v1.3.1-1

Base revision

#1593 export-secrets: Output secret names for troubleshooting

The action export-secrets outputs secret names passed to the action for troubleshooting.
The log is useful to check if secrets are passed to the action properly.

If secrets aren't passed properly, this isn't a bug of tfaction.
You have to check your workflow and the usage of tfaction.

• #1564

#1590 #1591 Migrate Jest to Vitest @exoego

v1.3.0

Issues | Pull Requests | v1.2.3...v1.3.0 | Base revision

Features

#1528 Run CI on working directories that depend on a updated local path Module @exoego

https://suzuki-shunsuke.github.io/tfaction/docs/feature/local-path-module

By default, tfaction runs CI on only working directories where any code is updated.
This means even if a working directory depends on a local path Module out of the working directory and the module is updated, CI isn't run on the working directory.

e.g.

• A working directory A depends on local path Module B
• Module B is located out of the working directory A
• In a pull request C, working directory A isn't changed but the module B is changed
• Then CI isn't run on the working directory A by default

working directory A/
modules/
  module B

This release enables you to run CI on the working directory A too.
To do that, please update tfaction-root.yaml as the following.

tfaction-root.yaml

update_local_path_module_caller:
  enabled: true

This feature depends on terraform-config-inspect, so you have to install it.
Same with other tools, you can install terraform-config-inspect with aqua.

e.g.

packages:
  - name: hashicorp/terraform-config-inspect
    version: a34142ec2a72dd916592afd3247dd354f1cc7e5c

In that case, Go is required.

If this feature is enabled, when a module is updated in a pull request, CI is run on working directories depending on the module.
The module dependency is checked recursively.
For example, in the above case if the module B depends on a module C and module C is updated in a pull request,
CI is run on the working directory A even if the working directory A and the module B aren't updated.

🎉 New Contributors

Thank you for your contribution!

@exoego #1528

v1.2.3

Issues | Pull Requests | v1.2.2...v1.2.3 | Base revision

Bug Fixes

#1583 test-module: Fix a bug that a Module document isn't updated by terraform-docs in case of pull_request_target event
#1584 test-module: Fix a bug that a Module document isn't updated by terraform-docs properly if terraform-docs's output.file is set

v1.2.2

Issues | Pull Requests | v1.2.1...v1.2.2 | Base revision

Bug Fixes

#1578 test-module: Run terraform init to install providers and modules before running linters such as tflint

tflint expect that all referenced modules will be already installed and described in our manifest.

https://github.com/terraform-linters/tflint/blob/66c7be71b6b18bbd4cd93ce843098acd5dc74642/terraform/loader.go#L126-L141

v1.2.2-1

v1.2.2-1...v1.2.2-1 | Base revision

Bug Fixes

#1576 #1578 test-module: Run terraform init to install providers and modules

v1.2.1

Issues | Pull Requests | v1.2.0...v1.2.1 | Base revision

Bug Fixes

#1572 apply: Fix a bug the template invalid-workflow-sha isn't found

v1.2.0

Issues | Pull Requests | v1.1.1...v1.2.0 | Base revision

Features

#1554 Support executing Terraform compatible tools such as OpenTofu and Terragrunt instead of Terraform

Caution

We don't usually use OpenTofu and Terragrunt, so we haven't done only simple verification.

https://suzuki-shunsuke.github.io/tfaction/docs/feature/use-terraform-compatible-tool/

tfaction executes Terraform commands such as terraform init, fmt, validate, plan, apply, and so on.
This release enables you to execute any tools compatible with Terraform instead of Terraform.
You can use tools such as OpenTofu and Terragrunt instead of Terraform.

How to use

You can specify a tool by the setting terraform_command in tfaction-root.yaml and tfaction.yaml.

tfaction-root.yaml

terraform_command: tofu # terragrunt
target_groups:
  - working_directory: aws/
    terraform_command: tofu # terragrunt

tfaction.yaml

terraform_command: tofu # terragrunt

Then the given command is executed instead of terraform.
For example, if terraform_command is tofu, commands such as tofu init, fmt, validate, plan, apply are executed instead of terraform.

💡 Combine OpenTofu and Terragrunt

You can also combine OpenTofu and Terragrunt.

1. Set terraform_command to terragrunt
2. Set the environment variable TERRAGRUNT_TFPATH to tofu

💡 Validate terraform_command

You can validate terraform_command in GitHub Actions Workflows.

e.g.

- uses: suzuki-shunsuke/tfaction/get-target-config@v1.2.0
  id: target-config

- run: |
    echo "::error:: terraform_command is invalid"
    exit 1
  if: |
    ! contains(fromJSON('["terraform", "terragrunt", "tofu"]'), steps.target-config.outputs.terraform_command)

v1.1.1

Issues | Pull Requests | v1.1.0...v1.1.1 | Base revision

Fixes

#1538 chore(deps): update suzuki-shunsuke/trivy-config-action action to v0.2.2

You can specify Trivy's configuration file path by the nevironment variable TRIVY_CONFIG in GitHub Actions Workflows.

env:
  TRIVY_CONFIG: ${{ github.workspace }}/trivy.yaml

v1.1.0

Issues | Pull Requests | v1.0.4...v1.1.0 | Base revision

Features

#1519 Allow conftest policy directory to be specified in global config

v1.1.0-1

v1.1.0-1...v1.1.0-1 | Base revision

Features

#1519 Allow conftest policy directory to be specified in global config