Releases: cloudposse/github-action-atmos-terraform-apply
v3.0.0
Replace describe-config for atmos-get-setting, add optional cache and azure storage options @goruha (#62)
## what * Skip AWS auth if Gitops aws configuration empty in atmos settings * Updated docs and Tests. * Fix: clean environment file from .terraform cache to avoid workspace select errors * Replace the describe config for cloudposse/github-action-atmos-get-setting * Replace If statements to check for azure repository type * Add azure blob storage and cosmos * Allow to skip checkoutWhy
- Allow to skip AWS auth and use an external one
- Make the action cloud agnostic
- To support azure and better config settings
- Support stack level integration configs
Example
If atmos.yaml
contains
integrations:
github:
gitops:
opentofu-version: 1.7.3
terraform-version: 1.5.7
infracost-enabled: false
artifact-storage:
region: us-east-2
bucket: cptest-core-ue2-auto-gitops
table: cptest-core-ue2-auto-gitops-plan-storage
# here used to be
# role: arn:aws:iam::461333128641:role/cptest-core-ue2-auto-gha-iam-gitops-gha
# here used to be
# role:
# plan: arn:aws:iam::582055374050:role/cptest-core-gbl-identity-planners
# apply: arn:aws:iam::582055374050:role/cptest-core-gbl-identity-gitops
matrix:
sort-by: .stack_slug
group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
Reference
- feature/dev-2523-make-aws-role-assumption-optional-in-github-actions
v2.5.1
fix: replace context with default var @goruha (#63)
## what - Replace context with default variablewhy
- When using container within GitHub Actions, context value is incorrect. Default variable value remains correct.
- As github.action_path is used during step execution (within runner), it can be replaced by default variable.
references
- cloudposse/github-action-atmos-affected-stacks#52
- There are more reported issues showing this problem in various scenarios, for instance this one
🤖 Automatic Updates
v2.5.0
fix: assume IAM role before running `cloudposse/github-action-atmos-get-setting` @goruha (#58)
what
- assume IAM role before running
cloudposse/github-action-atmos-get-setting
why
As of atmos 1.86.2
, when atmos.Component
began actually retrieving the TF state, it broke cloudposse/github-action-atmos-affected-stacks
which we resolved as part of this release of the aforementioned action. We just had the action assume the IAM role, and that was it. However in cases where this function is used, appropriate IAM credentials to also be a requirement for cloudposse/github-action-atmos-get-setting
:
> Run cloudposse/github-action-atmos-get-setting@v1
template: all-atmos-sections:163:26: executing "all-atmos-sections" at <atmos.Component>: error calling Component: exit status 1
Error: error configuring S3 Backend: IAM Role (arn:aws:iam::xxxxxxxxxxxx:role/xxxx-core-gbl-root-tfstate) cannot be assumed.
There are a number of possible causes of this - the most common are:
* The credentials used in order to assume the role are invalid
* The credentials do not have appropriate permission to assume the role
* The role ARN is not valid
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
references
https://github.com/cloudposse/atmos/releases/tag/v1.86.2
v2.4.0
v2.3.0
v2.2.0
v2.1.0
v2.0.1
Fix workflows @goruha (#50)
## what * Fix workflowswhy
- By mistake workflows used to be from terraform modules
Apply Summary Should Display Non-sensitive Terraform Outputs @goruha (#49)
## what * Use terraform docs to display outputswhy
- Add ability to display terraform outputs after apply.
references
- DEV-53: Apply Summary Should Display Non-sensitive Terraform Outputs
- https://github.com/cloudposse/github-action-atmos-terraform-apply/actions/runs/9875304487
🤖 Automatic Updates
Update release workflow to allow pull-requests: write @osterman (#48)
## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PRwhy
- Add comment to PR when it is released
v2.0.0
Move `atmos-gitops-config.yaml` to `atmos.yaml` @goruha (#39)
what
- Move
atmos-gitops-config.yaml
toatmos.yaml
why
- Reduce configs files
references
-
https://cloudposse.atlassian.net/browse/DEV-1589
Migrating from
v1
tov2
The notable changes in
v2
are:v2
works only withatmos >= 1.63.0
v2
dropsinstall-terraform
input because terraform is not required for affected stacks callv2
dropsatmos-gitops-config-path
input and the./.github/config/atmos-gitops.yaml
config file. Now you have to use GitHub Actions environment variables to specify the location of theatmos.yaml
.
The following configuration fields now moved to GitHub action inputs with the same names
name atmos-version
atmos-config-path
The following configuration fields moved to the
atmos.yaml
configuration file.name YAML path in atmos.yaml
aws-region
integrations.github.gitops.artifact-storage.region
terraform-state-bucket
integrations.github.gitops.artifact-storage.bucket
terraform-state-table
integrations.github.gitops.artifact-storage.table
terraform-state-role
integrations.github.gitops.artifact-storage.role
terraform-plan-role
integrations.github.gitops.role.plan
terraform-apply-role
integrations.github.gitops.role.apply
terraform-version
integrations.github.gitops.terraform-version
enable-infracost
integrations.github.gitops.infracost-enabled
sort-by
integrations.github.gitops.matrix.sort-by
group-by
integrations.github.gitops.matrix.group-by
For example, to migrate from
v1
tov2
, you should have something similar to the following in youratmos.yaml
:./.github/config/atmos.yaml
# ... your existing configuration integrations: github: gitops: terraform-version: 1.5.2 infracost-enabled: false artifact-storage: region: us-east-2 bucket: cptest-core-ue2-auto-gitops table: cptest-core-ue2-auto-gitops-plan-storage role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha role: plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops matrix: sort-by: .stack_slug group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
.github/workflows/main.yaml
- name: Plan Atmos Component uses: cloudposse/github-action-atmos-terraform-apply@v2 with: component: "foobar" stack: "plat-ue2-sandbox" atmos-config-path: ./rootfs/usr/local/etc/atmos/ atmos-version: 1.63.0
This corresponds to the
v1
configuration (deprecated) below.The
v1
configuration file./.github/config/atmos-gitops.yaml
looked like this:atmos-version: 1.45.3 atmos-config-path: ./rootfs/usr/local/etc/atmos/ terraform-state-bucket: cptest-core-ue2-auto-gitops terraform-state-table: cptest-core-ue2-auto-gitops terraform-state-role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha terraform-plan-role: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops terraform-apply-role: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops terraform-version: 1.5.2 aws-region: us-east-2 enable-infracost: false sort-by: .stack_slug group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")
And the
v1
GitHub Action Workflow looked like this..github/workflows/main.yaml
- name: Plan Atmos Component uses: cloudposse/github-action-atmos-terraform-apply@v1 with: component: "foobar" stack: "plat-ue2-sandbox" atmos-gitops-config-path: ./.github/config/atmos-gitops.yaml
v1.6.0
Update actions/setup-node action to v4 @renovate (#24)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
actions/setup-node | action | major | v3 -> v4 |
Release Notes
Update cloudposse/actions action to v0.33.0 @renovate (#5)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/actions | action | minor | 0.30.0 -> 0.33.0 |
Release Notes
cloudposse/actions (cloudposse/actions)
v0.33.0
v0.32.0
: 0.32.0 Update cloned actions
What's Changed
- Use args with status updater instead of env vars, update checkout to v3 by @Nuru in https://github.com/cloudposse/actions/pull/133
- Renamed access token by @zdmytriv in https://github.com/cloudposse/actions/pull/137
- Update cloned GitHub actions by @Nuru in https://github.com/cloudposse/actions/pull/136
- Update cloned actions to current by @Nuru in https://github.com/cloudposse/actions/pull/138
New Contributors
- @zdmytriv made their first contribution in https://github.com/cloudposse/actions/pull/137
Full Changelog: cloudposse/actions@0.31.0...0.32.0
v0.31.0
: Update Alpine-based actions to Alpine 3.16
What's Changed
- ci: add injection of CloudFlare secrets by @SweetOps in https://github.com/cloudposse/actions/pull/111
- Add support for Terraform versions 0.15 and 1.x by @Nuru in https://github.com/cloudposse/actions/pull/118
- test-harness uses different grep than Geodesic default by @Nuru in https://github.com/cloudposse/actions/pull/119
- Update bats and terratest testing for Terraform 1.x by @Nuru in https://github.com/cloudposse/actions/pull/121
- Choose Terraform version based requirements of test, not of module by @Nuru in https://github.com/cloudposse/actions/pull/132
- chore(deps): update dependency alpine to v3.16 by @renovate in https://github.com/cloudposse/actions/pull/113
Full Changelog: cloudposse/actions@0.30.0...0.31.0
Update aws-actions/configure-aws-credentials action to v4 @renovate (#22)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
aws-actions/configure-aws-credentials | action | major | v2.2.0 -> v4.0.2 |
Release Notes
aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)
v4.0.2
See the changelog for details about the changes included in this release.
v4.0.1
See the changelog for details about the changes included in this release.
v4.0.0
See the changelog for details about the changes included in this release.
v3.0.2
See the changelog for details about the changes included in this release.
v3.0.1
See the changelog for details about the changes included in this release.
v3.0.0
See the changelog for details about the changes included in this release.
Update hashicorp/setup-terraform action to v3 @renovate (#25)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
hashicorp/setup-terraform | action | major | v2 -> v3 |
Release Notes
Update jaxxstorm/action-install-gh-release action to v1.11.0 @renovate (#38)
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
jaxxstorm/action-install-gh-release | action | minor | v1.10.0 -> v1.11.0 |
Release Notes
jaxxstorm/action-install-gh-release (jaxxstorm/action-install-gh-release)
v1.11.0
What's Changed
- Configure Renovate by @renovate in https://github.com/jaxxstorm/action-install-gh-release/pull/30
- Ensure that binaries-location is used when caching is enabled by @DavidGregory084 in https://github.com/jaxxstorm/action-install-gh-release/pull/50
- remove opentelemetry latest by @jaxxstorm in https://github.com/jaxxstorm/action-install-gh-release/pull/59
- Fix arm by @jwhitaker-swiftnav in https://github.com/jaxxstorm/action-install-gh-release/pull/65
- fixing tfsec arch by @jaxxstorm in https://github.com/jaxxstorm/action-install-gh-release/pull/73
- add promtool by @jaxxstorm in https://github.com/jaxxstorm/action-install-gh-release/pull/74
- Handle 'EXDEV: cross-device link not permitted...