Skip to content

Latest commit

 

History

History
309 lines (245 loc) · 15.6 KB

File metadata and controls

309 lines (245 loc) · 15.6 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[4.0.6] - 2026-06-19

Changed

  • Bump zad-cli from v0.6.0 to v0.8.0 (admin orphan-report/orphan-confirm commands, and a new structured error diagnosis layer with source labels, next-step suggestions and CI exit codes 1/2/3)
  • Update report_zad_error to read zad-cli's new diagnosis JSON (headline, summary, next_steps) so error annotations surface the cause and remediation; falls back to the old flat error field for version skew. Network/unknown failures (HTTP status 0) now keep their message instead of dropping it.

[4.0.5] - 2026-05-19

Changed

  • Bump zad-cli from v0.5.0 to v0.6.0 (restore deployment, pvc-snapshots and admin commands, async admin delete, syncs with upstream ZAD API changes from 2026-05-18; zad-cli drops the -s alias and renders list commands as tables, but the actions do not parse that output so no behaviour change here)

[4.0.4] - 2026-05-07

Changed

  • Bump zad-cli from v0.3.0 to v0.5.0 (v2 deployment read endpoints, mutation confirmations, faster describe, plus error/validation fixes)
  • Bump softprops/action-gh-release from v2 to v3 in release workflow (moves release job to Node 24 runtime)

[4.0.3] - 2026-04-21

Changed

  • Bump zad-cli from v0.2.1 to v0.3.0 (syncs with upstream ZAD API changes from 2026-04-20)

[4.0.2] - 2026-04-21

Changed

[4.0.1] - 2026-04-07

Changed

  • Bump zad-cli from v0.1.1 to v0.1.2
  • Update all documentation references from @v3 to @v4
  • Update root README API section to reflect zad-cli usage

[4.0.0] - 2026-04-07

Changed

  • all actions: Replace curl+bash API layer with zad-cli (pinned to v0.1.1)
    • deploy: ~200 lines of curl/jq/polling replaced by single zad deployment create call
    • cleanup: ~80 lines of curl/polling replaced by single zad deployment delete call
    • scheduled-cleanup: same inline curl/polling replaced by shared zad_delete_deployment helper
    • Retry logic, task polling, and error handling now delegated to the CLI
    • Net reduction: ~310 lines of duplicated bash
  • scripts/zad-common.sh: Rewritten — curl_with_retry, poll_task, and build_poll_url replaced by install_zad_cli, validate_input, validate_integer, report_zad_error, and zad_delete_deployment
  • all actions: ZAD configuration now uses ZAD_* env vars (ZAD_API_URL, ZAD_PROJECT_ID, ZAD_MAX_RETRIES, ZAD_RETRY_DELAY, ZAD_TASK_TIMEOUT, ZAD_TASK_POLL_INTERVAL) consumed directly by the CLI

Added

  • all actions: astral-sh/setup-uv step to ensure uv is available on GitHub runners
  • all actions: $HOME/.local/bin added to GITHUB_PATH after install so zad is available across steps

Fixed

  • all actions: validate_input and validate_integer now exit 1 instead of return 1 (validation failures were silently ignored without set -e)
  • scheduled-cleanup: Add missing validate_input "project-id" check (was present in deploy and cleanup but missing here)
  • all actions: Improve error message when CLI fails with no HTTP status code

3.2.0 - 2026-03-20

Added

  • deploy action: Optional domain configuration inputs (domain-format, subdomain, base-domain) for custom hostname generation
    • Input validation consistent with existing fields
    • Early-fail when domain-format contains "subdomain" but subdomain is not set

Changed

  • deploy: URL fallback removed — action now fails with an error when the API response does not include a URL, instead of silently constructing one

3.1.0 - 2026-03-19

Added

  • cleanup: Multi-container deletion support
    • New containers input: JSON array of [{"org": "...", "name": "...", "tag": "..."}]
    • Deletes all container images in a single cleanup call
    • When set, container-org/container-name/container-tag inputs are ignored
    • Best-effort: each container deletion is independent
    • Backward compatible: existing single-container inputs continue to work

Fixed

  • deploy: Fix multi-component urls output writing multi-line JSON to GITHUB_OUTPUT — use jq -c for compact single-line output

3.0.0 - 2026-03-19

Changed

  • BREAKING: Migrate from synchronous V1 API to async V2 API
    • Deploy, cleanup, and scheduled-cleanup now use /api/v2/ endpoints
    • Operations return a task ID immediately (HTTP 202) and are polled until completion
    • Task progress (percentage, current step) is logged during polling
    • Users must update from @v2 to @v3 to use this version
  • all actions: Extract curl_with_retry, poll_task, and build_poll_url to shared scripts/zad-common.sh
  • all actions: Poll URL construction now handles absolute URLs from the API (not just relative paths)
  • cleanup, scheduled-cleanup: Failed delete tasks now log ::error:: instead of ::warning:: (consistent with deploy)

Added

  • all actions: New task-timeout input (default: 300s) — maximum wait for async task completion
  • all actions: New task-poll-interval input (default: 3s) — interval between task status polls
  • deploy action: Multi-component deployment support
    • New components input: JSON array of [{"name": "...", "image": "..."}]
    • Deploys all components in a single API call
    • When set, component and image inputs are ignored
    • New urls output: JSON object mapping component names to URLs
    • url output returns the first component's URL for backward compatibility
    • PR comment combines all component URLs into a single comment
    • component and image inputs are now optional (at least one approach must be provided)

Fixed

  • deploy: PR comment URL parsing now uses tab delimiter instead of =, preventing breakage when URLs contain query parameters
  • all actions: poll_task() now fails fast on 4xx HTTP errors instead of retrying until timeout
  • scheduled-cleanup: Added missing validation for task-timeout and task-poll-interval inputs

2.4.0 - 2026-03-03

Added

  • deploy action: Per-component PR comments
    • Each component now gets its own PR comment (e.g. ## 🚀 Preview Deployment — web)
    • No more overwriting: deploying multiple components via matrix strategy creates separate comments
    • Re-deploying a component updates only its own comment
    • Cleanup action still removes all component comments (matches on shared header prefix)

Fixed

  • deploy action: Use URL from API response instead of hardcoded construction
    • Projects with subdomain configuration (e.g. deployment-name mode) now get the correct URL
    • Falls back to constructed URL with a warning if API response doesn't include URLs

2.3.0 - 2026-02-19

Added

  • deploy action: New path-suffix input to append a path to the deployment URL (e.g. /docs/)
    • The suffix is included in the url output, PR comment, and QR code
    • Handles leading/trailing slashes gracefully

2.2.1 - 2026-02-19

Fixed

  • scheduled-cleanup: Allow $ regex anchor in environment-pattern and pr-number-pattern inputs (was incorrectly blocked as a dangerous shell character)

2.2.0 - 2026-02-19

Added

  • deploy, cleanup, and scheduled-cleanup actions: Retry with exponential backoff for transient ZAD API errors
    • New inputs: max-retries (default: 3), retry-delay (default: 2)
    • Retries on network errors (HTTP 000), rate limits (429), and server errors (500-504)
    • Does not retry on auth errors (401, 403) or not found (404)
    • Backoff: 2s → 4s → 8s (worst-case 14s extra)
    • Retry logic extracted into shared curl_with_retry bash function
    • Note: only ZAD API calls are retried; GitHub API calls use best-effort error handling
  • scheduled-cleanup action: Periodically find and clean up stale PR environments
    • Scans GitHub environments matching a configurable regex pattern
    • Checks PR state and marks closed/merged PRs as stale
    • Optional age-based cleanup via max-age-days
    • Dry-run mode for safe testing
    • Cleans up ZAD deployments, GitHub deployments/environments, and container images
    • Smart rate limiting: reads X-RateLimit-Remaining header and only pauses when approaching the limit (replaces blind 0.5s delay)
    • Input validation for environment-pattern and pr-number-pattern (including sed e flag injection protection)
    • cleaned-count output defaults to 0 when no cleanup is needed
    • Compact JSON output for stale-environments to prevent GITHUB_OUTPUT corruption
    • Safe date parsing: warns and skips age check instead of falling back to epoch 0
    • Container deletion uses 2>/dev/null instead of 2>&1 to prevent stderr leaking into captured output

Changed

  • deploy, cleanup: ZAD API calls now retry 3 times by default on transient errors (was 0). This adds up to 14s extra delay on persistent failures. Set max-retries: '0' to restore previous fail-fast behavior.
  • deploy, cleanup: github-token default now consistently quoted as '${{ github.token }}'

Fixed

  • scheduled-cleanup: cleaned-count no longer counts 404 (already deleted) as successfully cleaned
  • scheduled-cleanup: Admin token no longer leaks into subsequent operations if environment deletion fails (uses subshell)
  • scheduled-cleanup: pr-number-pattern is now validated in both find-stale and cleanup steps (defense-in-depth)

2.1.0 - 2026-02-18

Added

  • deploy and cleanup actions: Skip bot PR deployments by default
    • New input: skip-bot-prs (default: true)
    • New output: skipped
    • Detects bots via GitHub user type and known bot list (dependabot, renovate, pre-commit-ci, github-actions)
    • Set skip-bot-prs: 'false' to restore previous behavior
    • Supports both pull_request and pull_request_target events

Security

  • CI workflow: Add explicit permissions: contents: read to all jobs to comply with GitHub security best practices

2.0.1 - 2026-02-06

Fixed

  • deploy QR code not displaying in PR comments (switched from base64 PNG to text-based UTF8 format)
  • cleanup action: Handle deletion of last tagged package version by deleting entire package when needed

Changed

  • Update all documentation examples to use @v2 instead of @v1
  • SECURITY.md: Mark v1.x.x as end of life, v2.x.x as supported

2.0.0 - 2026-02-02

Added

  • cleanup action: PR comment delete feature
    • Delete the deploy PR comment when PR is closed (default: enabled)
    • New inputs: delete-pr-comment, comment-header
    • New output: pr-comment-deleted

Removed

  • BREAKING cleanup action: update-pr-comment input (use delete-pr-comment instead)
  • BREAKING cleanup action: pr-comment-updated output (use pr-comment-deleted instead)

Migration from v1

If you use the cleanup action with update-pr-comment, update your workflow:

  • Replace update-pr-comment: true with delete-pr-comment: true
  • The output pr-comment-updated is now pr-comment-deleted
  • Note: delete-pr-comment defaults to true, so you can remove it if you want the comment deleted

1.3.0 - 2026-02-02

Added

  • deploy action: Wait for ready feature
    • Wait for deployment to be reachable before continuing
    • New inputs: wait-for-ready, health-endpoint, wait-timeout, wait-interval
    • Polls deployment URL until HTTP 2xx/3xx or timeout
    • PR comment only appears after deployment is healthy (when combined with comment-on-pr)
  • deploy action: QR code in PR comment
    • New input: qr-code (default: false)
    • QR code for easy mobile testing of preview deployments
    • Generated locally using qrencode (no external API calls, privacy-friendly)
  • .editorconfig for consistent editor formatting
  • .github/dependabot.yml for automated GitHub Actions updates
  • .gitignore for local settings and Claude plans
  • .claude/ configuration for AI assistant (coding rules, skills, workflow)

Changed

  • .pre-commit-config.yaml: require minimum version 4.5.0
  • CONTRIBUTING.md: simplify setup with uv instead of pip
  • release.yml: verify CHANGELOG entry exists, rollback tag on failure
  • deploy and cleanup actions: github-token now defaults to github.token
    • No longer necessary to explicitly pass github-token: ${{ secrets.GITHUB_TOKEN }}
    • Only needed when using a custom PAT for cross-repository operations
  • Bump actions/checkout from v4 to v6

Internal

  • Added justfile for common development tasks
  • Added pre-commit.ci configuration (weekly autoupdates, skip duplicates with CI)

1.2.0 - 2026-01-22

Added

  • cleanup action: PR comment update feature
    • Update the deploy PR comment to show cleanup status when PR is closed
    • New inputs: update-pr-comment, comment-header
    • New output: pr-comment-updated

1.1.0 - 2026-01-22

Added

  • deploy action: PR commenting feature
    • Automatically post/update a comment on PRs with the deployment URL
    • New inputs: comment-on-pr, github-token, comment-header
    • Upsert behavior: updates existing comment instead of creating duplicates
  • CI/CD pipeline with ShellCheck, actionlint, and yamllint
  • Branch protection and governance files (CODEOWNERS, issue templates, PR template)
  • CONTRIBUTING.md with development guidelines
  • SECURITY.md with security policy
  • Pre-commit hooks configuration

Fixed

  • ShellCheck warnings: properly quoted GITHUB_OUTPUT
  • Actionlint configuration to only lint workflow files

1.0.0 - 2026-01-22

Added

  • Initial release of ZAD Actions
  • deploy action: Deploy container images to ZAD Operations Manager
    • Support for cloning configuration from existing deployments
    • force-clone parameter to re-clone even if deployment exists
    • Input validation for security (alphanumeric, hyphens, underscores, dots only)
    • 60-second curl timeout to prevent hanging
  • cleanup action: Remove ZAD deployments and GitHub resources
    • Delete ZAD deployments via Operations Manager API
    • Delete GitHub deployments (mark inactive, then delete)
    • Delete GitHub environments (requires admin token)
    • Delete container images from GHCR
    • Best-effort cleanup (continues even if individual steps fail)
  • Comprehensive documentation with examples
  • EUPL-1.2 license

Security

  • Input validation before logging to prevent injection attacks
  • Secure handling of API keys via environment variables
  • Dangerous character detection for container inputs