Releases: kartverket/github-workflows
Releases · kartverket/github-workflows
v4.4.2: Merge pull request #110 from kartverket/enable_onprem
v4.4.1
v4.4.0
What's Changed
- Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #104
- Bump actions/upload-artifact from 3 to 4 by @dependabot in #81
- Bump actions/download-artifact from 3 to 4 by @dependabot in #80
- Bump google-github-actions/setup-gcloud from 1 to 2 by @dependabot in #76
- Simplify run-terraform workflow by @omaen in #106
Removed
- Breaking: Removed support for gathering secrets from on-prem Vault. No action needed unless you are using
vault_role
input to the run-terraform workflow. - Removed terraform check (validate and format) as separate job, and moved this to the plan job.
Full Changelog: v4.3.0...v4.4.0
v4.3.0: Merge pull request #105 from kartverket/add_octsts
Changelog:
- Add
use_platform_modules
for authentication with octosts on internal repos
v4.2.2 - Add run-kubectl workflow
Adds the run-kubectl workflow. Lets you run kubectl from github runners!
docs: https://skip.kartverket.no/docs/github-actions/kubectl-fra-github
v4.2.1
v4.2.0 - New Dependabot auto-merge workflow
What's Changed
New features
Fixes
- Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in #83
- Bump github/codeql-action from 2 to 3 by @dependabot in #78
- Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #84
- [Sikkerhet] Oppdaterer beskrivelse.yaml fra versjon 1.0 til 2.0 by @sarmil in #88
- Bump aquasecurity/trivy-action from 0.17.0 to 0.19.0 by @dependabot in #89
- Bump hashicorp/setup-terraform from 3.0.0 to 3.1.1 by @dependabot in #91
- Bump aquasecurity/trivy-action from 0.19.0 to 0.22.0 by @dependabot in #95
- Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by @dependabot in #96
- Bump docker/login-action from 2.2.0 to 3.2.0 by @dependabot in #94
- Run dependabot weekly by @eliihen in #79
- Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @dependabot in #97
New Contributors
Full Changelog: v4.1.0...v4.2.0
Support for Azure credentials
What's Changed
- Bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #62
- Bump aquasecurity/trivy-action from 0.10.0 to 0.11.0 by @dependabot in #61
- Bump aquasecurity/trivy-action from 0.11.0 to 0.11.2 by @dependabot in #63
- Bump actions/checkout from 3 to 4 by @dependabot in #64
- Bump hashicorp/setup-terraform from 2.0.3 to 3.0.0 by @dependabot in #70
- [Sikkerhet] Oppretter sikkerhetsmappa med beskrivelse.yaml og legger til Security Champion i CODEOWNERS by @jorn-ola-birkeland in #68
- Bump actions/github-script from 6 to 7 by @dependabot in #73
- Bump actions/setup-node from 3 to 4 by @dependabot in #67
- Bump google-github-actions/auth from 1 to 2 by @dependabot in #74
- Bump aquasecurity/trivy-action from 0.11.2 to 0.16.0 by @dependabot in #77
- Add optional secrets for Azure integration by @evenh in #82
New Contributors
- @jorn-ola-birkeland made their first contribution in #68
- @evenh made their first contribution in #82
Full Changelog: v4.0.1...v4.1.0
v4.0.1
What's Changed
- Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 by @dependabot in #59
- Explicitly set location in get-credentials by @esphen in #60
Full Changelog: v4.0.0...v4.0.1
v4.0.0
BREAKING CHANGES
post-build-attest
is no longer a supplied workflow. We simply suggest removing every instance of this workflow from your own workflows.image_url
is no longer a valid input for therun-terraform
. This can be safely removed without adding anything else.
Features to note
- Binary Authorization - Binauth has been completely removed from all workflows, which removes the need for
post-build-attest
. Binauth was found to not be mature enough for our needs, and we are looking into other options for image provenance and signing. - Customize security level - When running the workflow
run-security-scans
you are now able to add the new inputallow_severity_level
. This input takes one of the following inputscritical
,high
,medium
, which denotes the highest level of severity that can occur on a scan while still allowing the security scan to pass without errors. - Terraform destroy plan - When running
run-terraform
with thedestroy: true
input, you now get a plan for this destruction during the terraform plan step. - Easier branch input - Using the
deploy-on
flag inrun-terraform
now allows for using only the branch name and not the full github reference.
(The last two features are from older versions, but have not been announced)
What's Changed
- [SKIP-906] Allow customization of RSS severity by @anderssonw in #48
- [SKIP-851] Binauth attestation redux by @anderssonw in #46
- Fixed typos in run-security-scans.yml by @lislei in #51
- Bump aquasecurity/trivy-action from 0.8.0 to 0.9.0 by @dependabot in #52
- [SKIP-667] Image digest output by @anderssonw in #53
- Updates README to better reflect new Binauth changes by @anderssonw in #50
- Bump aquasecurity/trivy-action from 0.9.0 to 0.9.1 by @dependabot in #55
- Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 by @dependabot in #56
- [SKIP-1008] Remove binauth by @anderssonw in #57
New Contributors
Full Changelog: v3.1.3...v4.0.0