plan and dflook/terraform-apply couldn't work with PR comments when triggered by repository_dispatch events. With this change repository_dispatch events that include the PR api url in the client payload will be able to use PR comments.

    The minimum client payload looks like:

    {
  "pull_request": {
    "url": "https://api.github.com/repos/dflook/terraform-github-actions/pulls/1"
  }
}

1.35.0 - 2023-06-18

Added

  • Support for partial or empty cloud blocks. This means you can use a placeholder cloud block in your terraform, like so:
terraform {
  cloud {
  }
}

The configuration will be completed with the TF_CLOUD_ORGANIZATION and TF_CLOUD_HOSTNAME environment variables - the workspace should be specified using the workspace input. As always, any tokens can be supplied in the TERRAFORM_CLOUD_TOKENS environment variable.

1.34.0 - 2023-03-10

Added

  • The action image now also builds for arm64, meaning these actions will work on linux/arm64 runners.

Fixed

  • Workaround Terraform 1.4.0 sometimes forgetting to output anything.

1.33.0 - 2023-02-28

Added

  • The dflook/terraform-plan and dflook/terraform-apply actions now have a destroy input. When set to true terraform will run in destroy mode, planning the destruction of all resources. This allows reviewing the effect of a destroy before applying it.

    The dflook/terraform-destroy action is unchanged and will still immediately destroy all resources.

1.32.1 - 2023-02-02

Fixed

  • When triggered by issue_comment or pull_request_review_comment events, the action will first add a 👍 reaction to the comment

1.32.0 - 2023-01-28

Added

Changed

  • If a terraform operation fails because the state is locked the failure-reason output will now be set to state-locked, where before it may have been apply-failed or destroy-failed.

1.31.1 - 2022-12-01

Fixed

  • Failing to read backend config files for the purpose of identifying the backend state. This meant multiple plans with only different backend config files would overwrite each others PR comments.

1.31.0 - 2022-11-22

Added

  • Values in the variables input of dflook/terraform-plan will be masked in the PR comment if the Terraform variable is marked 'sensitive'. Previously a label was required to avoid revealing sensitive values.

1.30.0 - 2022-11-19

Added

  • The TERRAFORM_ACTIONS_GITHUB_TOKEN environment variable can be set to the github token for the actions to use instead of using GITHUB_TOKEN. This is useful if using the terraform GitHub provider which also uses the GITHUB_TOKEN variable, allowing the github actions and terraform provider to use separate tokens.

  • The GITHUB_TOKEN/TERRAFORM_ACTIONS_GITHUB_TOKEN can now be a github app token or fine grained personal access token. As before, it can also be a classic PAT or use the token provided by github actions.

1.29.1 - 2022-10-24

Fixed

  • Multiline string terraform outputs are now properly set as action outputs, and properly masked in the workflow log.

1.29.0 - 2022-10-17

Added

  • Terraform executables are integrity checked using Hashicorp signed checksums before use.

1.28.1 - 2022-10-17

Fixed

  • GITHUB_OUTPUT: unbound variable errors with v1.28.0 on self-hosted runners with older runner versions.

1.28.0 - 2022-10-12

Added

  • Terraform version detection rules updated to include information about backends removed in Terraform 1.3.

Fixed

  • Deprecation warnings about the set-output actions workflow command.

1.27.0 - 2022-08-07

Added

  • dflook/terraform-plan and dflook/terraform-apply now work with plans that are too large to fit in a PR comment.

    If plan is too large it will be truncated in the comment, with the full plan viewable in the workflow log. When dflook/terraform-apply aborts the apply because the plan is outdated, a partial diff will be shown in the workflow log with a link to the full plan for direct comparison.

Fixed

  • Warnings are ignored when deciding if a plan has changed and should no longer cause aborted applies if the order of the warnings changes.
  • The unchanged resource attribute count is ignored when deciding if a plan has changed and should no longer cause aborted applies with harmless provider version changes.

1.26.0 - 2022-05-29

Added

  • The number of moved resources in a plan is summarised in the PR comment.

Fixed

  • The plan was not being correctly extracted when it contained only resource moves, which resulted in noisy PR comments and may have caused apply operations to be aborted - Thanks to merykozlowska!

1.25.1 - 2022-05-10

Fixed

  • Failure to install terraform after change in the download page - Thanks kylewlacy

1.25.0 - 2022-05-06

Added

1.24.0 - 2022-05-03

Added

  • New to_add, to_change and to_destroy outputs for the dflook/terraform-plan action that contain the number of resources that would be added, changed or deleted by the plan.

    These can be used in an if expression in a workflow to conditionally run steps, e.g. when the plan would destroy something.

1.23.0 - 2022-05-02

Changed

  • Input variables no longer help identify the plan comment. Each PR comment is still identified by it's configured terraform backend state file. This is a very subtle change but enables better reporting of why an apply operation is aborted, e.g. "plan has changed" vs "plan not found".

    This means that if you have more than one dflook/terraform-plan action for the same path and backend but with different variables, you should ensure they use different labels.

  • The workflow output when an apply has been aborted because of changes in the plan has been clarified - thanks toast-gear!

Fixed

  • Pre-release terraform versions now won't be used when selecting the latest terraform version.
  • Invalid terraform files that contained an unterminated string would take an extremely long time to parse before failing the job.
  • dflook/terraform-validate now automatically sets terraform.workspace to default when validating a module that uses a remote or cloud backend.

1.22.2 - 2022-02-28

Fixed

  • The PR plan comment was incorrectly including resource refresh lines when there were changes to outputs but not resources, while using Terraform >=0.15.4. As well as being noisy, this could lead to failures to apply due to incorrectly detecting changes in the plan.
  • Removed incorrect deprecation warning in dflook/terraform-destroy. Thanks dgrenner!

1.22.1 - 2022-01-24

Fixed

  • Better support for some self-hosted runners that run in containers and don't correctly pass the event payload.

1.22.0 - 2022-01-23

Added

  • Workspace management for Terraform Cloud/Enterprise has been reimplemented to avoid issues with the terraform workspace command when using the remote backend or a cloud config block:

  • The terraform version to use will now be detected from additional places:

    • The terraform version set in the remote workspace when using Terraform Cloud/Enterprise as the backend
    • An asdf .tool-versions file
    • The terraform version that wrote an existing state file
    • A TERRAFORM_VERSION environment variable

    The best way to specify the version is using a required_version constraint.

    See dflook/terraform-version docs for details.

Changed

As a result of the above terraform version detection additions, note these changes:

  • Actions always use the terraform version set in the remote workspace when using TFC/E, if it exists. This mostly effects dflook/terraform-fmt, dflook/terraform-fmt-check and dflook/terraform-validate.

  • If the terraform version is not specified anywhere then new workspaces will be created with the latest terraform version. Existing workspaces will use the terraform version that was last used for that workspace.

  • If you want to always use the latest terraform version, instead of not specifying a version you now need to set an open-ended version constraint (e.g. >1.0.0)

  • All actions now support the inputs and environment variables related to the backend, for discovering the terraform version from a TFC/E workspace or remote state. This add the inputs workspace, backend_config, backend_config_file, and the TERRAFORM_CLOUD_TOKENS environment variable to the dflook/terraform-fmt, dflook/terraform-fmt-check and dflook/terraform-validate actions.

  • ⚠️ Some unused packages were removed from the container image, most notably Python 2.

1.21.1 - 2021-12-12

Fixed

  • dflook/terraform-new-workspace support for Terraform v1.1.0.

    This stopped working after a change in the behaviour of terraform init.

    There is an outstanding issue in Terraform v1.1.0 using the remote backend that prevents creating a new workspace when no workspaces currently exist. If you are affected by this, you can pin to an earlier version of Terraform using one of methods listed in the dflook/terraform-version docs.

1.21.0 - 2021-12-04

Added

  • A new workspace input for dflook/terraform-validate allows validating usage of terraform.workspace in the terraform code.

    Terraform doesn't initialize terraform.workspace based on the backend configuration when running a validate operation. This new input allows setting the full name of the workspace to use while validating, even when you wouldn't normally do so for a plan/apply (e.g. when using the remote backend)

1.20.1 - 2021-12-04

Fixed

  • There was a problem selecting the workspace when using the remote backend with a full workspace name in the backend block.

1.20.0 - 2021-12-03

Added

  • New text_plan_path and json_plan_path outputs for dflook/terraform-apply to match the outputs for dflook/terraform-plan.

    These are paths to the generated plan in human-readable and JSON formats.

    If the plan generated by dflook/terraform-plan is different from the plan generated by dflook/terraform-apply the apply step will fail with failure-reason set to plan-changed. These new outputs make it easier to inspect the differences.

1.19.0 - 2021-11-01

Changed

  • When triggered by issue_comment or pull_request_review_comment events, the action will first add a 👍 reaction to the comment
  • PR comment status messages include a single emoji that shows progress at a glance
  • Actions that don't write to the terraform state no longer lock it.

1.18.0 - 2021-10-30

Added

  • A new replace input for dflook/terraform-plan and dflook/terraform-apply

    This instructs terraform to replace the specified resources, and is available with terraform versions that support replace (v0.15.2 onwards).

    with:
  replace: |
    random_password.database

  • A target input for dflook/terraform-plan to match dflook/terraform-apply

    target limits the plan to the specified resources and their dependencies. This change removes the restriction that target can only be used with auto_approve.

    with:
  target: |
    kubernetes_secret.tls_cert_public
    kubernetes_secret.tls_cert_private

1.17.2 - 2021-10-13

Fixed

  • Add terraform plan output that was missing from the workflow log

1.17.1 - 2021-10-06

Fixed

  • Fix ownership of files created in runner mounted directories

    As the container is run as root, it can cause issues when root owned files are leftover that the runner can't cleanup. This would only affect self-hosted, non-ephemeral, non-root runners.

1.17.0 - 2021-10-04

Added

  • variables and var_file support for remote operations in Terraform Cloud/Enterprise.

    The Terraform CLI & Terraform Cloud/Enterprise do not support using variables or variable files with remote plans or applies. We can do better. variables and var_file input variables for the plan, apply & check actions now work, with the expected behavior.

1.16.0 - 2021-10-04

Added

  • dflook/terraform-plan has gained two new outputs:

    • json_plan_path is a path to the generated plan in a JSON format file
    • text_plan_path is a path to the generated plan in a human-readable text file

    These paths are relative to the GitHub Actions workspace and can be read by other steps in the same job.

1.15.0 - 2021-09-20

Added

Fixed

1.14.0 - 2021-09-15

Added

  • Support for self-hosted GitHub Enterprise deployments. Thanks f0rkz!

Changed

  • The path input variable is now optional, defaulting to the Action workspace.
  • Uninteresting workflow log output is now grouped and collapsed by default.

Fixed

  • Applying PR approved plans where the plan comment is not within the first 30 comments.

1.13.0 - 2021-07-24

Added

  • TERRAFORM_PRE_RUN environment variable for customising the environment before running terraform.

    It can be set to a command that will be run prior to terraform init.

    The runtime environment for these actions is subject to change in minor version releases. If using this environment variable, specify the minor version of the action to use.

    The runtime image is currently based on debian:buster, with the command run using bash -xeo pipefail.

    For example:

    env:
  TERRAFORM_PRE_RUN: |
    # Install latest Azure CLI
    curl -skL https://aka.ms/InstallAzureCLIDeb | bash

    # Install postgres client
    apt-get install -y --no-install-recommends postgresql-client

    Thanks to alec-pinson and GiuseppeChiesa-TomTom for working on this feature.

1.12.0 - 2021-06-08

Changed

  • terraform-fmt-check now shows a diff in the workflow log when it finds files in non-canonical format

1.11.0 - 2021-06-05

Added

  • The add_github_comment input for terraform-plan may now be set to changes-only. This will only add a PR comment for plans that result in changes to apply - no comment will be added for plans with no changes.

Changed

  • Improved messaging in the workflow log when terraform-apply is aborted because the plan has changed
  • Update documentation for backend_config, backend_config_file, var_file & target inputs to use separate lines for multiple values. Multiple values may still be separated by commas if preferred.

1.10.0 - 2021-05-30

Added

  • TERRAFORM_HTTP_CREDENTIALS environment variable for configuring the username and password to use for git::https:// & https:// module sources.

    See action documentation for details, e.g. terraform-plan

1.9.3 - 2021-05-29

Fixed

  • With terraform 0.15.4, terraform-plan jobs that only had changes to outputs would fail when creating a PR comment.

1.9.2 - 2021-05-05

Fixed

  • Slow state locking messages were being considered part of the plan, which could cause apply actions to be aborted.

1.9.1 - 2021-04-21

Fixed

  • Terraform 0.15 plans were not being extracted correctly, causing failures to apply.

1.9.0 - 2021-04-10

Added

  • variables input for actions that use terraform input variables.

    This value should be valid terraform syntax - like a variable definition file. Variable values set in variables override any given in var_files. See action documentation for details, e.g. terraform-plan.

Deprecated

  • The var input has been deprecated due to the following limitations:

    • Only primitive types can be set with var - number, bool and string.
    • String values may not contain a comma.
    • Values set with var will be overridden by values contained in var_files

    variables is the preferred way to set input variables.

1.8.0 - 2021-04-05

Added

  • TERRAFORM_CLOUD_TOKENS environment variable for use with Terraform Cloud/Enterprise etc when using module registries or a remote backend.

  • TERRAFORM_SSH_KEY environment variable to configure an SSH private key to use for Git Repository module sources.

See individual actions for details, e.g. terraform-validate.

1.7.0 - 2021-04-02

Added

Fixed

  • Terraform 0.15 compatibility

1.6.0 - 2021-02-25

Added

  • PR comments use a one line summary of the terraform output, with the full output in a collapsable pane.

    If a plan is short the output is shown by default. This can be controlled with the TF_PLAN_COLLAPSE_LENGTH environment variable for the dflook/terraform-plan action.

Fixed

  • Now makes far fewer github api requests to avoid rate limiting.

1.5.2 - 2021-01-16

Fixed

  • Multiple steps in the same job now only download the terraform binary once.

1.5.1 - 2020-12-05

Fixed

  • PR comments had an empty plan with Terraform 0.14

1.5.0 - 2020-09-18

Added

  • PR comments use HCL highlighting

1.4.2 - 2020-09-02

Fixed

  • Using a personal access token instead of the Actions provided token now works. This can be used to customise the PR comment author

1.4.1 - 2020-08-11

Fixed

  • Latest Terraform versions with a patch version of '0' are correctly detected. If not otherwise specified the latest terraform version is used. As of now the latest is v0.13.0.

1.4.0 - 2020-07-25

Added

Fixed

  • Plan errors are now correctly added to the workflow log.

1.3.1 - 2020-07-23

Fixed

  • backend_config_file and var_file now work correctly. Paths should be relative to the Action workspace.

1.3.0 - 2020-07-22

Added

  • Support for the remote backend.

1.2.0 - 2020-07-18

Added

Fixed

1.1.0 - 2020-07-07

Added

1.0.0 - 2020-07-06

First release of the GitHub Actions: