v7.0.0
What's Changed
- Update example to use the latest release by @poornima-krishnasamy in #103
- Repo vars condition by @sj-williams in #109
Full Changelog: 6.1.1...7.0.0
Breaking Changes
Headline:
If optional github_environments
field is set, any pre-existing default repository ECR secrets and variables will be deleted.
This release introduces functionality that could potentially break some existing GitHub Actions pipelines that utilise GitHub Secrets and Variables. Please read this guidance thoroughly and check that your GitHub Actions workflows are configured correctly.
Action required
If you’re using the ECR module in your environment, and are not setting the optional github_environments
field, then this 7.0.0
update will have no impact on your CI/CD workflows and you can ignore this guidance.
If you are setting the github_environments
field, then you should be accessing your ECR secrets and variables:
ECR_ROLE_TO_ASSUME
ECR_REGION
ECR_REPOSITORY
(these will vary if you are setting github_actions_prefix
in your module call)
from your own defined GitHub environments within your repository workflows. This can be verified by reviewing your GitHub Actions yaml ECR build configurations and verifying that your ECR secrets and variables are scoped within an environment
block, similar to the below workflow snippet:
on:
push:
branches: [main]
jobs:
ecr:
environment: development # <-- Your environment name here
runs-on: ubuntu-latest
...
...
steps:
...
# Assume role in Cloud Platform
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} # <-- environment scoped secret
aws-region: ${{ vars.ECR_REGION }} # <-- environment scoped variable
Should you find any ECR secrets or variables that are referenced outside of an environment
block's scope, then you are still using the default repository GitHub variables, and you must remediate before updating.