28 Oct 15:42

12b6691

v2.4.0 Latest

Latest

Fixed missing provider configuration for SSM data sources in the notifications module. @Musthaq101 (#47)

## what - Added `provider = aws.config_secrets` to `data.aws_ssm_parameters_by_path.argocd_notifications` - Added `provider = aws.config_secrets` to `data.aws_ssm_parameter.github_notifications_app_private_key`

why

All encrypted SSM parameter data sources in this component should use the aws.config_secrets provider alias to enable cross-account access to the secrets store.

references

Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
Use closes #123, if this PR closes a GitHub issue #123

Summary by CodeRabbit

Chores
- Updated infrastructure configuration to explicitly scope notification services through the designated secret configuration provider for improved resource isolation and security.

Contributors

Musthaq101

Assets 2

14 Oct 13:28

cloudposse-releaser

v2.3.0

065ab5d

v2.3.0

component has a bug where it doesn't specify the provider for reading GitHub API key @Musthaq101 (#46)

## what * Consistent with codebase pattern: Other SSM parameter reads in data.tf and notifications.tf already use the same provider = aws.config_secrets pattern * Proper provider alias: The aws.config_secrets provider is defined in provider-secrets.tf and configured to access SSM parameters from a potentially different account/region * Correct for secrets management: GitHub credentials should be read from the designated secrets store account, not the default provider region

why

The v2.2.0 component has a bug where it doesn't specify the provider for reading GitHub API key.
Other SSM parameters (like OIDC, deploy keys, notifications) correctly use provider = aws.config_secrets, but the GitHub API key was missing this line.

references

Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
Use closes #123, if this PR closes a GitHub issue #123

Summary by CodeRabbit

Bug Fixes
- Improved reliability of secret retrieval by explicitly using the correct configuration for secure parameters, reducing intermittent failures across environments.
Chores
- Standardized infrastructure configuration for fetching secrets to ensure consistency across accounts and regions. No user-facing behavior changes.

Contributors

Musthaq101

Assets 2

26 Sep 21:35

cloudposse-releaser

v2.2.0

d0b24cb

v2.2.0

feat: Deploy Keys as Optional and GitHub Apps @milldr (#42)

## what - Deploy keys for accessing the desired state repo are optional. - Use a GitHub App to access the desired state repo

why

Use a GitHub App rather than deploy keys

references

cloudposse-terraform-components/aws-argocd-github-repo#43

Summary by CodeRabbit

New Features
- Added optional GitHub App authentication for Argo CD repositories with a toggle to switch between deploy keys and GitHub App.
- Streamlined RBAC scopes logic; removed the default readonly policy.
Bug Fixes
- Safer handling of missing notification webhook configurations to avoid iteration errors.
Documentation
- Cleaned up README formatting in the References section.
Chores
- Updated .gitignore to exclude account-map/ directories.

🚀 Enhancements

chore(deps): bump github.com/ulikunitz/xz from 0.5.11 to 0.5.14 in /test @[dependabot[bot]](https://github.com/apps/dependabot) (#39)

Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.11 to 0.5.14.

Commits

7184815 Preparation of release v0.5.14
88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
c8314b8 Add new package xio with WriteCloserStack
4f11dce Update README.md and SECURITY.md to address security questions
f56ebbf TODO.md: fix a typo
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#45)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#44)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.43.0 @[renovate[bot]](https://github.com/apps/renovate) (#43)

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

Package	Type	Update	Change
terraform-linters/tflint-ruleset-aws	plugin	minor	`0.42.0` -> `0.43.0`

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

`v0.43.0`

Compare Source

What's Changed

Breaking Changes

Remove aws_ecs_account_setting_default_invalid_name rule by @wata727 in #949

Enhancements

Update AWS provider/module and generated content by @github-actions[bot] in #921
Update AWS provider/module and generated content by @github-actions[bot] in #948

Chores

Bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in #927
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #928
Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by @dependabot[bot] in #931
Bump github.com/hashicorp/terraform-json from 0.25.0 to 0.26.0 by @dependabot[bot] in #930
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #929
Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #932
Bump the aws-sdk group with 7 updates by @dependabot[bot] in #933
Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #934
Bump github.com/zclconf/go-cty from 1.16.3 to 1.16.4 by @dependabot[bot] in #935
dependabot: allow actions writes by @wata727 in #936
Fix E2E tests to take into account the newly added JSON fields by @wata727 in #944
Bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by @dependabot[bot] in #937
Bump github.com/aws/smithy-go from 1.22.5 to 1.23.0 by @dependabot[bot] in #938
Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #940
Bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 by @dependabot[bot] in #942
Bump github.com/hashicorp/aws-sdk-go-base/v2 from...

Contributors

goruha and milldr

Assets 2

01 Jul 01:04

cloudposse-releaser

v2.1.1

01b5259

v2.1.1

chore(deps): restrict aws provider version to < 6.0.0 @Benbentwo (#32)

This pull request includes a version constraint update for the AWS provider in the Terraform configuration file `src/versions.tf`. The change ensures compatibility with versions up to but not including 6.0.0.

src/versions.tf: Updated the version constraint for the aws provider to >= 4.9.0, < 6.0.0 to ensure compatibility with future versions while avoiding potential breaking changes in version 6.0.0.

Summary by CodeRabbit

Chores
- Updated provider version requirements to restrict aws and helm to specific version ranges, ensuring compatibility with future updates.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#35)

## what This is an auto-generated PR that updates the README.md and docs