Skip to content

v7.0.0

Compare
Choose a tag to compare
@sj-williams sj-williams released this 01 May 14:16
· 28 commits to main since this release
6e9c083

What's Changed

Full Changelog: 6.1.1...7.0.0

Breaking Changes

Headline:
If optional github_environments field is set, any pre-existing default repository ECR secrets and variables will be deleted.

This release introduces functionality that could potentially break some existing GitHub Actions pipelines that utilise GitHub Secrets and Variables. Please read this guidance thoroughly and check that your GitHub Actions workflows are configured correctly.

Action required

If you’re using the ECR module in your environment, and are not setting the optional github_environments field, then this 7.0.0 update will have no impact on your CI/CD workflows and you can ignore this guidance.

If you are setting the github_environments field, then you should be accessing your ECR secrets and variables:

ECR_ROLE_TO_ASSUME
ECR_REGION
ECR_REPOSITORY
(these will vary if you are setting github_actions_prefix in your module call)

from your own defined GitHub environments within your repository workflows. This can be verified by reviewing your GitHub Actions yaml ECR build configurations and verifying that your ECR secrets and variables are scoped within an environment block, similar to the below workflow snippet:

on:
  push:
    branches: [main]

jobs:
  ecr:
  environment: development          # <-- Your environment name here
    runs-on: ubuntu-latest
    ...
    ...
    steps:
     ...
     # Assume role in Cloud Platform
     - uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }}          # <-- environment scoped secret
          aws-region: ${{ vars.ECR_REGION }}          # <-- environment scoped variable

Should you find any ECR secrets or variables that are referenced outside of an environment block's scope, then you are still using the default repository GitHub variables, and you must remediate before updating.