Changelog
[2024-06-17]
Added
- The properties and settings versions responses now include:
- the
created_at
timestamp. - a link to the properties
owner
.
- the
- The step response now include a link to the
change
that the step belongs to. - Enterprise projects now support workflows, allowing you to sequence multiple changes into a single workflow. Workflows also support wait and approval steps to control the flow of change execution.
- The GUI now allows you to compare different versions of properties and settings.
Changed
- The
properties_versions
link in the properties version response has been renamed toversions
. - The
settings_versions
link in the settings versions response has been renamed toversions
. error:controller:unhandled
type events are now assigned theerror:api:controller:unhandled
type to differentiate them from resource controller exceptions.RecordNotFound
,UnpermittedParameters
andUnsupportedIncludeError
exceptions are no longer logged as events by the API.- If a fetch of a project's remote Git repository fails an event will be logged. Subsequent fetches within that hour will not log additional events to avoid flooding the event tables. Note: This event throttling also applies to the automated fetch that is performed every minute on
workflows
Git remotes. - OpsChain events can now be linked to more sources. See the events documentation for the full list.
- More OpsChain system events have been added. See the events documentation for the full list.
- The GUI JSON editor for properties and settings now expands to the full height available in the tab.
[2024-05-24]
Added
- The step
approve
API now accepts an optional message - see the API documentation for more details. - The step
continue
API now accepts an optional message - see the API documentation for more details. - A step
reject
API is now available to allow changes that are waiting for approval to be rejected - see the API documentation for more details. - The step API now includes the change ID - see the API documentation for more details.
- The CLI now supports rejecting changes that are waiting for approval via the
opschain change reject
subcommand. - All GUI screens that display multiple records (e.g. projects, changes, assets, etc.) now include a
CSV export
button that allows you to export the records to a CSV file. - The GUI now includes an audit history menu option to provide a basic view of the OpsChain events. This view will be enhanced in future releases to provide mode detailed information and links to relevant event resources.
- For each project, environment and asset the GUI now includes:
- a commands button that displays a dialog with useful
curl
commands to access information about the resource via the API. - a bookmarks button that displays a dialog containing the bookmarks (URLs) that have been associated with that resource via the API.
- a commands button that displays a dialog with useful
- For standard projects, the GUI now provides the ability to:
- view automated changes
- execute changes
- For enterprise projects, in addition to the standard project features, the GUI now provides the ability to:
- create and update templates and template versions for assets.
- create changes to execute template actions for assets.
- generate, view and compare the MintModels associated with enterprise project assets.
- create workflows to run multiple changes in sequence.
- execute and view workflows.
Changed
- OpsChain will no longer automatically delete the Git repository folder when the remote has been archived. Learn more.
- The step API response
approved_by
format has changed to support the newmessage
field - see the API documentation for an example. - The step API response
continued_by
format has changed to support the newmessage
field - see the API documentation for an example. - Upgraded the runner images to be based on AlmaLinux 8.9.
- Upgraded Buildkit to 0.13.1.
- Upgraded cert-manager to v1.14.4.
- Upgraded Kong Helm chart to 2.25.0.
- Upgraded the CLI to Node.js version to 20.
- Upgraded OpsChain auth image to OPA 0.63.0.
- Upgraded OpsChain DB image to PostgreSQL 14.11.
- Upgraded OpsChain ingress image to Kong 3.6.1.
- Upgraded OpsChain kubectl image to kubectl v1.29.2.
- Upgraded OpsChain log aggregator image to Fluentd v1.16.5-1.0.
- Upgraded OpsChain Ansible example to Terraform 'hashicorp/aws' provider 5.44.0.
- Upgraded OpsChain Ansible, Confluent, Terraform and Weblogic examples to Terraform 1.7.5.
- Upgraded OpsChain Confluent example to Confluent 6.2.14.
- Upgraded OpsChain Confluent, Terraform and Weblogic examples to Terraform 'hashicorp/kubernetes' provider 2.27.0.
- Upgraded OpsChain Vault example to Vault 1.16.1.
[2023-10-24]
Added
- You can now create, view, and archive Git remotes via the OpsChain GUI.
- You can now archive projects, environments, and assets via the OpsChain GUI.
- The following log lines API endpoints now support a
download
parameter, allowing you to download the log messages as a text file:- change logs:
/changes/<change_id>/log_lines
- see the API documentation for more details. - step logs:
/steps/<step_id>/log_lines
- see the API documentation for more details. - filtered logs:
/log_lines
- see the API documentation for more details.
- change logs:
- The following API endpoints now support a
download
parameter, allowing you to download the API results as a CSV file:- list changes:
/changes
- see the API documentation for more details. - list projects:
/projects
- see the API documentation for more details. - list project environments:
/projects/<project_code>/environments
- see the API documentation for more details.
- list changes:
Changed
- Upgraded OpsChain Ansible example to Terraform 'hashicorp/aws' provider 5.22.0.
- Upgraded OpsChain Ansible, Confluent, Terraform and Weblogic examples to Terraform 1.6.2.
- Upgraded OpsChain Confluent example to Confluent 6.2.12.
- Upgraded OpsChain Vault example to Vault 1.15.0.
- Upgraded OpsChain auth image to OPA 0.57.1.
- Upgraded OpsChain kubectl image to kubectl v1.28.2.
- Upgraded OpsChain log aggregator image to Fluentd v1.16.2-1.1.
- Upgraded cert-manager to v1.13.1.
Removed
- Breaking change - Git remotes are no longer allowed to point to paths on the OpsChain API server instance's local filesystem.
- Breaking change - The
opschain utils create_sample_data
command has been removed.
[2023-09-12]
Added
- The OpsChain GUI now supports:
- viewing projects, environments, and assets.
- creating projects, environments, and assets.
- editing the properties for projects, environments, and assets.
- editing the settings for projects, environments, and assets.
- creating changes
- You can now list, create, show and cancel changes for a specific environment via the
/projects/<project_code>/environments/<environment_code>/changes
endpoint. See the API documentation for more details.
Changed
- Upgraded SSHKey Gem to 3.0.0.
- Upgraded Buildkit to 0.12.2.
- Upgraded Kong Helm chart to 2.25.0.
- Upgraded Kong ingress controller to 2.10.4.
- Upgraded OpsChain Ansible example to Terraform 'hashicorp/aws' provider 5.16.1.
- Upgraded OpsChain Ansible, Confluent, Terraform and Weblogic examples to Terraform 1.5.7.
- Upgraded OpsChain Confluent, Terraform and Weblogic examples to Terraform 'hashicorp/kubernetes' provider 2.23.0.
- Upgraded OpsChain DB image to PostgreSQL 14.9.
- Upgraded OpsChain Vault example to Vault 1.14.2.
- Upgraded OpsChain auth image to OPA 0.56.0.
- Upgraded OpsChain kubectl image to kubectl v1.28.1.
- Upgraded cert-manager to v1.12.4.
- Upgraded OpsChain ingress image to Kong 3.3.1.
- Upgraded OpsChain log aggregator image to Fluentd v1.16.2-1.0.
[2023-08-02]
Important breaking changes
- Modifiable database properties are no longer accessible via
OpsChain.environment.properties
andOpsChain.project.properties
. Use theOpsChain.properties_for(:environment)
andOpsChain.properties_for(:project)
methods instead. See the properties reference for more information. - Repository properties are no longer accessible via
OpsChain.repository.properties
. Use theOpsChain.repository_properties
method instead. See the properties reference for more information. OpsChain.context
no longer containsproject
andenvironment
directly. These can now be accessed viaOpsChain.context.parents
, e.g.OpsChain.context.parents.project
.- The format to prevent access to projects and environments in the OpsChain OPA security provider (in
security_configuration.json
) has changed. Learn more. - The changes get API no longer supports the
environment_{{attribute}}
filter, insteadparent_{{attribute}}
can be used. See the query examples to see the updated environment filter example.
Added
- Multi-project Git repositories can now include project specific repository properties.
- The project and environment specific repository properties can now be accessed via
OpsChain.repository_properties_for(:environment)
andOpsChain.repository_properties_for(:project)
. See the properties reference for more information. OpsChain.properties_for
has been added for use inactions.rb
, see the properties reference for more information.- Step specific logs are now available from the
/steps/<step_id>/log_lines
API. The results can be filtered using the same filtering syntax as change log lines or events. - Events are now created when an automated change rule fails. Learn more in the automated changes documentation.
Changed
- Upgraded OpsChain DB image to PostgreSQL 14.8.
- Upgraded OpsChain ingress image to Kong 3.3.0.
- Upgraded OpsChain log aggregator image to Fluentd v1.16.1-1.0.
- Upgraded OpsChain runner images to Fluent Bit 2.0.14.
- Upgraded BuildKit to 0.12.0.
- Upgraded Kong Helm chart to 2.24.0.
- Upgraded Kong ingress controller to 2.10.3.
- Upgraded OpsChain Ansible example to Terraform 'hashicorp/aws' provider 5.8.0.
- Upgraded OpsChain Ansible, Confluent, Terraform and Weblogic examples to Terraform 1.5.3.
- Upgraded OpsChain Confluent example to Confluent 6.2.11.
- Upgraded OpsChain Confluent, Terraform and Weblogic examples to Terraform 'hashicorp/kubernetes' provider 2.22.0.
- Upgraded OpsChain Vault example to Vault 1.14.0.
- Upgraded OpsChain auth image to OPA 0.54.0.
- Upgraded OpsChain kubectl image to kubectl v1.27.3.
- Upgraded cert-manager to v1.12.2.
- Breaking change - The
project_properties_versions
andenvironment_properties_versions
relationships are no longer returned in the/step
or/change
API response bodies. They have been replaced by theproperties_versions
collection which includes all the properties versions that were active when the relevant step started. See the API reference documentation to see an example of the new response format. - When a change or step fails, any un-executed steps in the same change will be set to the
aborted
state instead of remaining in thepending
state. - The
api:environments:*
events have been renamed toapi:nodes:*
. - Breaking change - The OpsChain getting started repo has been updated to reflect the changes to
OpsChain.context
.
Removed
OpsChain.project
andOpsChain.environment
are no longer available in anactions.rb
. Use the newOpsChain.properties_for
method instead.OpsChain.context.project
andOpsChain.context.environment
are no longer available in anactions.rb
. They are now accessed viaOpsChain.context.parents
instead, e.g.OpsChain.context.parents.project
.
Fixed
- Fixed a bug where one change failing may result in multiple notifications being sent.
- Fixed a bug where commit-based automated change rules could keep creating new changes, even when no new commits were created.
[2023-06-07]
Important breaking changes
- The properties API no longer returns the version in the JSONAPI
meta
(e.g.{ meta: { version: 1 } }
) . It is now available in thedata
(e.g.{ data: { attributes: { version: 1, data: ... } } }
). - OpsChain project and environment properties can no longer include configuration under
{ opschain: { config: ... } }
.- The list of Kubernetes secrets to include in the environment during build and runtime are now configured in
{ opschain: { 'env:build_secrets': [<secret names>], 'env:runner_secrets': [<secret names>], ... } }
. See secrets for more information. - The project / environment settings that were previously configured under
{ opschain: { config: ... } }
are now configured in the project and environment settings.
- The list of Kubernetes secrets to include in the environment during build and runtime are now configured in
Added
- OpsChain settings are now available via the
/api/settings/<settings_id>
endpoint. Current and prior versions of the settings are available via the/api/settings/<settings_id>/versions
endpoint. The link to a project or environment's settings is available via thesettings
relationship
in the JSON:API response for the relevant project or environment. - The CLI now provides
show-settings
,set-settings
andedit-settings
subcommands for projects and environments. - OpsChain changes now support human approvals. Learn more in the getting started guide.
- The step API response now includes the
requires_approval_from
andapproved_by
information for the step. - The change API response now includes the
requires_approval_from
andapproved_by
information for the change's root step.
- The step API response now includes the
Changed
- Breaking change - The
approvers
value in the step API response has been renamed tocontinued_by
.
Fixed
- Fixed a bug where changes could not be created with a Git SHA - they could still be created with a tag or a branch.
- Fixed a bug where listing actions in the OpsChain development environment would fail if any of its resource's controller's constructors require OpsChain properties environment variables.
[2023-05-12]
Added
- The CLI can now be configured to invoke a command to determine the API password rather than storing it in the configuration directly. Learn more.
[2023-05-05]
Added
- OpsChain can now be configured to send a notification when a change has failed using Apprise. Learn more.
- The logs for an individual step within a change can now be viewed via the OpsChain GUI by clicking on the step details icon for the relevant step on the change details page.
Changed
- Upgraded BuildKit to v0.11.6
- The macOS CLI is now distributed in a DMG archive and is notarised.
[2023-04-14]
Important breaking changes
- The OpsChain runner images have been upgraded to Ruby 3.1.4.
- Please ensure the
.ruby-version
in your project Git repositories is updated toruby-3.1.4
.
- Please ensure the
Added
- Introduced a new
lazy
DSL keyword to allow resource property values to be derived at runtime rather than when OpsChain parses the project'sactions.rb
file. See lazy property evaluation for more information.
Changed
- When a CLI
list
command returns no records, and theoutput
type is JSON:- the CLI will now output
[]
rather than an empty result. - if a JSONPath query is supplied the CLI will now exit with an error code 2 rather than 0.
- the CLI will now output
- Upgraded Bundler to 2.4.10.
- Upgraded BuildKit to v0.11.5.
- Upgraded Kong Helm chart to v2.16.5.
- Upgraded Kong ingress controller to v2.8.2.
- Upgraded Terraform 'hashicorp/aws' provider to 4.61.0 in the OpsChain Ansible example.
- Upgraded Terraform 'hashicorp/kubernetes' provider to 2.19.0 in the OpsChain Confluent, Terraform, and WebLogic examples.
- Upgraded Terraform to 1.4.4 in the OpsChain examples.
- Upgraded OpsChain log aggregator image to Fluentd 1.16.0-1.0.
- Upgraded Fluent Bit to v2.0.10.
- Upgraded OPA to v0.51.0.
- Upgraded Kubectl version to v1.25.8.
Fixed
- The
opschain change cancel
command output has been fixed - previously it would output an error (Error: Couldn't DELETE Change
) but the change would be cancelled. - The
opschain change create
step tree has been fixed - previously it would not update as the change progressed. - OpsChain GUI
- The root step connections failing to display when the tree is first constructed has been fixed
- The parallel children icon temporarily disappearing from the parent step when it starts running has been fixed
[2023-03-31]
Important breaking changes
- All API endpoints have been prefixed with
/api
. For example,http://localhost:3000/changes
is nowhttp://localhost:3000/api/changes
.- Please ensure any calls to the API are updated to use the new endpoints.
- The OpsChain runner images have been upgraded to Ruby 3.1.3.
- Please ensure the
.ruby-version
in your project Git repositories is updated toruby-3.1.3
.
- Please ensure the
Added
- The build service now automatically restarts when its certificate is renewed.
- OpsChain's web UI has been released. Learn more about its features. We expect the web UI to continue to evolve and thus change as features are added. Contact us if you have any feedback.
- This release includes the ability to:
- view a list of changes.
- search changes.
- view a list of automated changes.
- view the details of a change, including a graphical representation of the change execution.
- This release includes the ability to:
Changed
- The API documentation has been moved from
/docs
to/api-docs
. - When accessing
/
the new web UI will be shown rather than the API docs. Access the API docs directly via/api-docs
. - The changes API (
api/changes
) now allows filtering by nested metadata values. Learn more. - The automated change rules API (
api/automated_change_rules
) now supports filtering and sorting. Learn more - Upgraded cert-manager to 1.11.0.
- Upgraded BuildKit to v0.11.3.
- Upgraded Confluent to 6.2.9 in the OpsChain Confluent example.
- Upgraded Kong to v3.1.1.
- Upgraded Kong Helm chart to v2.16.0.
- Upgraded Terraform 'hashicorp/aws' provider to 4.56.0 in the OpsChain Ansible example.
- Upgraded Terraform 'hashicorp/kubernetes' provider to 2.18.1 in the OpsChain Confluent, Terraform, and WebLogic examples.
- Upgraded Terraform to 1.3.9 in the OpsChain examples.
- Upgraded PostgreSQL to 14.7.
- Upgraded OpsChain log aggregator image to Fluentd 1.15.3-1.2.
- Upgraded Fluent Bit to v2.0.9.
- Upgraded OPA to v0.49.2.
- Upgraded Kubectl version to v1.25.6.
Fixed
- The GitHub RSA keys in the SSH
known_hosts
file in the runner have been updated following the GitHub announcement.- View the documentation if you need to modify the contents of this file.
2023-01-13
Important breaking changes
- Upgraded to Ruby 3.1.2, please update the
.ruby_version
in your project Git repositories to reflect this change.
Added
- Documentation on running commands as root in
opschain dev
. - When defining a controller based resource type, the array supplied to the
action_methods:
keyword, can now include hashes providing the action name and description). Similarly, the controllerresource_type_actions
class method can now include hashes. Learn more - Documentation has been added showing how to use a specific configuration file with the CLI. Learn more.
Changed
- The image built by
opschain dev build-runner-image
is now assigned the image tagrepository_runner:latest
by default. - Upgraded Kong to v3.1.0.
- Upgraded Kong Helm chart to v2.14.0.
- Upgraded Kong ingress controller to v2.8.1.
- Upgraded Que to 2.2.0.
- Upgraded cert-manager to 1.10.2.
- Upgraded Fluent Bit to v2.0.8.
- Upgraded OpsChain log aggregator image to Fluentd 1.15.3.
- Upgraded PostgreSQL to 14.6.
- Upgraded OPA to v0.48.0.
- Upgraded BuildKit to v0.11.0.
- The
ruby-terraform
Gem version supported by theopschain-resource-types
Gem has been updated to v1.7.0. - Upgraded Terraform to 1.3.7 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' provider to 4.49.0 in the OpsChain Ansible example.
- Upgraded Terraform 'hashicorp/kubernetes' provider to 2.16.1 in the OpsChain Confluent, Terraform, and WebLogic examples.
- Upgraded HashiCorp Vault to 1.12.2 in the OpsChain Vault example.
- Upgraded all base images used by the OpsChain examples to AlmaLinux 8.7.
- Upgraded the OpsChain base runner image to AlmaLinux 8.7.
Fixed
opschain dev build-runner-image
no longer aborts if Git repository files have been deleted but not yet committed.- OpsChain replaces the null bytes in log messages with U+FFFD. See the troubleshooting guide to learn why this is necessary.
2022-11-29
Important breaking changes
- With the exception of the OpsChain LDAP image, all OpsChain container images now start as a non-root user (including the step runner). After upgrading, please use
opschain dev create-dockerfile
to create a copy of the new step runner Dockerfile template in your project's.opschain
folder and then reapply your customisations. - The format to supply unauthorised environments to the OpsChain OPA security provider (in
security_configuration.json
) has changed. Learn more.
Added
Changed
- The API worker processes will now wait up to one hour to complete any running actions when shutting down. This grace period can also be customised via a Helm value.
- The project and environment
--description
argument is now optional. If not supplied on the command line it will not be requested and the project/environment will be created with an empty description.
Fixed
- A sporadic bug when running
opschain change create
-undefined method git_remote for nil:NilClass (NoMethodError)
- has been fixed. - The
opschain dev build-runner-image
command now explicitly enables the use of BuildKit to match how image builds are performed for runner containers. opschain server deploy
now ensures that the version of the OpsChain Helm chart used to deploy OpsChain aligns with the CLI version.
2022-10-24
Added
- OpsChain project Git remote credentials can now be updated using the
opschain project update-git-remote
command. - OpsChain project and environment properties can now be edited using the
opschain project edit-properties
andopschain environment edit-properties
commands. - OpsChain now allows you to supply build secrets to the step runner image build process. See secure build secrets for more information. Note: these secrets are provided at build time only and are not available at runtime. Let us know if you're interested in using these secrets at runtime too.
- All OpsChain commands that support the
--output
argument now accept JSONPath queries in the format--output jsonpath='$.jsonpath.query'
.- See the underlying JSONPath implementation documentation for details about the supported syntax, or try the demo tool.
Changed
- The properties PATCH API now accepts an optional
version
attribute. If supplied, the API will ensure that the properties are only updated if the version matches the current version of the properties. This is useful when multiple users are editing the properties concurrently. - Upgraded cert-manager to 1.10.0.
- Upgraded Fluent Bit to v1.9.9.
- Upgraded OpsChain log aggregator image to Fluentd 1.15.2.
- Upgraded Kong to v3.0.0.
- Upgraded Kong Helm chart to v2.13.1.
- Upgraded OPA to v0.45.0.
- Upgraded BuildKit to v0.10.5.
- Upgraded Terraform to 1.3.2 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' provider to 4.35.0 in the OpsChain Ansible example.
- Upgraded Terraform 'hashicorp/kubernetes' provider to 2.14.0 in the OpsChain Confluent, Terraform, and WebLogic examples.
- Upgraded HashiCorp Vault to 1.12.0 in the OpsChain Vault example.
- Upgraded Confluent to 6.2.7 in the OpsChain Confluent example.
Fixed
- The OpsChain CLI
opschain server deploy
command has been fixed on Windows.- Breaking change - the
.env
file has moved from using double quotes around values to single quotes to fix an issue with Windows paths containing special character sequences like\n
- which was being treated as a newline.- If your .env file contains values containing
"
, they need to be unescaped and the surrounding"
changed to'
. Similarly, any value containing a'
now needs to have the single quotes escaped. Rerunning a full configuration may be simpler.
- If your .env file contains values containing
- Breaking change - the
- Removed the text colour presentation from the masked fields in the
add-git-remote
andlist-git-remotes
command output when displayed injson
oryaml
format.
2022-09-20
Changed
- As part of OpsChain moving out of the trial phase, the default Kubernetes namespace has been updated to
opschain
and the documentation repository has been moved toopschain
. - Properties validation in OpsChain has been improved. Formerly properties validation was only applied when a step started running. Now, properties validation is also applied:
- when project or environment properties are set (via the API or CLI). Detailed errors will be provided (via the API or CLI) if the properties fail validation.
- after an OpsChain action modifies project or environment properties. If the modifications cause the properties to fail validation, the change will error and detailed errors will be reported in the change logs.
- The
change create --follow-logs
andchange show-logs
commands now support the--output
argument, allowing you to output the logs intext
(default) orjson
format.
Fixed
- The OpsChain Helm chart no longer deploys a cluster role or cluster role binding for the OpsChain ingress service account. The role and binding are now included with the Kong v2.12.0 Helm deployment.
2022-09-15
Important breaking changes
- The OpsChain step runner Dockerfile template has been changed. After upgrading, please use
opschain dev create-dockerfile
to create a copy of the new template in your project's.opschain
folder and then reapply your customisations. - The OpsChain server management commands (
bin/*
) have been removed from theopschain-trial
repository. They have been replaced byopschain server
subcommands. - The
opschain_auth/security_configuration.json
file must be moved out of theopschain_auth
folder and stored in the same folder as the.env
andvalues.yaml
files, e.g.mv opschain_auth/security_configuration.json .
Added
- The OpsChain CLI now supports an optional
--output
argument for many operations, allowing you to display the command's output in different formats (e.g. YAML / JSON). See the relevant command's--help
output for the available formats. - Default output format(s) can be configured via your
.opschainrc
file. See the OpsChain CLI reference for more information. - The
opschain change retry
command now accepts a--background
argument, allowing you to retry the change in the background. - OpsChain now supports loading environment specific repository properties. See the Git repository section of the properties guide for more information.
- OpsChain can now be configured to support running concurrent changes for a single project environment. See the change execution options section of the changes reference guide for more information.
- The OpsChain CLI has new subcommands for managing and configuring OpsChain server installations under
opschain server
, e.g.opschain server configure
- learn more. - The
opschain server
commands support avalues.override.yaml
file for automatically applying Helm customisations.
Changed
- When the available log lines for a single request (via
/log_lines
with a filter or via/changes/<change_id>/log_lines
) exceeds the limit for a single request - amore
link is provided to navigate to the next chunk. - Upgraded cert-manager to 1.9.1.
- Upgraded Fluent Bit to v1.9.8.
- Upgraded HashiCorp Vault to 1.11.3 in the OpsChain Vault example.
- Upgraded Kong Helm chart to v2.12.0.
- Upgraded Kong Ingress Controller to v2.5.0.
- Upgraded OPA to v0.44.0.
- Upgraded OpsChain Log Aggregator Image to Fluentd 1.15.1.
- Upgraded PostgreSQL to 14.5.
- Upgraded Terraform to 1.2.9 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' provider to 4.29.0 in the OpsChain Ansible example.
- Upgraded BuildKit to v0.10.4.
Fixed
- The
opschain dev build-runner-image
command now supplies theOPSCHAIN_VERSION
build argument to Docker when building your custom step runner image.
Removed
- Breaking change - The OpsChain CLI
opschain dev
commands no longer recognise theOPSCHAIN_VERSION
environment variable when starting the development environment or building runner images. Ensure you have the corresponding version of the CLI to access the required OpsChain images, e.g. to use the2022-08-16
OpsChain images, use the2022-08-16
version of the CLI. - The
bin/opschain-*
commands have been removed from theopschain-trial
repository - they have been replaced by theopschain server
subcommands as described above. Note: theopschain server
commands do not need to be run in theopschain-trial
directory. You can now move the existing configuration files (the.env
,values.yaml
, andopschain_auth/security_configuration.json
files) into a folder of your choosing and run the commands from there. Please ensure as part of the move, that you move theopschain_auth/security_configuration.json
file out of theopschain_auth
folder per the instructions above (under "important breaking change").
2022-08-16
Important breaking changes
- OpsChain environments codes are no longer globally unique and can now be reused in different projects. With this change, the
/environments
API endpoint has been removed. Please use the/projects/<project_code>/environments
endpoint for all future environment specific API access.- Note: Due to the endpoint changes, please ensure you are using the latest OpsChain CLI version.
2022-08-12
Fixed
- The
error: cannot lock ref
error that occurred when multiple changes were executed for the same Git remote has been fixed.
2022-08-10
Important breaking changes
- The OpsChain step runner Dockerfile template has been changed. After upgrading, please use
opschain dev create-dockerfile
to create a copy of the new template in your project's.opschain
folder and then reapply your customisations.
Added
- The OpsChain CLI now allows you to build a step runner image from your project's
.opschain/Dockerfile
via theopschain dev build-runner-image
command. See custom runner images for more details on using the image in your OpsChain development environment.
Changed
- The
opschain project add-git-remote
command will now display the Git remote details rather than the textGit remote added successfully
.
Fixed
- The image registry garbage collector now handles error conditions that may have caused runner images to be garbage collected prematurely.
- The
opschain change retry
command now follows the change logs when supplied with the--follow-logs
argument.
2022-07-26
This release is a bugfix for the 2022-07-20 release which is unusable. Please check the release notes for both releases before upgrading.
Changed
- The
opschain change create
command--follow
argument has been renamed to--follow-logs
.
Fixed
- The 2022-07-20 release contained a bug that caused it to fail when upgrading existing instances. This release corrects the invalid migration and must be used in place of 2022-07-20.
- The
opschain change create
command now exits with an error code for cancelled or failed changes when using the--follow-logs
argument. This matches the functionality when this argument is not provided.
2022-07-20
This release has a critical bug and should not be used. Please use release 2022-07-26 instead.
Important breaking changes
- The way OpsChain manages its local clone of your project Git repositories has changed to improve support for projects with multiple Git remotes. You must re-add all active Git remotes for this release.
- Use the
opschain project list-git-remotes
command to identify your active Git remotes in each project. - Archive each Git remote using the
opschain project archive-git-remote
command. - Re-associate each Git remote with the project using the
opschain project add-git-remote
command.
- Use the
Added
- The
opschain change create
command now accepts a--follow
argument, allowing you to follow the change logs rather than view the step tree.
Removed
- The
Metadata
column has been removed from theopschain change list
output. To view the metadata, use theopschain change show
command.
Changed
- When creating a change, OpsChain now validates the supplied Git remote and revision after the change has been created. If the supplied values are invalid, the change will complete with an error status and the change logs will provide further information.
- Archiving a Git remote will now unschedule any automated change rules related to it.
- Git remotes used by automated change rules can no longer be deleted. Deleting the related automated change rules is now a prerequisite to deleting the Git remote.
2022-07-11
Changed
- The OpsChain CLI now displays the user who continued a wait step.
- Upgraded Bundler to 2.3.17.
- Upgraded HashiCorp Vault to 1.11.0 in the OpsChain Vault example.
- Upgraded Kong Helm chart to v2.10.2.
- Upgraded Kong Ingress Controller to v2.4.2.
- Upgraded OPA to v0.42.0.
- Upgraded cert-manager 1.8.2
- Upgraded PostgreSQL to 14.4
- The
ruby-terraform
Gem version supported by theopschain-resource-types
Gem has been updated to v1.6.0. - Upgraded Terraform to 1.2.4 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' provider to 4.21.0 in the OpsChain Ansible example.
- Upgraded Terraform 'hashicorp/kubernetes' provider to 2.12.1 in the OpsChain Confluent, Terraform, and Weblogic examples.
Fixed
- OpsChain now supports project Git repositories with > 100 character paths.
2022-06-29
Added
- OpsChain project Git remotes can now be archived using the
opschain project archive-git-remote
command. - The OpsChain API project
git_remotes
endpoint now acceptsDELETE
requests. Note: Git remotes that are associated with changes will have their credentials cleared rather than being deleted. - Documentation has been added on Git remote operations. Learn more.
Changed
PATCH
request on the projectgit_remotes
endpoint is now only used for archiving/unarchiving an existing Git remote. Git remote creation has been moved to itsPOST
request.- The
opschain project add-git-remote
command now replacesopschain project set-git-remote
.
2022-06-20
Added
OpsChain.context.change.automated
is now populated in the OpsChain context - indicating whether a change was created by an automated change rule.- The
automated
field is now included in the OpsChain changes API response - indicating whether a change was created by an automated change rule.
Changed
- The OpsChain CLI now displays the provided command line argument values before prompting for any required values.
- Upgraded all base images used by the OpsChain examples to AlmaLinux 8.6.
- Upgraded Bundler to 2.3.15.
- Upgraded HashiCorp Vault to 1.10.3 in the OpsChain Vault example.
- Upgraded Kong to v2.8.2.
- Upgraded OPA to v0.41.0.
- Upgraded PostgreSQL to 14.3.
- The
ruby-terraform
Gem version supported by theopschain-resource-types
Gem has been updated to v1.5.0. - Upgraded Terraform to 1.2.2 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' provider to 4.17.0 in the OpsChain Ansible example.
- Upgraded the base OS for the OpsChain LDAP server to Debian bullseye
- Upgraded the OpsChain base runner image to AlmaLinux 8.6.
- Upgraded the CLI to Node.js v16.15.1.
2022-06-08
Important breaking changes
- OpsChain must be installed from scratch for this release. Follow the steps in the uninstall guide to remove OpsChain and then perform a fresh install. The existing Git remotes can be re-used with the new installation.
Added
- When the list of options for an argument contains a single value, the OpsChain CLI will now automatically select it.
- OpsChain now tracks the Git remote used for a change explicitly.
- OpsChain now tracks the Git remote used for an automated change rule explicitly.
Changed
- Breaking changes
- When creating a change the Git remote and revision must be specified individually via the
--git-remote-name
and--git-rev
options. - When creating an automated change rule the Git remote and revision must be specified individually via the
--git-remote-name
and--git-rev
options. - The
GIT_REV
build argument provided to custom projectDockerfile
s no longer includes the remote name.
- When creating a change the Git remote and revision must be specified individually via the
Fixed
- Wait steps within namespaces now work as expected.
- A sporadic bug whilst running changes or using
opschain dev
-iseq_compile_each: unknown node (NODE_SCOPE) (SyntaxError)
- has been fixed.
2022-05-25
Known issues
- OpsChain changes may fail with
BUG: error: failed to solve ...
. See the troubleshooting guide to learn how to resolve this issue.
Added
- The
opschain change show-logs
command now supports the--timestamps
option, to prefix each log line with the date and time it was logged. - OpsChain now supports wait steps - steps that pause a change execution and wait for a user to continue the change manually.
- CLI version, server version and runner image can be retrieved via the
opschain info
CLI command. - An
/info
endpoint has been added to the OpsChain API to return the currently running version and runner image.
Changed
- Upgraded Bundler to 2.3.12.
- Upgraded Fluent Bit to v1.9.3.
- Upgraded BuildKit to v0.10.3
- Upgraded OPA to v0.40.0.
- Upgraded Terraform to 1.1.9 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' provider to 4.13.0 in the OpsChain Ansible example.
- Upgraded Terraform 'hashicorp/kubernetes' provider to 2.11.0 in the OpsChain WebLogic, Terraform, and Confluent examples.
- Upgraded HashiCorp Vault to 1.9.6 in the OpsChain Vault example.
- Upgraded Confluent to 6.2.4 in the OpsChain Confluent example.
- Upgraded Kong to v2.8.1.
- Upgraded Kong ingress controller to v2.3.1.
Fixed
- Added the missing
OpsChain.repository.properties
method that is described in the Git repository section of the properties guide. - The project links in the Git remotes response body.
- Fixed runner image building on macOS M1 hosts.
[2022-05-09]
Added
- OpsChain project Git remotes can now be queried using the
opschain project list-git-remotes
command.
Changed
- The
opschain-dev
command has been replaced with a new CLI commandopschain dev
. Executeopschain dev --help
for more information. - the
opschain-lint
Git pre-commit hook has been updated and should be recreated in your project Git repositories. From within the OpsChain development environment, executerm -f .git/hooks/pre-commit && opschain-lint --setup
- Outside the development environment:
- the
opschain-action
command is no longer available. - the
opschain-lint
command has been replaced with a new OpsChain CLI commandopschain dev lint
. - The
opschain-utils dockerfile_template
command has been replaced with a new OpsChain CLI commandopschain dev create-dockerfile
- the
Fixed
- Updates to properties made by parallel steps are now applied correctly.
[2022-05-05]
Added
- Documentation has been added explaining how container image builds can be achieved with OpsChain. Learn more.
- A link to the step's log lines is now included in the step JSON.
- The
opschain change create
command now accepts the--background
argument, allowing you to create changes and not follow their progress.
Fixed
- The OpsChain licence has been fixed in the OpsChain development environment.
[2022-04-20]
Added
- The OpsChain CLI request timeout can now be modified. Learn more.
- Log messages pertaining to the step phases. Learn more.
Changed
The OpsChain CLI will now retry lookup requests (up to three times total) if they fail due to timeouts.
Upgraded Ruby to 2.7.6.
Upgraded Bundler to 2.3.11.
Upgraded Fluentd to v1.14.6-1.0.
Upgraded Fluent Bit to v1.9.2.
Upgraded BuildKit to v0.10.1
Upgraded OPA to v0.39.0.
Upgraded Terraform to 1.1.8 in the OpsChain examples.
Upgraded Terraform 'hashicorp/aws' provider to 4.9.0 in the OpsChain Ansible example.
Upgraded Terraform 'hashicorp/kubernetes' provider to 2.10.0 in the OpsChain WebLogic, Terraform, and Confluent examples.
Upgraded HashiCorp Vault to 1.9.4 in the OpsChain Vault example.
Upgraded Confluent to 6.2.3 in the OpsChain Confluent example.
Upgraded recommended cert-manager version to v1.8.0.
Upgraded Kong ingress controller to v2.3.1.
A full backtrace will be shown in the change logs when an action raises an error.
Breaking changes
- The
OPSCHAIN_IMAGE_TAG
variable has been renamedOPSCHAIN_VERSION
. - The
opschain.lic
path has changed in the custom Dockerfile, it is now stored in/
in the runner image.
Use the
opschain-utils dockerfile_template
command to see the new Dockerfile format and ensure any custom project Dockerfiles are updated to reflect these changes.- The
[2022-04-11]
Added
- The OpsChain CLI now supports shell completion.
- OpsChain now supports SSH authentication (in addition to password authentication) for Git remotes.
- There is an SSH
known_hosts
file provided by OpsChain. See the documentation if you need to know more about this file.
- There is an SSH
Changed
- The
opschain project set-git-remote
arguments have been updated to support the new authentication options. - The OpsChain CLI examples for
set-properties
no longer use thecli-files
folder as the native binary does not require it.
[2022-03-28]
Added
- Documentation on the change and step behaviour when a failure occurs in one of the child steps.
- OpsChain action method validation can now be disabled.
Changed
- Breaking changes
- OpsChain has moved from Docker Compose to Kubernetes. Only single node Kubernetes deployments are supported currently.
- There is no migration path for data from previous versions of OpsChain to the current version.
- This release of OpsChain must be installed from scratch.
- Most of the OpsChain processes documented in the OpsChain operations guides have changed.
- The OpsChain runner Dockerfile now utilises the OPSCHAIN_BASE_RUNNER build argument to determine the FROM image. Use the
opschain-utils dockerfile_template
command to see the new format and ensure any custom project Dockerfiles are updated to reflect this change.
- OpsChain has moved from Docker Compose to Kubernetes. Only single node Kubernetes deployments are supported currently.
- When running changes that include parallel child steps, if one of those children fails, the
opschain change create
command will continue running until all its siblings have finished. - Upgraded Fluentd to v1.14.5-1.1.
- Upgraded OPA to 0.38.1.
- Upgraded PostgreSQL to 14.2.
- Upgraded Terraform to 1.1.7 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' plugin to 4.5.0 in the OpsChain Ansible example.
- Upgraded the OpsChain base runner image to AlmaLinux 8.5.
- All base images used by the OpsChain examples upgraded to AlmaLinux 8.5
- When running changes that include parallel child steps, if one of those children fails, the
opschain change create
command will continue running until all its siblings have finished.
Fixed
- When following the change logs, OpsChain will display all the logs until the change completes - previously the final log messages may not have been shown.
[2022-03-01]
Added
- The OpsChain hardware requirements are now documented.
- The
opschain change show-logs
command now accepts a--follow
argument to follow the logs until the change completes. - Documentation and troubleshooting guide when changing properties within parallel steps.
- Added Kubernetes resource types.
- Added an SSH key pair resource type.
Changed
- Upgraded Rails to 7.
- Upgraded Ruby to 2.7.5.
- Upgraded PostgreSQL to 14.1.
- Upgraded Bundler to 2.3.6.
- Upgraded OPA to 0.36.0.
- Upgraded Fluentd to v1.14.4-1.0.
- Upgraded Terraform to 1.1.4 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' plugin to 3.73.0 in the OpsChain Ansible example.
- Upgraded HashiCorp Vault to 1.9.2 in the OpsChain Vault example.
- Upgraded Confluent to 6.2.2 in the OpsChain Confluent example.
- Update example on setting environment variables in the OpsChain properties guide.
- Update documentation on the minimum requirements in the OpsChain project Git repositories guide.
- The OpsChain base runner image is now based on AlmaLinux 8.
Fixed
- Properties raising
ActiveRecord::StaleObjectError
exception when parallel steps modify properties. - API worker now logs the full stack trace for
Failed processing step <step_name> (ProcessStepResultCommand::Error)
exception when patching properties fails.
[2021-11-12]
Added
- Reference for all third party software licences used in our applications.
- Document our support policy. This includes the type of support we provide when using OpsChain, as well as details on how and when to contact our support team.
- In addition to lightweight tags, OpsChain now supports creating changes that reference annotated tags. See creating tags for more information on Git tag types.
- When run in a dirty Git repository, the OpsChain CLI now prints a warning when creating a change to alert the user that their updates may not be committed yet.
- Breaking changes
- OpsChain now requires an
opschain.lic
licence file to operate. Please use the#opschain-trial
Slack channel to request a licence. - Custom runner base images now require ONBUILD steps to ensure the OpsChain licence is available to the runner. For further details see image performance - base images.
- OpsChain now requires an
- Documentation on how to uninstall OpsChain.
Changed
- The
configure
script won't re-ask questions that can't change. - Upgraded Bundler to 2.2.30.
- Upgraded OPA to 0.34.0.
- Upgraded Fluentd to 1.14.2-1.0.
- Upgraded Terraform to 1.0.10 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' plugin to 3.63.0 in the OpsChain Ansible example.
- The OpsChain step runner Docker image is now built with Docker BuildKit.
[2021-10-26]
Added
- Change specific logs are now available from the
/changes/<change_id>/log_lines
API. The results can be filtered using the same filtering syntax as events. - The OpsChain DSL now supports
- referencing resource properties by name within
action
blocks - see defining resource types & resources. - referencing composite resource properties by name within child resources - see defining composite resources.
- referencing resources by name from within actions and when setting properties - see referencing resources
- referencing resource properties by name within
Changed
- On startup, OpsChain now displays the publicly mapped port it is listening on.
- Upgraded Bundler to 2.2.28.
- Upgraded OPA to 0.33.0.
- Upgraded Fluentd to 1.14.1-1.0.
- Upgraded Terraform to 1.0.8 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' plugin to 3.62.0 in the OpsChain Ansible example.
- Upgraded HashiCorp Vault to 1.8.4 in the OpsChain Vault example.
- Upgraded Confluent to 6.2.1 in the OpsChain Confluent example.
- Parallel child steps are now run in serial when run in the
opschain-dev
development environment. - Breaking changes
- the
/log_lines
endpoint- returns at most 10,000 log lines.
- requires a filter using the same filtering syntax as events.
- upgraded PostgreSQL to 14.0 (your database must be re-created, or manually upgraded).
- the
resource_properties
resource method in the OpsChain DSL has been replaced withproperties
. - the OpsChain DSL
Scope
class has been restructured and is for internal use only.
- the
Removed
- Breaking change - the
/log_lines
endpoint no longer accepts thechange_id
URL parameter
[2021-09-28]
You must run configure
after upgrading to update the .env
file with the log configuration update.
Added
opschain-lint
is automatically added as a Git pre-commit hook for new project Git repositories.- The
configure
script now shows an error when it fails. - An OpsChain banner message is displayed once the API is ready.
- OpsChain API documentation is now available from the API server http://localhost:3000/docs.
Changed
- The
configure
script now resolves the absolute path for the OPSCHAIN_DATA_DIR.
Fixed
- Repeated invocations of the
configure
script on macOS have been fixed - they used to fail silently. - OpsChain runners on Windows and macOS were failing as the log configuration was wrong.
[2021-09-03]
Added
The OpsChain CLI can now:
- be configured to output the step statuses as text rather than emoji. See the CLI configuration guide for more details.
- archive projects and environments. See the archiving projects & environments guide for more details.
The OpsChain DSL now supports the
ref
method for referencing other resources. This is useful for cases where a resource name includes special characters, e.g.:infrastructure_host 'test.opschain.io'
some_resource 'something' do
host ref('test.opschain.io') # `host test.opschain.io` would fail here
endThe OpsChain API
projects
andenvironments
endpoints now- return a boolean
archived
attribute. - accept
DELETE
requests. Note: Only projects and environments with no associated changes can be deleted.
- return a boolean
The OpsChain API
automated_change_rules
endpoint now includes anext_run_at
attribute containing the time when the rule will next run. See the automated changes guide for more information on what happens when an automated change rule runs.The
opschain automated-change list
output no longer include theProject
andEnvironment
columns (as these are parameter values to the command) and includes aNext Run At
column.The
opschain-action
command now supports a best-effort mode for running the child steps of an action. See the child steps section of the Docker development environment guide for more details.OpsChain now provides an
opschain-lint
command for detecting issues with the OpsChain DSL. Learn more in the Docker development environment guide.opschain-lint
is run as part of the default Dockerfile for steps to detect errors sooner - this can be added to custom Dockerfiles, or a custom Dockerfile could be used to remove the linter if it is not desired.
Fixed
- A rare logging error reported by the OpsChain worker -
(JSON::ParserError) (Excon::Error::Socket)
/socat[323] E write(., ..., ...): Broken pipe
- has been fixed. - A rare Terraform error where the temporary var file was removed prior to Terraform completing has been fixed.
Changed
- Upgraded Bundler to 2.2.26.
- Upgraded Postgres to 13.4.
- Upgraded Terraform to 1.0.5 in the OpsChain examples.
- Upgraded Terraform 'hashicorp/aws' plugin to 3.56.0 in the OpsChain Ansible example.
- Upgraded Terraform 'kreuzwerker/docker' plugin to 2.15.0 in the OpsChain Confluent, Terraform & Weblogic examples.
- Upgraded HashiCorp Vault to 1.8.2 in the OpsChain Vault example.
[2021-08-16]
Added
- OpsChain now supports events. The
/events
endpoint can be used for reporting and auditing, see the events guide for more details. - The list of configuration in the
.env
file is now documented in the configuration options guide. - Changes can now take metadata (JSON structured data) to help identify and track changes.
- The
opschain change create/retry
commands now takes an optional argument to allow providing the metadata for a change.- If provided, the metadata file must contain a JSON object, e.g.
{ "cr": "CR73", "description": "Change request 73 - apply patchset abc to xyz." }
.
- If provided, the metadata file must contain a JSON object, e.g.
- The
opschain change show/list
commands now include the change metadata. - The
/changes
API can now be filtered using the same filtering syntax as events.- For example,
?filter[metadata_cr_eq]=CR73
would match all changes with the metadata{ "cr": "CR73" }
. - See the events filtering documentation for more details.
- For example,
- The
Changed
- Simplified the
.env
file by moving default values to.env.internal
- The OpsChain log aggregator no longer requires that port 24224 is available - it now uses a Docker managed random port
Fixed
- A number of broken links in the documentation have been fixed
[2021-08-04]
Changed
- The OpsChain change log retention guide has moved and been renamed to OpsChain data retention.
- Breaking change - the
OPSCHAIN_ARCHIVE_LOG_LINES_JOB_CRON
config variable has been renamed toOPSCHAIN_CLEAN_OLD_DATA_JOB_CRON
. - Breaking change - Upgraded Ruby to 2.7.4 on the OpsChain Step Runner.
- If required, please update the
.ruby_version
in your project Git repositories.
- If required, please update the
- Upgraded Bundler to 2.2.25.
- Upgraded OpsChain Log Aggregator Image to Fluentd 1.13.3.
- Upgraded OpsChain Auth Image to Open Policy Agent 0.31.0.
- Upgraded Terraform to 1.0.3 in the OpsChain examples.
- Upgraded Terraform hashicorp/aws plugin to 3.52.0 in the OpsChain Ansible example.
- Upgraded Terraform kreuzwerker/docker plugin to 2.14.0 in the OpsChain Confluent, Terraform & Weblogic examples.
- Upgraded HashiCorp Vault to 1.8.0 in the OpsChain Vault example.
Fixed
- A bug with the configure script on macOS has been fixed -
./configure: line 90: ${env_file_contents}${var}=${!var@Q}\n: bad substitution
.
[2021-07-29]
Changed
- OpsChain now caches user's LDAP group membership to reduce LDAP load. See LDAP group membership caching for more details.
- Breaking change - Calling OpsChain API's with missing or invalid parameters now returns a 500 Internal Server Error, and more explicit error messages in the response body.
[2021-07-19]
Added
- OpsChain change logs can now be forwarded to external storage.
- OpsChain change logs can now be cleaned up automatically.
- When defining dependent steps in the OpsChain DSL the step name is now automatically qualified with the current namespace.
- Feature preview - the platform native builds of the OpsChain CLI can now be downloaded directly.
Changed
- File property paths are now expanded before being written.
- Running the
configure
script no longer removes unknown configuration options. - Any resources included in the value supplied to the
properties
resource DSL will have their controller assigned to the relevant property rather than the resource itself. This makesproperties
match the existing functionality for individually set properties.
[2021-07-08]
Added
- The Oracle WebLogic example now includes a sample WAR file and related
deploy
,redeploy
andundeploy
actions. - A HashiCorp Vault example project repository is now available.
- The OpsChain CLI now helps you track the progress of a change by showing the expected step tree.
- The
opchain-action
andopschain-dev
commands now inherit environment variables starting withopschain_
(case insensitive). - The
opschain-action
command now supports theOPSCHAIN_DRY_RUN
environment variable to see the full expected step tree without running the action. - OpsChain file properties now supports storing binary files with the new base64 format. See file formats for more details.
Changed
- Upgraded Terraform to 1.0.1 in the OpsChain examples.
- Upgraded Terraform plugins in the OpsChain examples - see the commit history of each repository for details.
- Upgraded OpsChain Log Aggregator Image Fluentd to 1.13.1.
- Upgraded OpsChain Auth Image Open Policy Agent 0.30.1.
- Upgraded Bundler to 2.2.21.
[2021-06-24]
Added
OpsChain.context
is now available to actions and controllers. See the OpsChain context guide for more information.
Fixed
- After waiting for the environment change lock, pending changes will be executed in the order they were created. Previously pending changes could start in any order.
Removed
- Breaking change - The
opschain-auth
container is no longer bound to 8081 by default. This binding can be added by following the steps in the restricting user access guide.
[2021-06-16]
Added
- Docker build logs for the OpsChain step runner image are included in the change/step logs. They will be shown as part of the output of the
opschain change logs-show
command for new changes.
Changed
- Breaking change - The assign LDAP group ldif example now creates a groupOfNames rather than a posixGroup to support RFC 4519.
- To use this new group format, you will need to alter the OPSCHAIN_LDAP_GROUP_ATTRIBUTE value in your
.env
file frommemberOf
tomember
- To use this new group format, you will need to alter the OPSCHAIN_LDAP_GROUP_ATTRIBUTE value in your
- Breaking change -
Automated Deployment Rules
andScheduled Deployment Rules
have been renamed toAutomated Change Rules
.- The CLI
automated-deployment-{create,delete,list}
and thescheduled-deployment-{create,delete,list}
subcommands have been combined into a newopschain automated-change
command.- The CLI
--help
argument can be used to see the new names.
- The CLI
- The CLI
- Breaking change - The CLI subcommands have been renamed:
- The convention for CLI subcommands has changed from
noun-verb
toverb-noun
, for example,opschain environment properties-set
has been renamed toopschain environment set-properties
.
- The convention for CLI subcommands has changed from
- Breaking change - The
--commit-ref
and--ref
options have been renamed to--git-rev
for consistency. This affects theopschain change create
and the newopschain automated-change create
commands. - Breaking change - The
GIT_REF
ARG in custom Dockerfiles has been renamed toGIT_SHA
- this means that if the Git sha the Git reference points to is altered during a change the steps will still use the original commit (sha). GIT_REV
is now an environment variable that is assigned (with thegit_rev
value of the change) when using the default step runner.- A
GIT_REV
ARG is now provided to custom Dockerfiles - this can be assigned to an environment variable (the custom Dockerfile template demonstrates how this can be done).
- A
[2021-06-10]
Added
- An Oracle WebLogic example project repository is now available.
- Feature preview - platform native builds of the OpsChain CLI are now available for Windows, macOS and Linux. Contact LimePoint support for access.
- OpsChain now supports Active Directory for user authentication and authorisation. See configuring an external LDAP
- This change requires the
configure
command to be rerun.
- This change requires the
- OpsChain changes can now be retried from failure or cancellation by using the
opchain change retry
command. - Updating now safeguards properties whilst a change is active.
- Step properties are immutable.
- Project and environment properties can't be updated if they are in use by an active change.
Changed
Upgraded Terraform to 0.15.4 in the OpsChain examples.
Upgraded Terraform plugins in the OpsChain examples - see the commit history of each repository for details.
Upgraded OpsChain Log Aggregator Image Fluentd to 1.12.4.
Upgraded OpsChain DB Image PostgreSQL to 13.3.
Upgraded OpsChain Auth Image Open Policy Agent 0.29.4.
Upgraded Bundler to 2.2.19.
Breaking change - The OpsChain LDAP database structure has changed. Please remove the files in
OPSCHAIN_DATA_DIR/opschain-ldap
before starting OpsChain.Note: You will need to recreate any users you had created in the OpsChain LDAP.
[2021-06-01]
Added
- The ability to use custom Runner images in the OpsChain Docker development environment. Note that the custom Runner image must have been built as part of an OpsChain change.
- This change requires the
configure
command to be rerun.
- This change requires the
- The OpsChain CLI now inherits environment variables. This allows using environment variables to override CLI config or to configure http(s) proxies. Find out more in our CLI reference.
- OpsChain operations guides.
- OpsChain rootless Docker install documentation.
- OpsChain backups documentation.
[2021-05-26]
Added
- The OpsChain platform now includes an Authorisation Server allowing you to restrict user access to projects and environments. See restricting user access for more information.
- OpsChain changes can now be cancelled by using the
opschain change cancel
command.
Changed
- Breaking change - The OpsChain CLI now uses kebab-case-arguments (rather than snake_case_arguments) so all multi word arguments have changed.
[2021-05-17]
Important breaking changes
- the
opschain_db
,opschain-ldap
andopschain_project_git_repos
directories have been moved into a newopschain_data
directory (opschain_data
can be overridden as part of theconfigure
process)- you must run
configure
after upgrading to reflect the new directory structure in your.env
file.
- you must run
- due to the addition of the project code the OpsChain database needs to be removed and recreated.
- the path to the project Git repositories has changed from
./opschain_project_git_repos/production/<uuid>
to./opschain_data/opschain_project_git_repos/<uuid>
.
- the path to the project Git repositories has changed from
Added
- a symbolic link is created as part of the project creation, allowing you to navigate to the project's Git repository via
./opschain_data/opschain_project_git_repos/<project code>
- Breaking change - projects now use (and require) a unique project code.
- The OpsChain Terraform resource type now supports version 0.15.
Changed
- Environment codes can now be up to 50 characters long.
- Breaking change - the OpsChain CLI and API have been altered to use the project code as the project identifier rather than the project id.
- The CLI output for the environment and project list commands has changed - the code field is now shown first and the ID is not shown.
Removed
- The environment delete API has been removed.
- Breaking change - Support for Terraform version 0.14 and lower has been removed from the OpsChain Terraform resource.
[2021-05-10]
Added
- OpsChain now supports automated deployments - a way to automatically create OpsChain changes in response to Git changes. See setting up an automated deployment for more information.
- OpsChain now supports scheduled deployments - a way to automatically create OpsChain changes at a scheduled time.
Changed
- OpsChain now allows properties to be sourced from a project's Git repository. See the updated OpsChain properties guide for more information.
- OpsChain now does a Git forced fetch when fetching a project's Git repository. This means tags can be updated in the remote and reflected in the project Git repository.
[2021-04-27]
Added
- Helper methods available from within actions to store and remove files from project and environment properties. See storing & removing files for more details.
Changed
OpsChain environments are now locked such that only one change can be run in an environment at a time. Changes will sit in the
pending
state whilst waiting for the existing change to finish.The OpsChain properties available via
OpsChain.properties
are frozen, ensuring users receive an error if they attempt to change them (as onlyOpsChain.environment.properties
andOpsChain.project.properties
are persisted)The
terraform_config
resource type now:- automatically stores the Terraform state file in the environment properties.
- automatically calls terraform init in the OpsChain Runner prior to running Terraform commands.
The Confluent and Terraform examples now
- use Terraform v0.14.9.
- rely on the new automatic features of the
opschain-terraform
resource.
The OpsChain Runner now uses
- Ruby v2.7.3. Please make any necessary adjustments to your project's Git repositories to reflect this change.
Breaking change - the OpsChain files properties format has changed. Any files stored in your properties will need to be altered to reflect the new format.
Note: The
properties-show
andproperties-set
features can be used to download, upload your properties (allowing you to edit your properties locally).
Fixed
- Hide internal development tasks from the opschain-utils output.
- OpsChain Runner showing "Connection refused - connect(2) for /var/run/docker.sock.opschain" after container restart.
[2021-03-31]
Added
- An example project for running a simple Terraform change.
- The Getting Started guide now includes instructions for creating your own action.
Changed
- The sample data provided as part of the Getting Started guide has been simplified.
- The
.opschain/step_context.json
file is now optional when runningopschain-action
oropschain-dev
. - The
terraform_config
resource type passes anyvars
(Terraform input variables) supplied to Terraform via a var file.
Removed
- The Confluent example no longer provides the VarFile class as its functionality has been added to the
terraform_config
resource type.
[2021-03-22]
Added
The
opschain-resource-types
Gem is now pre-installed in the OpsChain step runner image providing some resource types for theruby-terraform
Gems.Please note the prerequisites for the Terraform resource.
Changed
- The Terraform binary is now installed in the custom step runner Dockerfile as part of the OpsChain Confluent example
Removed
- The Terraform binary has been removed from the OpsChain step runner image for parity with other tools which we support but don't bundle.
- Terraform support has been removed from the
opschain-core
Gem (Terraform support is now available via theopschain-resource-types
Gem).
[2021-03-09]
Added
- Automatically expose controller actions and properties in resource types and resources.
- upgrading.md documentation.
Changed
- Upgraded OpsChain log aggregator image Fluentd from version 1.11 to 1.12.1
- Upgraded OpsChain LDAP image OpenLDAP from version 2.4.50 to 2.4.57
- Upgraded OpsChain DB image postgres from 13.1 to 13.2
- Upgraded OpsChain step runner image Terraform from 0.12.29 to 0.14.7.
Please note:
- Project Git repositories will need to be updated:
- Terraform 0.12 -> 0.13 - will assist in creating a
versions.tf
in your project Git repository(s). - Terraform 0.13 -> 0.14 - provides information on the new
.terraform.lock.hcl
lock file.
- Terraform 0.12 -> 0.13 - will assist in creating a