v6.0.0: Support Multiple Arguments with the Same Key

Highlights

Added support for passing comma-separated values, enabling multiple arguments to be generated with the same key. Use-cases include -target and -replace of multiple resources addresses.

Added

• Dynamically pass comma-separated values as multiple arguments to the same key.

Changed

• Optional chaining to parse argument values, when they exist.
• Instead of GitHub expressions with ternary operators, iterate of terraform variables with bash logic to account for: boolean flags, comma-separated and standard arguments.

Removed

• -target and -replace parameters from the uniquely identifying name of the terraform plan file.

Fixed

• Remove quotation marks outside of square brackets from argument value to account for -target/-replace with quotation marks in the resource address.

Security

• Only support v6 onwards.

Commits changelog: v5.2.0...v6.0.0

v5.2.0: Improve Terraform Output

Fixed

• Select the latest terraform output summary for the collapsible content's header (e.g., terraform apply -auto-approve where both plan and apply summaries are present in the output).

Commits changelog: v5.1.0...v5.2.0

v5.1.0: Fix Terraform Output and Variable Interpolations

Fixed

• Start terraform output on newline in collapsible content body.
• Reorder priority in which collapsible content title is determined.
• Interpolate -var-file accordingly, in context of: terraform plan, apply and -auto-approve commands/flags.
• Filter out lines relating to reading or refreshing state from terraform apply -auto-approve.
• Add PR label only if it isn't there already.

Commits changelog: v5.0.0...v5.1.0

v5.0.0: Native Terraform CLI with Improved PR Comment Output

Highlights

Replaced slower "dflook/terraform-*" actions with "hashicorp/setup-terraform", resulting in the workflow finishing 51% faster, saving 37 seconds on average, compared to the previous version. Terraform commands are run in parallel resulting in exponential time gains, compared the previously sequential approach, though your backend will have to handle concurrency.

Added

• "hashicorp/setup-terraform" action to setup Terraform on the runner, for direct CLI interoperability, instead of slower "dflook/terraform-*" actions.
• Explicitly populate every single Terraform CLI input option into environment variables for reuse throughout commands.
• Explicitly pass Terraform environment variables for executing CLI via automation.
• Custom PR comment script for any and all Terraform stdout/stderr output. Include command trigger and authorship for improved audit trail.
• CONFIGURE_TF_CHDIR_PREFIX to avoid unnecessarily long and repetitive commands.
• Upload uniquely-identifiable terraform plan output using "actions/upload-artifact" for download (and unzip) on subsequent terraform apply run (with actions: read permission).
• Document workflow trigger on pull_request synchronize event for automated terraform plan runs on PR updates.
• Collapsible sections for definitions in README.
• [!IMPORTANT], [!NOTE] and [!WARNING] callouts in README.
• "hashicorp.hcl" extension to .devcontainer.

Changed

• PR label format from tf:<directory> to terraform:<command>.
• PR label color from #7B42BC to #5C4EE5 to match GitHub's Terraform label.
• issue_comment-triggered commit status is applied in "pre" job and updated accordingly (since pull_request-triggered workflow does not need it).
• Rename "parse" job to "pre".

Removed

• Concurrency is scrapped, since that should be handled by Terraform's backend.
• Max-parallel is no longer limited, since Terraform runs in CI/CD are preferred in parallel rather than sequentially.
• Deployment status is no longer attached to terraform apply.
• Terraform CLI options documentation, since they are all available now.

Fixed

• Split-string-on-spaces logic supports both single and double quotation marks.
• Empty lines within multi-line comments are discarded.

Security

• Only support v5 onwards.

Commits changelog: v4.1.0...v5.0.0

v4.1.0: Terraform plan automation on pull request synchronize

Highlights

Instead of manually triggering terraform plan with every change on a pull request, the workflow should now find the last PR comment starting with -terraform=plan and run it automatically.

Added

• Pull request synchronize trigger to automatically run the latest -terraform=plan comment on every pull request change.

Changed

• Rename CONFIGURE_AWS_ROLE_TO_ASSUME boolean condition to use CONFIGURE_AWS_ROLE instead to simplify AWS authentication.
• Color the "tf:" label to match Terraform's brand color.
• Enforce synchronous execution instead of parallel concurrency for consistently repeatable runs.

Commits changelog: v4.0.0...v4.1.0

v4.0.0: Terraform via PR Comments

Highlights

Per discussion#64, the original labels-driven workflow was limited in how many arguments could be passed in. This release overhauls the workflow to be triggered by PR comments instead, enabling the full breadth of Terraform CLI arguments to be run.

Added

• Tailored Terraform dev container for remote development on GitHub Codespaces.
• Catered for AWS accounts with multiple concurrent environments.
• Straightforward usage examples with functional sample Terraform configuration stacks.

Changed

• Organization ownership aligned with @DevSecTop, along with associated boilerplate .github configuration files.
• Adopted more permissive Apache 2.0 license.

Deprecated

• Labels-driven workflow.

New Contributors

• @dependabot made their first contribution in #68

Commits changelog: v3.0.0...v4.0.0

v3.0.0: Reusable terraform workflow

Highlights

Introduced a reusable workflow which can be referenced directly from your own repository, while still benefiting from future updates.

Added

• Reusable workflow in terraform.yml.
• Example runner in terraform-runner.yml.
• Automate initial environment-labelling of pull requests.
• Feature modes to replicate Terraform CLI: tf_destroy and tf_auto_approve.
• Boilerplate files for security, contributing, conduct, pull request template and issue templates.

Updated

• Merge 'plan' and 'apply' jobs into a single job with conditional logic.

Commits changelog: v2.0.0...v3.0.0

v2.0.0: Add terraform prefix modes

Highlights

Implemented modes via label prefixes. In addition to the default tf:, we can use tf_destroy: to replicate terraform plan/apply -destroy as well as tf_apply: to replicate terraform apply -auto-approve directly within the PR.

Added

• Better concurrency grouping (view).
• Explicit permissions (view).

Updated

• More concise label-fetching script (view).
• Label-fetching script returns a list of tuples split on : separator: making it flexible for additional "modes" in the future (Comparing v1.1.0...main · rdhar/aws-terraform-multiple-environments (github.com)).
• Documentation around usage (aws-terraform-multiple-environments/README.md at aa0ebe2712fc550150e0a3961e31c26bd1651816 · rdhar/aws-terraform-multiple-environments · GitHub).

Removed

• Manual trigger via workflow_dispatch.
• Terraform validate as it's already a part of plan and apply.

Commits changelog: v1.1.0...v2.0.0

v1.1.0

Implemented supported for Terraform workspaces to render multi-environment state deployments with variable interpolation using a single configuration.

Commits changelog: v1.0.0...v1.1.0

v1.0.0

First production-ready iteration with a label-driven CI/CD workflow which features Terraform IaC to provide environment isolation to limit blast radius as well as shared, stateless modules.