Changed

• Remove allow_failure: true from commitlint and commitlint-hotfix jobs. This behaviour is no longer desirable as we've built our whole release-it process around the conventionalcommits specification. It's now more beneficial for these jobs to fail by default.

Added

• A generic get-gcp-secrets fragment to retrieve one or more Google Secret Manager secrets in a CI job.

Changed

• BREAKING CHANGE: removed legacy /auto-devops/terraform-deployment.yml and /auto-devops/terraform-lint.yml templates as these should not be being used any more.

• Refactored /auto-devops/terraform-pipeline.yml template so that the hidden "template" jobs are now in their own /terraform-pipeline-base.yml template file. This allows more flexibility for some projects which do not/cannot follow the standard three-environment deployment defined in the /auto-devops/terraform-pipeline.yml template.

• Refactored the Terraform testing/linting jobs into their own /terraform-lint.yml template. This is useful for projects which are not being deployed via CI/CD but which we do want to test in a pipeline.

Fixed

• terraform-pipeline.yml: tflint rule terraform_standard_module_structure is now disabled.

Fixed

• terraform-pipeline.yml: tflint job updated and now compatible with tflint v0.40.0+

Changed

• terraform-pipeline.yml: tfsec job replaced with trivy as tfsec is now deprecated.

Fixed

• artifact-registry.yml: added before_script to fix "docker in docker" service startup.

Added

• artifact-registry.yml: add support for code repositories with multiple apps.

Fixed

• check_latest_tag_in_changelog now correctly identifies the latest tag in the CHANGELOG, when there isn't a space after the closing square bracket.