v1.0.2

What's changed

This is the initial stable release of aws-ssm-action — a ground-up rewrite with modern tooling, OIDC-first authentication, and a strong security baseline.

Features

• OIDC authentication — works natively with aws-actions/configure-aws-credentials; no long-lived secrets required
• Static credential fallback — pass aws-access-key-id, aws-secret-access-key, and optionally aws-session-token when OIDC is not available
• Credential masking — all static credentials are immediately masked via core.setSecret() before any logging occurs
• Multi-line commands — use YAML block scalars (command: |) to run multiple commands sequentially; SSM stops on first non-zero exit
• Multi-instance targeting — newline-separated instance-ids with a hard cap of 50 instances per dispatch
• Strict input validation — region, instance IDs, and working directory are validated with tight regex patterns before any AWS call is made
• command-id output — exposes the SSM Run Command UUID for downstream steps (status polling, audit trails)
• Node 24 runtime — runs on node24, GitHub's latest supported Actions runtime
• AWS SDK v3 — uses @aws-sdk/client-ssm v3 (modular, tree-shakeable, actively maintained)
• Self-contained bundle — built with Bun; dist/index.js ships as a single minified file with no runtime dependencies
• Supply chain protection — all workflows install safe-chain (SHA256-verified) before bun install to block newly published packages
• Immutable releases — every release is tagged and the floating v1 major tag is force-pushed; pin by commit SHA for fully reproducible builds

Usage

Pin to this exact release:

uses: zAbuQasem/aws-ssm-action@0aec02fd68b1c7fe1af3f3d49bc375487ba01c27 # v1.0.2