Releases: DevSecTop/TF-via-PR
Releases · DevSecTop/TF-via-PR
v12.0.8
Fixed
- #360 Early-passing of variables depends on
tofu
(with its early-static-evaluation) orterraform
tool usage (thank you, @joe-dematteo).
uses: devsectop/tf-via-pr@d83a2be572df0559c8a7adca1a9085b496925f48 # v12.0.8
v12
Update major version tag
v12.0.7
Fixed
uses: devsectop/tf-via-pr@bbfe2549cfbff6a4ce05755c4bd76a1a22f4fd9e # v12.0.7
v12.0.6
Added
- #357
show-args
parameter enables rendering of CLI arguments in the PR comment's header which wouldn't normally be part of the last command (thank you, @garysassano).
E.g., The default value ofworkspace
ensures thatarg-workspace
input is always rendered, even forplan
orapply
.- This complements the existing
hide-args
parameter for the inverse function, and overrides in case of conflict. - Both
show-args
andhide-args
accept comma-separated list of inputs, such as "detailed-exitcode,lock,out".
- This complements the existing
Fixed
- #356 Reference workflow job ID from multiple chained matrices (thank you, @silnels-greenlane).
uses: devsectop/tf-via-pr@74126c383c6bedd3b31a05cd7b1ef98bf9e40351 # v12.0.6
v12.0.5
Note
While this is a patch release, existing PRs should be updated for consistent behaviour with plan files.
Added
- Pass in multiple comma-separated
-backend-config
values (thank you, @fulgas) (#352).
E.g.,arg-backend-config: encrypt=true,bucket="bucket-name",dynamodb_table="table-name"
.- This is in addition to existing support for
-var
,-target
, and-replace
comma-separated values.
- This is in addition to existing support for
Improved
- Portion of the plan file artifact name is hashed with MD5 for concise, fixed-length string (#352).
- This is to address GitHub's 256 character limit for artifact naming.
- As a bonus, this also masks potentially sensitive values. E.g., from
arg-var
input.
- Documentation to include "To-Do" tasks (#352).
- Documentation to include
TF_CLI_ARGS
workaround (thank you, @fulgas) (#353). - Rendering of standard error (
stderr
) and standard output (stdout
) combination (#353). - Rendering of
fmt
format output with diff syntax highlighting (#353).
To-do
- Handling of inputs which contain space(s) (e.g.,
working-directory: "path to/directory"
). - Handling of comma-separated inputs which contain comma(s) (e.g.,
arg-var: token=1,2,3
)—useTF_CLI_ARGS
workaround.
uses: devsectop/tf-via-pr@a917bd222a6a780f25d2c5cd1942f6b2c2f16a7a # v12.0.5
v12.0.4
Fixed
- Remove
'
single quotes from surrounding CLI arguments—likely to fail on paths which include whitespace (thank you, @Setthawut-Peace) (#349). - Render plan output when
var-file
orvar
is supplied (#349). - Overzealous
hide-args
input—for example, "var" used to hide "var-file" as well (#349). - Reorder exit code output order to match order of command operations (#348).
uses: devsectop/tf-via-pr@8bb3a5840d216ca8a78086b47c29debf26e93824 # v12.0.4
v12.0.3
Improved
- Consistent naming within README documentation (thanks to @garysassano).
Fixed
- Interpolation of
arg-workspace
input within plan file artifact name (thanks to @garysassano).
v12.0.2
Fixed
- Prioritize standard error
stderr
over standard outputstdout
, if present. - Handling extremely large outputs gracefully when it exceeds GitHub's character limits.
- Explicit
unzip
package requirement. - Expand argument parameters for legibility.
v12.0.1
Added
- Count of diff lines in the output.
Improved
- Reorder above-the-fold content in the README.
- Consistent use of arguments throughout workflow examples.
- Use
-json
fordiff
command comparison of plan files withplan-parity
enabled.- Reveal
diff
command output duringplan-parity
comparison.
- Reveal
- Append '…' ellipsis to truncated plan or diff outputs if exceeding character limit.
Fixed
- Handling of plan files which exceed GitHub's character limit.
- Include
stderr
within console output of the workflow run log. - Exclude
-detailed-exitcode
argument from plan command duringplan-parity
comparison.
v12 Enhanced Commands, Outputs and Examples
v12 Enhanced Commands, Outputs and Examples
Highlights (view blog)
- Around 55% reduction in codebase by consolidating action.yml within Bash, lowering the barrier to entry for contributors.
- Configurable rendering of command inputs and outputs without wrapper script (e.g.,
hide-args
from PR comment). - Streamlined documentation with a focus on workflow examples for common use-cases.
Breaking
- In/output parameters have been renamed:
- All
_
underscores are replaced with-
hyphens. working-directory
is added as an alias toarg-chdir
.arg_command
is renamed tocommand
.- For the full list, view the parameters.
- All
- To minimize dependencies, the following have been removed:
- Tool installation via
tenv
(replacement). - Caching integration (replacement).
- Tool installation via
Added
gh
GitHub CLI integration for consistent interoperability with GitHub's REST API.- Link to view workflow log with the precise step where TF-via-PR was executed.
- Pass repeated arguments as comma-separated values (e.g.,
arg-var: key1=value1,key2=value2
). - Contextual workflow outputs, like plan file artifact ID and URL, as well as truncated results from CLI response.
Updated
- Order of command execution to:
fmt
* >init
>workspace
* >validate
* >plan
/apply
(* optional). - Workflow examples with recommendations, including cron-scheduled configuration drift checks.
comment-pr
default from "recreate" to "update" for its revision history.format
default from "true" to "false" for explicit opt-in of the command, as done withvalidate
.
Removed
actions/cache
dependency, as out-of-scope.actions/github-script
dependecy, as superseded bygh
GitHub CLI.tenv
dependency, as replaced by 3rd parties.
Fixed
- Upon failure, output the error message directly instead of the entire command output.
- Upon exceeding character limit, gracefully handle truncation of command output.
- Handling of multiline strings with associated quoting.
Secured
- Support for v12 and after.