Releases: ministryofjustice/modernisation-platform-terraform-environments
Releases · ministryofjustice/modernisation-platform-terraform-environments
v6.0.0
Breaking Changes
- AWS Provider constraint is now set to
~> 5.x. - This will conflict with modules that enforce a constraint of
~> 4.x. You can useterraform providersto show any potential conflicts.
What's Changed
- Bump github/codeql-action from 2.2.2 to 2.2.3 by @dependabot in #44
- Bump github/codeql-action from 2.2.3 to 2.2.4 by @dependabot in #45
- Added code scanning workflow task by @dms1981 in #46
- Bump actions/cache from 3.2.5 to 3.2.6 by @dependabot in #47
- Bump bridgecrewio/checkov-action from 12.2138.0 to 12.2149.0 by @dependabot in #48
- Ensure sarif upload runs regardless of scanning exit code by @dms1981 in #49
- Update code-scanning to support GITHUB_TOKEN, scoped permissions, added scan exclusions by @dms1981 in #50
- Bump bridgecrewio/checkov-action from 12.2151.0 to 12.2155.0 by @dependabot in #51
- Bump bridgecrewio/checkov-action from 12.2155.0 to 12.2164.0 by @dependabot in #52
- Bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #53
- Bump bridgecrewio/checkov-action from 12.2164.0 to 12.2166.0 by @dependabot in #54
- Bump bridgecrewio/checkov-action from 12.2166.0 to 12.2172.0 by @dependabot in #56
- Bump ministryofjustice/github-actions from 10 to 11 by @dependabot in #57
- Bump bridgecrewio/checkov-action from 12.2172.0 to 12.2180.0 by @dependabot in #58
- Bump bridgecrewio/checkov-action from 12.2180.0 to 12.2183.0 by @dependabot in #59
- Bump bridgecrewio/checkov-action from 12.2183.0 to 12.2184.0 by @dependabot in #60
- Bump bridgecrewio/checkov-action from 12.2184.0 to 12.2188.0 by @dependabot in #61
- Bump actions/cache from 3.2.6 to 3.3.0 by @dependabot in #62
- Bump github/codeql-action from 2.2.5 to 2.2.6 by @dependabot in #63
- Bump bridgecrewio/checkov-action from 12.2188.0 to 12.2197.0 by @dependabot in #64
- Bump actions/cache from 3.3.0 to 3.3.1 by @dependabot in #65
- Bump bridgecrewio/checkov-action from 12.2197.0 to 12.2201.0 by @dependabot in #66
- Bump bridgecrewio/checkov-action from 12.2201.0 to 12.2203.0 by @dependabot in #68
- Bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #67
- Bump github/codeql-action from 2.2.6 to 2.2.7 by @dependabot in #69
- Bump bridgecrewio/checkov-action from 12.2203.0 to 12.2204.0 by @dependabot in #70
- Bump bridgecrewio/checkov-action from 12.2204.0 to 12.2216.0 by @dependabot in #72
- Bump github/codeql-action from 2.2.7 to 2.2.8 by @dependabot in #73
- Bump bridgecrewio/checkov-action from 12.2216.0 to 12.2218.0 by @dependabot in #74
- Bump bridgecrewio/checkov-action from 12.2218.0 to 12.2223.0 by @dependabot in #76
- Bump github/codeql-action from 2.2.8 to 2.2.9 by @dependabot in #79
- Bump bridgecrewio/checkov-action from 12.2223.0 to 12.2232.0 by @dependabot in #78
- Bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #77
- Bump bridgecrewio/checkov-action from 12.2232.0 to 12.2236.0 by @dependabot in #80
- Bump bridgecrewio/checkov-action from 12.2236.0 to 12.2242.0 by @dependabot in #82
- Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #81
- Bump bridgecrewio/checkov-action from 12.2242.0 to 12.2256.0 by @dependabot in #85
- Bump bridgecrewio/checkov-action from 12.2256.0 to 12.2258.0 by @dependabot in #86
- Bump github/codeql-action from 2.2.9 to 2.2.10 by @dependabot in #87
- Bump github/codeql-action from 2.2.10 to 2.2.11 by @dependabot in #88
- Bump bridgecrewio/checkov-action from 12.2258.0 to 12.2264.0 by @dependabot in #89
- Bump bridgecrewio/checkov-action from 12.2264.0 to 12.2265.0 by @dependabot in #90
- Bump actions/checkout from 3.5.0 to 3.5.1 by @dependabot in #91
- Bump github/codeql-action from 2.2.11 to 2.2.12 by @dependabot in #92
- Bump actions/checkout from 3.5.1 to 3.5.2 by @dependabot in #94
- Bump bridgecrewio/checkov-action from 12.2265.0 to 12.2270.0 by @dependabot in #93
- Bump ministryofjustice/github-actions from 11 to 12 by @dependabot in #96
- Bump bridgecrewio/checkov-action from 12.2270.0 to 12.2280.0 by @dependabot in #95
- Bump bridgecrewio/checkov-action from 12.2280.0 to 12.2286.0 by @dependabot in #97
- Bump bridgecrewio/checkov-action from 12.2286.0 to 12.2289.0 by @dependabot in #98
- Bump bridgecrewio/checkov-action from 12.2289.0 to 12.2294.0 by @dependabot in #99
- Bump github/codeql-action from 2.2.12 to 2.3.0 by @dependabot in #100
- Bump bridgecrewio/checkov-action from 12.2294.0 to 12.2301.0 by @dependabot in #101
- Bump github/codeql-action from 2.3.0 to 2.3.1 by @dependabot in #102
- Bump bridgecrewio/checkov-action from 12.2301.0 to 12.2305.0 by @dependabot in #103
- Bump github/codeql-action from 2.3.1 to 2.3.2 by @dependabot in #104
- Bump bridgecrewio/checkov-action from 12.2305.0 to 12.2314.0 by @dependabot in #106
- Bump bridgecrewio/checkov-action from 12.2314.0 to 12.2316.0 by @dependabot in #107
- Bump bridgecrewio/checkov-action from 12.2316.0 to 12.2322.0 by @dependabot in https://githu...
Contributors
dms1981, dependabot, and SteveLinden
Assets 2
v5.0.3
What's Changed
- Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #30
- Bump ministryofjustice/github-actions from 8 to 9 by @dependabot in #29
- Bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #31
- Bump ossf/scorecard-action from 2.0.6 to 2.1.0 by @dependabot in #32
- Bump ossf/scorecard-action from 2.1.0 to 2.1.1 by @dependabot in #33
- Bump ossf/scorecard-action from 2.1.1 to 2.1.2 by @dependabot in #34
- Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #35
- Bump actions/upload-artifact from 3.1.1 to 3.1.2 by @dependabot in #36
- Bump ministryofjustice/github-actions from 9 to 10 by @dependabot in #37
- Bump github/codeql-action from 2.1.37 to 2.1.38 by @dependabot in #38
- Bump github/codeql-action from 2.1.38 to 2.1.39 by @dependabot in #39
- Bump github/codeql-action from 2.1.39 to 2.2.1 by @dependabot in #41
- Bump github/codeql-action from 2.2.1 to 2.2.2 by @dependabot in #42
- Ignore changes to iam_user_access_to_billing by @davidkelliott in #43
Full Changelog: v5.0.2...v5.0.3
Contributors
davidkelliott and dependabot
Assets 2
Fix wrong name for a local variable
What's Changed
- Fix typo in name of one of the nuke lists. by @julialawrence in #28
Full Changelog: v5.0.1...v5.0.2
Contributors
julialawrence
Assets 2
Fixed definitions of nuke outputs for > 1 access blocks
What's Changed
nuke_accountandrebuild_after_nuke_accountswill accept multipleaccessblocks. Account will only be added to the lists ifaccess.levelof any of the development access blocks is equal tosandbox- If multiple sandbox access blocks are defined for a development account, with multiple values for
"nuke"excludewill take priority. - blocklist_nuke_account refactored for consistency.
Relevant Story: ministryofjustice/modernisation-platform#2400
Additionally
- Bump github/codeql-action from 2.1.35 to 2.1.36 by @dependabot in #26
- Refactoring nuke-related local definitions to account for one, many or no defined access blocks. by @julialawrence in #27
Full Changelog: v5.0.0...v5.0.1
Contributors
dependabot and julialawrence
Assets 2
Add outputs for awsnuke
What's Changed
Creating three dynamically generated outputs which will then be passed to the autonuke script via GitHub Actions Secrets
environment_nuke_accounts: all sandbox accounts which are not explicitly annotated with"nuke" : "exclude"in the environment json fileenvironment_rebuild_after_nuke_accounts: list of accounts to be rebuilt after autonuke completes. Annotated with"nuke": "rebuild"in the environments json filesblocklist_nuke_accounts: all preproduction, production and core accounts.
Additional Changes
- Added the CODEOWNERS file to identify modernisation platform by @SteveLinden in #15
- Add dependabot and compliance badge by @davidkelliott in #16
- Fix formatting by @davidkelliott in #17
- Added static analysis file to workflows by @ep-93 in #18
- Update README.md by @davidkelliott in #19
- Github actions security improvements by @davidkelliott in #21
- Create scorecards.yml by @davidkelliott in #22
- Bump actions/upload-artifact from 3.1.0 to 3.1.1 by @dependabot in #24
- Bump github/codeql-action from 2.1.27 to 2.1.35 by @dependabot in #25
- Add new outputs for Autonuke by @julialawrence in #23
New Contributors
- @SteveLinden made their first contribution in #15
- @ep-93 made their first contribution in #18
- @dependabot made their first contribution in #24
- @julialawrence made their first contribution in #23
Full Changelog: v4.0.0...v5.0.0
Contributors
davidkelliott, dependabot, and 3 other contributors
Assets 2
v4.0.0
Upgrade to TF 1.0.1 and AWS provider 3.47.0
v3.0.0
Breaking change.
- created sub OUs off of Modernisation-Platform OU for core, member and member-restricted
- moved all Modernisation-Platform member OUs into one of the above new OUs, this is controlled via the environments JSON files
- moved member accounts into new OUs
The OU structure change is required to enable better control of different
accounts types using SCPs
v2.0.0
v2.0.0
Breaking change
This module requires a structural change of environment JSON files. Instead of environments being a list or set, it must now be a list of maps.
Previous structure
{
"environments": ["production"],
"tags": {
"application": "",
"business-unit": "",
"owner": ""
}
}New structure
{
"environments": [
{
"name": "production"
}
],
"tags": {
"application": "",
"business-unit": "",
"owner": ""
}
}v1.0.0
Initial release of modernisation-platform-terraform-environments.