Releases: suzuki-shunsuke/tfaction
v1.1.1
Issues | Pull Requests | v1.1.0...v1.1.1 | Base revision
Fixes
#1538 chore(deps): update suzuki-shunsuke/trivy-config-action action to v0.2.2
You can specify Trivy's configuration file path by the environment variable TRIVY_CONFIG in GitHub Actions Workflows.
env:
TRIVY_CONFIG: ${{ github.workspace }}/trivy.yamlv1.1.0
Issues | Pull Requests | v1.0.4...v1.1.0 | Base revision
Features
#1519 Allow conftest policy directory to be specified in global config
v1.1.0-1
v1.1.0-1...v1.1.0-1 | Base revision
Features
#1519 Allow conftest policy directory to be specified in global config
v1.0.4
Issues | Pull Requests | v1.0.3...v1.0.4 | Base revision
Bug Fixes
#1512 #1513 list-targets-with-changed-files: Fix a bug that the action list-targets-with-changed-files failed due to the error Error: "[object Object]" is not valid JSON in the apply workflow
v1.0.3
Issues | Pull Requests | v1.0.2...v1.0.3 | Base revision
Caution
This release has a critical bug. Please update to v1.0.4 or newer.
#1512
Refactoring
#1474 Format codes with prettier
#1475 Remove codes regarding the deprecated setting s3_bucket_name_plan_file
#1476 Remove codes regarding the deprecated setting gcs_bucket_name_plan_file
#1479 Refactor TypeScript
v1.0.2
Issues | Pull Requests | v1.0.1...v1.0.2 | Base revision
Bug Fixes
#1471 test: fix a bug that *.tf isn't formatted automatically by terraform fmt if the event type is pull_request_target
v1.0.1
Issues | Pull Requests | v1.0.0...v1.0.1 | Base revision
Bug Fixes
#1398 #1407 release-module: Fix a bug that tfaction can't release modules that is more than 2+ level of directories
v1.0.0
Issues | Pull Requests | v0.7.3...v1.0.0 | Base revision
🎉 Finally, tfaction v1 is out 🎉
Thank you for your contribution!
Especially, thank you @rrreeeyyy and @nari-ex from Topotal, inc.
They cooperated the test of v1! #1349
Overviews
⚠️ Breaking Changes- #1286 #1291 list-targets: Outputs terraform_targets and tfmigrate_targets are removed
- #1284 #1291 scaffold-working-dir: Stop adding conftest to aqua.yaml
- #1285 #1291 get-global-config: Skip creating aqua.yaml by default
- #1283 #1291 get-global-config: Enable trivy and disable tfsec by default
- #1282 #1291 actions inputs
github_app_tokenwere removed - #1340 #1291 scaffold-module: Separate the action with two actions
- Features
- Others
Features
Support destroying resources
Support destroying resources with terraform plan's -destroy option.
If you want to destroy all resources, please set destroy: true in tfaction.yaml.
tfaction.yaml
destroy: trueHow to upgrade
- Merge jobs for terraform and tfmigrate according to the guide
https://github.com/suzuki-shunsuke/tfaction/releases/tag/v0.7.3
- Add conftest to aqua.yaml on the repository root directory
aqua g -i open-policy-agent/conftest- Remove conftest from aqua.yaml on each working directory
- Add aqua.yaml to working directory's templates
aqua init
aqua g -i terraform-linters/tflint aquasecurity/trivy hashicorp/terraformWe don't recommend but if you don't want to add aqua.yaml to working directory's templates and want to keep the previous behaviour, you can keep generating aqua.yaml automatically.
tfaction-root.yaml
scaffold_working_directory:
skip_adding_aqua_packages: false- Migrate tfsec to trivy
Please follow the official migration guide.
https://github.com/aquasecurity/tfsec#-tfsec-to-trivy-migration
And remove tfsec from aqua.yaml and add trivy to aqua.yaml
aqua g -i aquasecurity/trivyWe don't recommend but if you don't want to migrate tfsec to trivy, you can keep using tfsec instead of trivy.
tfaciton-root.yaml
tfsec:
enabled: true
trivy:
enabled: false- Remove inputs
github_tokenand rename inputsgithub_app_tokentogithub_token
tfaction creates pull requests and push commits using github_token.
To trigger new workflow runs, github_token should be GitHub access token issued by GitHub App rather than GitHub Actions token ${{github.token}}.
When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
Before
- uses: suzuki-shunsuke/tfaction/setup@v0.7.3
with:
github_token: ${{ github.token }}
github_app_token: ${{ steps.generate_token.outputs.token }}After
- uses: suzuki-shunsuke/tfaction/setup@v1.0.0
with:
github_token: ${{ steps.generate_token.outputs.token }}- Fix the workflow to scaffold Terraform Modules
- Remove the input
module_path - Set environment variables
TFACTION_MODULE_PATHandTFACTION_MODULE_TEMPLATE_DIR - Add templates for scaffolding Terraform Modules example
Before
on:
workflow_dispatch:
inputs:
module_path:
description: 'module path'
required: true
jobs:
scaffold:
# ...
steps:
# ...
- uses: suzuki-shunsuke/tfaction/scaffold-module@v0.7.3
with:
github_token: ${{steps.generate_token.outputs.token}}
module_path: ${{inputs.module_path}}After
on:
workflow_dispatch:
inputs:
module_path:
description: 'module path'
required: true
template_dir: # Add the input
type: choice
default: templates/module-aws
options:
- templates/module-aws
jobs:
scaffold:
# ...
env: # Set environment variables
TFACTION_MODULE_PATH: ${{inputs.module_path}}
TFACTION_MODULE_TEMPLATE_DIR: ${{inputs.template_dir}}
steps:
# ...
- uses: suzuki-shunsuke/tfaction/scaffold-module@v1.0.0
with: # Remove the input module_path
github_token: ${{steps.generate_token.outputs.token}}
- uses: suzuki-shunsuke/tfaction/create-scaffold-module-pr@v1.0.0
with:
github_token: ${{steps.generate_token.outputs.token}} - Upgrade actions to v1
Before
- uses: suzuki-shunsuke/tfaction/create-scaffold-module-pr@v0.7.3After
- uses: suzuki-shunsuke/tfaction/create-scaffold-module-pr@v1.0.0Example
Contributors
Assets 2
v1.0.0-2
v1.0.0-1
v0.7.3...v1.0.0-1 | Base revision
Call for Testers
Overviews
⚠️ Breaking Changes- #1286 #1291 list-targets: Outputs terraform_targets and tfmigrate_targets are removed
- #1284 #1291 scaffold-working-dir: Stop adding conftest to aqua.yaml
- #1285 #1291 get-global-config: Skip creating aqua.yaml by default
- #1283 #1291 get-global-config: Enable trivy and disable tfsec by default
- #1282 #1291 actions inputs
github_app_tokenwere removed - #1340 #1291 scaffold-module: Separate the action with two actions
- Features
- Others
Features
Support destroying resources
Support destroying resources with terraform plan's -destroy option.
If you want to destroy all resources, please set destroy: true in tfaction.yaml.
tfaction.yaml
destroy: trueHow to upgrade
- Merge jobs for terraform and tfmigrate according to the guide
https://github.com/suzuki-shunsuke/tfaction/releases/tag/v0.7.3
- Add conftest to aqua.yaml on the repository root directory
aqua g -i open-policy-agent/conftest- Remove conftest from aqua.yaml on each working directory
- Add aqua.yaml to working directory's templates
aqua init
aqua g -i terraform-linters/tflint aquasecurity/trivy hashicorp/terraformWe don't recommend but if you don't want to add aqua.yaml to working directory's templates and want to keep the previous behaviour, you can keep generating aqua.yaml automatically.
tfaction-root.yaml
scaffold_working_directory:
skip_adding_aqua_packages: false- Migrate tfsec to trivy
Please follow the official migration guide.
https://github.com/aquasecurity/tfsec#-tfsec-to-trivy-migration
And remove tfsec from aqua.yaml and add trivy to aqua.yaml
aqua g -i aquasecurity/trivyWe don't recommend but if you don't want to migrate tfsec to trivy, you can keep using tfsec instead of trivy.
tfaciton-root.yaml
tfsec:
enabled: true
trivy:
enabled: false- Remove inputs
github_tokenand rename inputsgithub_app_tokentogithub_token
tfaction creates pull requests and push commits using github_token.
To trigger new workflow runs, github_token should be GitHub access token issued by GitHub App rather than GitHub Actions token ${{github.token}}.
When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
Before
- uses: suzuki-shunsuke/tfaction/setup@v0.7.3
with:
github_token: ${{ github.token }}
github_app_token: ${{ steps.generate_token.outputs.token }}After
- uses: suzuki-shunsuke/tfaction/setup@v1.0.0
with:
github_token: ${{ steps.generate_token.outputs.token }}- Fix the workflow to scaffold Terraform Modules
- Remove the input
module_path - Set environment variables
TFACTION_MODULE_PATHandTFACTION_MODULE_TEMPLATE_DIR - Add templates for scaffolding Terraform Modules example
Before
on:
workflow_dispatch:
inputs:
module_path:
description: 'module path'
required: true
jobs:
scaffold:
# ...
steps:
# ...
- uses: suzuki-shunsuke/tfaction/scaffold-module@v0.7.3
with:
github_token: ${{steps.generate_token.outputs.token}}
module_path: ${{inputs.module_path}}After
on:
workflow_dispatch:
inputs:
module_path:
description: 'module path'
required: true
template_dir: # Add the input
type: choice
default: templates/module-aws
options:
- templates/module-aws
jobs:
scaffold:
# ...
env: # Set environment variables
TFACTION_MODULE_PATH: ${{inputs.module_path}}
TFACTION_MODULE_TEMPLATE_DIR: ${{inputs.template_dir}}
steps:
# ...
- uses: suzuki-shunsuke/tfaction/scaffold-module@v1.0.0
with: # Remove the input module_path
github_token: ${{steps.generate_token.outputs.token}}
- uses: suzuki-shunsuke/tfaction/create-scaffold-module-pr@v1.0.0
with:
github_token: ${{steps.generate_token.outputs.token}} - Upgrade actions to v1
Before
- uses: suzuki-shunsuke/tfaction/create-scaffold-module-pr@v0.7.3After
- uses: suzuki-shunsuke/tfaction/create-scaffold-module-pr@v1.0.0Example
https://github.com/suzuki-shunsuke/tfaction-example/tree/example-v1-2