.changes/3.1.0.md

@@ -1,6 +0,0 @@
-## 3.1.0 (2024-04-23)
-
-ENHANCEMENTS:
-
-* Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available ([#409](https://github.com/hashicorp/setup-terraform/issues/409))
-

.changes/3.1.1.md

@@ -1,6 +0,0 @@
-## 3.1.1 (2024-05-07)
-
-BUG FIXES:
-
-* wrapper: Fix wrapper to output to stdout and stderr immediately when data is received ([#395](https://github.com/hashicorp/setup-terraform/issues/395))
-

.changes/3.1.2.md

@@ -1,6 +0,0 @@
-## 3.1.2 (2024-08-19)
-
-NOTES:
-
-* This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. ([#430](https://github.com/hashicorp/setup-terraform/issues/430))
-

.copywrite.hcl

@@ -5,9 +5,6 @@ project {
   copyright_year = 2020
 
   header_ignore = [
-    # internal catalog metadata (prose)
-    "META.d/**/*.yaml",
-
     # changie tooling configuration and CHANGELOG entries (prose)
     ".changes/unreleased/*.yaml",
     ".changie.yaml",

.github/CODEOWNERS

@@ -1 +1 @@
-* @hashicorp/terraform-core-plugins
+* @hashicorp/terraform-devex

.github/dependabot.yml

@@ -4,14 +4,3 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    groups:
-      "github-actions":
-        patterns:
-          - "*" # Group all GitHub Actions dependencies together
-    schedule:
-      interval: "weekly"
-      day: "monday"
-      time: "09:00"
-      timezone: "Etc/UTC"

.github/pull_request_template.md

@@ -1,16 +0,0 @@
-## Related Issue
-
-Fixes # <!-- INSERT ISSUE NUMBER -->
-
-## Description
-
-In plain English, describe your approach to addressing the issue linked above. For example, if you made a particular design decision, let us know why you chose this path instead of another solution.
-
-<!-- heimdall_github_prtemplate:grc-pci_dss-2024-01-05 -->
-## Rollback Plan
-
-- [ ] If a change needs to be reverted, we will roll out an update to the code within 7 days.
-
-## Changes to Security Controls
-
-Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

.github/workflows/add-content-to-project.yml

@@ -0,0 +1,40 @@
+# Based on https://github.com/leonsteinhaeuser/project-beta-automations
+
+name: "Add Issues/PRs to TF Provider DevEx team board"
+
+on:
+  issues:
+    types: [opened, reopened]
+  pull_request_target:
+    # NOTE: The way content is added to project board is equivalent to an "upsert".
+    # Calling it multiple times will be idempotent.
+    #
+    # See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+    # to see the reasoning behind using `pull_request_target` instead of `pull_request`
+    types: [opened, reopened, ready_for_review]
+
+jobs:
+  add-content-to-project:
+    name: "Add Content to project"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Set Issue to 'Priority = Triage Next'"
+        uses: leonsteinhaeuser/project-beta-automations@939000fb1900c9fc4f7b5058a09d9f833ebc6859 # v2.2.1
+        if: github.event_name == 'issues'
+        with:
+          gh_token: ${{ secrets.TF_DEVEX_PROJECT_GITHUB_TOKEN }}
+          organization: "hashicorp"
+          project_id: 99      #< https://github.com/orgs/hashicorp/projects/99
+          resource_node_id: ${{ github.event.issue.node_id }}
+          operation_mode: custom_field
+          custom_field_values: '[{\"name\":\"Priority\",\"type\":\"single_select\",\"value\":\"Triage Next\"}]'
+      - name: "Set Pull Request to 'Priority = Triage Next'"
+        uses: leonsteinhaeuser/project-beta-automations@939000fb1900c9fc4f7b5058a09d9f833ebc6859 # v2.2.1
+        if: github.event_name == 'pull_request'
+        with:
+          gh_token: ${{ secrets.TF_DEVEX_PROJECT_GITHUB_TOKEN }}
+          organization: "hashicorp"
+          project_id: 99      #< https://github.com/orgs/hashicorp/projects/99
+          resource_node_id: ${{ github.event.pull_request.node_id }}
+          operation_mode: custom_field
+          custom_field_values: '[{\"name\":\"Priority\",\"type\":\"single_select\",\"value\":\"Triage Next\"}]'

.github/workflows/ci-changie.yml

@@ -1,23 +0,0 @@
-# Continuous integration handling for changie
-name: ci-changie
-
-on:
-  pull_request:
-    paths:
-      - .changes/unreleased/*.yaml
-      - .changie.yaml
-      - .github/workflows/ci-changie.yml
-
-permissions:
-  contents: read
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - uses: miniscruff/changie-action@5036dffa79ffc007110dc7f75eca7ef72780e147 # v2.1.0
-        with:
-          version: latest
-          args: batch patch --dry-run
-

.github/workflows/compliance.yml

@@ -11,7 +11,7 @@ jobs:
   copywrite:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e # v1.1.2
       - run: copywrite headers --plan
       - run: copywrite license --plan

.github/workflows/continuous-integration.yml

@@ -9,14 +9,14 @@ on:
 jobs:
   check-dist:
     name: Check dist/ directory
-    uses: actions/reusable-workflows/.github/workflows/check-dist.yml@95d9656793415e47f574f7967f3850ea3bf5a7ed
+    uses: actions/reusable-workflows/.github/workflows/check-dist.yml@a8533f184b279cfc1b2dd6a96ed2f097ccf81189
     with:
       node-version: 20.x
       node-caching: npm
 
   test:
     name: Test
-    uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@95d9656793415e47f574f7967f3850ea3bf5a7ed
+    uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@a8533f184b279cfc1b2dd6a96ed2f097ccf81189
     with:
       node-version: 20.x
       node-caching: npm

.github/workflows/data/delay/main.tf

@@ -1,11 +0,0 @@
-resource "null_resource" "previous" {}
-
-resource "time_sleep" "wait_30_seconds" {
-  depends_on = [null_resource.previous]
-
-  create_duration = "30s"
-}
-
-resource "null_resource" "next" {
-  depends_on = [time_sleep.wait_30_seconds]
-}

.github/workflows/issue-comment-triage.yml

@@ -1,21 +0,0 @@
-# DO NOT EDIT - This GitHub Workflow is managed by automation
-# https://github.com/hashicorp/terraform-devex-repos
-name: Issue Comment Triage
-
-on:
-  issue_comment:
-    types: [created]
-
-jobs:
-  issue_comment_triage:
-    runs-on: ubuntu-latest
-    env:
-      # issue_comment events are triggered by comments on issues and pull requests. Checking the
-      # value of github.event.issue.pull_request tells us whether the issue is an issue or is
-      # actually a pull request, allowing us to dynamically set the gh subcommand:
-      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment-on-issues-only-or-pull-requests-only
-      COMMAND: ${{ github.event.issue.pull_request && 'pr' || 'issue' }}
-      GH_TOKEN: ${{ github.token }}
-    steps:
-      - name: 'Remove waiting-response on comment'
-        run: gh ${{ env.COMMAND }} edit ${{ github.event.issue.html_url }} --remove-label waiting-response

.github/workflows/jira-sync.yml

@@ -0,0 +1,39 @@
+on:
+  issues:
+    types: [closed, deleted, reopened]
+  pull_request_target:
+    types: [closed, reopened]
+
+name: Jira Sync
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    name: Jira sync
+    steps:
+
+    - name: Login
+      uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # v3.0.1
+      if: contains(github.event.pull_request.labels.*.name, 'tf-devex-triage') || contains(github.event.issue.labels.*.name, 'tf-devex-triage')
+      env:
+        JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
+        JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+        JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+    - name: Search for existing issue
+      id: search
+      if: contains(github.event.pull_request.labels.*.name, 'tf-devex-triage') || contains(github.event.issue.labels.*.name, 'tf-devex-triage')
+      uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
+      with:
+        jql: 'project="TFECO" and "Team (R&D)[Labels]"="TF-DevEx" and description ~ "${{ github.event.issue.html_url || github.event.pull_request.html_url }}" and labels in (Github)'
+    - name: Close task
+      if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
+      uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1
+      with:
+        issue: ${{ steps.search.outputs.issue }}
+        transition: "Closed"
+    - name: Reopen task
+      if: github.event.action == 'reopened' && steps.search.outputs.issue
+      uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1
+      with:
+        issue: ${{ steps.search.outputs.issue }}
+        transition: "To Do"

.github/workflows/lock.yml

@@ -1,22 +0,0 @@
-# DO NOT EDIT - This GitHub Workflow is managed by automation
-# https://github.com/hashicorp/terraform-devex-repos
-name: 'Lock Threads'
-
-on:
-  schedule:
-    - cron: '0 10 * * *'
-
-jobs:
-  lock:
-    runs-on: ubuntu-latest
-    steps:
-      # NOTE: When TSCCR updates the GitHub action version, update the template workflow file to avoid drift:
-      # https://github.com/hashicorp/terraform-devex-repos/blob/main/modules/repo/workflows/lock.tftpl
-      - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v6.0.0
-        with:
-          process-only: 'issues, prs'
-          github-token: ${{ github.token }}
-          issue-inactive-days: '30'
-          issue-lock-reason: resolved
-          pr-inactive-days: '30'
-          pr-lock-reason: resolved

.github/workflows/release.yml

@@ -11,6 +11,10 @@ on:
 permissions:
   contents: read # Changelog commit operations use service account PAT
 
+env:
+  CI_COMMIT_AUTHOR: hc-github-team-tf-provider-devex
+  CI_COMMIT_EMAIL: github-team-tf-provider-devex@hashicorp.com
+
 jobs:
   major-version:
     runs-on: ubuntu-latest
@@ -33,36 +37,36 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
           # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
           # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
           persist-credentials: false
       - name: Batch changes
-        uses: miniscruff/changie-action@5036dffa79ffc007110dc7f75eca7ef72780e147 # v2.1.0
+        uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2
         with:
           version: latest
           args: batch ${{ needs.changelog-version.outputs.version }}
       - name: Merge changes
-        uses: miniscruff/changie-action@5036dffa79ffc007110dc7f75eca7ef72780e147 # v2.1.0
+        uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2
         with:
           version: latest
           args: merge
       - name: Git push changelog
         run: |
-          git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
-          git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
+          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
+          git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
           git add .
           git commit -a -m "Update changelog"
-          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
+          git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
 
   update-package-version:
     needs: changelog
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
           # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
@@ -73,25 +77,25 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
         with:
           node-version: 20
       - name: Update package version
         run: npm version "${{ inputs.versionNumber }}" --git-tag-version false
       - name: Git push
         run: |
-          git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
-          git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
+          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
+          git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
           git add .
           git commit -a -m "Update package version"
-          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
+          git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
 
   release-tag:
     needs: [ update-package-version, major-version ]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
           # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
@@ -103,13 +107,13 @@ jobs:
 
       - name: Git push release tag
         run: |
-          git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
-          git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
+          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
+          git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
 
           git tag "${{ inputs.versionNumber }}"
           git tag -f "${{ needs.major-version.outputs.version }}"
-          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}"
-          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" -f "${{ needs.major-version.outputs.version }}"
+          git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}"
+          git push "https://${{ env.CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" -f "${{ needs.major-version.outputs.version }}"
 
   release:
     needs: [ changelog-version, release-tag ]
@@ -117,7 +121,7 @@ jobs:
     permissions:
       contents: write # Needed to create GitHub release
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ inputs.versionNumber }}
           fetch-depth: 0

.github/workflows/send-to-jira.yml

@@ -0,0 +1,37 @@
+on:
+  issues:
+    types: [labeled]
+
+name: Jira Sync
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    name: Jira sync
+    steps:
+
+    - name: Login
+      uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # v3.0.1
+      if: github.event.label.name == 'tf-devex-triage'
+      env:
+        JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
+        JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+        JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+    - name: Search for existing issue
+      id: search
+      if: github.event.label.name == 'tf-devex-triage'
+      uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
+      with:
+        jql: 'project="TFECO" and "Team (R&D)[Labels]"="TF-DevEx" and description ~ "${{ github.event.issue.html_url || github.event.pull_request.html_url }}" and labels in (Github)'
+
+    - name: Create task in DevEx board
+      if: github.event.label.name == 'tf-devex-triage' && !steps.search.outputs.issue
+      uses: atlassian/gajira-create@59e177c4f6451399df5b4911c2211104f171e669 # v3.0.1
+      with:
+        project: TFECO
+        issuetype: "Task"
+        summary: "[GH] ${{ github.event.issue.title || github.event.pull_request.title }}"
+        description: "${{ github.event.issue.html_url || github.event.pull_request.html_url }} \n Synced by Github Actions, tagged by ${{ github.actor }}"
+        # customfield_10091 is Team (R&D)
+        fields: '{"customfield_10091": ["TF-DevEx"], "labels": ["Github"]}'
+

.github/workflows/setup-terraform.yml

@@ -20,7 +20,7 @@ jobs:
         terraform-versions: [0.11.14, latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform - ${{ matrix['terraform-versions'] }}
       uses: ./
@@ -44,7 +44,7 @@ jobs:
         terraform-versions: [0.11.14, latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform (no wrapper) - ${{ matrix['terraform-versions'] }}
       uses: ./
@@ -69,7 +69,7 @@ jobs:
         terraform-versions: [~0.12, 0.12.x, <0.13.0]
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform - ${{ matrix['terraform-versions'] }}
       uses: ./
@@ -88,7 +88,7 @@ jobs:
         terraform-versions: [~0.12, 0.12.x, <0.13.0]
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform (no wrapper) - ${{ matrix['terraform-versions'] }}
       uses: ./
@@ -100,7 +100,7 @@ jobs:
       run: terraform version | grep 'Terraform v0\.12'
 
   terraform-credentials-cloud:
-    name: 'HCP Terraform Credentials'
+    name: 'Terraform Cloud Credentials'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -109,7 +109,7 @@ jobs:
       TF_CLOUD_API_TOKEN: 'XXXXXXXXXXXXXX.atlasv1.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -138,7 +138,7 @@ jobs:
       TF_CLOUD_API_TOKEN: 'XXXXXXXXXXXXXX.atlasv1.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -166,7 +166,7 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -189,7 +189,7 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -220,7 +220,7 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -257,7 +257,7 @@ jobs:
         working-directory: ./.github/workflows/data/local
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -287,7 +287,7 @@ jobs:
         working-directory: ./.github/workflows/data/local
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -304,6 +304,7 @@ jobs:
       id: plan
       run: terraform plan
 
+
   terraform-stdout-wrapper:
     name: 'Terraform STDOUT'
     runs-on: ${{ matrix.os }}
@@ -316,7 +317,7 @@ jobs:
         working-directory: ./.github/workflows/data/local
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -349,7 +350,7 @@ jobs:
         working-directory: ./.github/workflows/data/local
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Setup Terraform
       uses: ./
@@ -369,33 +370,3 @@ jobs:
     - name: Terraform Output to JQ
       id: output
       run: terraform output -json | jq '.pet.value'
-
-  # This test has an artificial delay for testing the streaming of STDOUT 
-  terraform-wrapper-delayed-apply:
-    name: 'Terraform Delayed Apply'
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./.github/workflows/data/delay
-    steps:
-    - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-    - name: Setup Terraform
-      uses: ./
-      with:
-        terraform_wrapper: true
-
-    - name: Terraform Init
-      run: terraform init
-
-    - name: Terraform Format
-      run: terraform fmt -check
-
-    - name: Terraform Apply
-      id: apply
-      run: terraform apply -auto-approve

.husky/.gitignore

@@ -0,0 +1 @@
+_

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npm run build && git add dist/

CHANGELOG.md

@@ -1,21 +1,3 @@
-## 3.1.2 (2024-08-19)
-
-NOTES:
-
-* This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. ([#430](https://github.com/hashicorp/setup-terraform/issues/430))
-
-## 3.1.1 (2024-05-07)
-
-BUG FIXES:
-
-* wrapper: Fix wrapper to output to stdout and stderr immediately when data is received ([#395](https://github.com/hashicorp/setup-terraform/issues/395))
-
-## 3.1.0 (2024-04-23)
-
-ENHANCEMENTS:
-
-* Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available ([#409](https://github.com/hashicorp/setup-terraform/issues/409))
-
 ## 3.0.0 (2023-10-30)
 
 NOTES:

META.d/_summary.yaml

@@ -1,11 +0,0 @@
----
-schema: 1.1
-
-partition: tf-ecosystem
-category: github-action
-
-summary:
-  owner: team-tf-core-plugins
-  description: |
-    Sets up Terraform CLI in your GitHub Actions workflow.
-  visibility: public

META.d/data.yml

@@ -1,6 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-data_summary:
-  gdpr:
-    exempt: true

README.md

@@ -6,36 +6,36 @@
 The `hashicorp/setup-terraform` action is a JavaScript action that sets up Terraform CLI in your GitHub Actions workflow by:
 
 - Downloading a specific version of Terraform CLI and adding it to the `PATH`.
-- Configuring the [Terraform CLI configuration file](https://www.terraform.io/docs/commands/cli-config.html) with a HCP Terraform/Terraform Enterprise hostname and API token.
+- Configuring the [Terraform CLI configuration file](https://www.terraform.io/docs/commands/cli-config.html) with a Terraform Cloud/Enterprise hostname and API token.
 - Installing a wrapper script to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. (This can be optionally skipped if subsequent steps in the same job do not need to access the results of Terraform commands.)
 
 After you've used the action, subsequent steps in the same job can run arbitrary Terraform commands using [the GitHub Actions `run` syntax](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun). This allows most Terraform commands to work exactly like they do on your local command line.
 
 ## Usage
 
-This action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners. When running on `windows-latest` the shell should be set to Bash. When running on self-hosted GitHub Actions runners, NodeJS must be previously installed with the version specified in the [`action.yml`](https://github.com/hashicorp/setup-terraform/blob/main/action.yml).
+This action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners. When running on `windows-latest` the shell should be set to Bash.
 
 The default configuration installs the latest version of Terraform CLI and installs the wrapper script to wrap subsequent calls to the `terraform` binary:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v3
+- uses: hashicorp/setup-terraform@v2
 ```
 
 A specific version of Terraform CLI can be installed:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v3
+- uses: hashicorp/setup-terraform@v2
   with:
     terraform_version: "1.1.7"
 ```
 
-Credentials for HCP Terraform ([app.terraform.io](https://app.terraform.io/)) can be configured:
+Credentials for Terraform Cloud ([app.terraform.io](https://app.terraform.io/)) can be configured:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v3
+- uses: hashicorp/setup-terraform@v2
   with:
     cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 ```
@@ -44,7 +44,7 @@ Credentials for Terraform Enterprise (TFE) can be configured:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v3
+- uses: hashicorp/setup-terraform@v2
   with:
     cli_config_credentials_hostname: 'terraform.example.com'
     cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
@@ -54,7 +54,7 @@ The wrapper script installation can be skipped by setting the `terraform_wrapper
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v3
+- uses: hashicorp/setup-terraform@v2
   with:
     terraform_wrapper: false
 ```
@@ -63,7 +63,7 @@ Subsequent steps can access outputs when the wrapper script is installed:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v3
+- uses: hashicorp/setup-terraform@v2
 
 - run: terraform init
 
@@ -90,8 +90,8 @@ defaults:
 permissions:
   pull-requests: write
 steps:
-- uses: actions/checkout@v4
-- uses: hashicorp/setup-terraform@v3
+- uses: actions/checkout@v3
+- uses: hashicorp/setup-terraform@v2
 
 - name: Terraform fmt
   id: fmt
@@ -100,7 +100,7 @@ steps:
 
 - name: Terraform Init
   id: init
-  run: terraform init -input=false
+  run: terraform init
 
 - name: Terraform Validate
   id: validate
@@ -108,10 +108,10 @@ steps:
 
 - name: Terraform Plan
   id: plan
-  run: terraform plan -no-color -input=false
+  run: terraform plan -no-color
   continue-on-error: true
 
-- uses: actions/github-script@v7
+- uses: actions/github-script@v6
   if: github.event_name == 'pull_request'
   env:
     PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
@@ -158,8 +158,8 @@ defaults:
 permissions:
   pull-requests: write
 steps:
-- uses: actions/checkout@v4
-- uses: hashicorp/setup-terraform@v3
+- uses: actions/checkout@v3
+- uses: hashicorp/setup-terraform@v2
 
 - name: Terraform fmt
   id: fmt
@@ -168,7 +168,7 @@ steps:
 
 - name: Terraform Init
   id: init
-  run: terraform init -input=false
+  run: terraform init
 
 - name: Terraform Validate
   id: validate
@@ -176,10 +176,10 @@ steps:
 
 - name: Terraform Plan
   id: plan
-  run: terraform plan -no-color -input=false
+  run: terraform plan -no-color
   continue-on-error: true
 
-- uses: actions/github-script@v7
+- uses: actions/github-script@v6
   if: github.event_name == 'pull_request'
   env:
     PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
@@ -242,9 +242,9 @@ steps:
 
 The action supports the following inputs:
 
-- `cli_config_credentials_hostname` - (optional) The hostname of a HCP Terraform/Terraform Enterprise instance to
+- `cli_config_credentials_hostname` - (optional) The hostname of a Terraform Cloud/Enterprise instance to
    place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.
-- `cli_config_credentials_token` - (optional) The API token for a HCP Terraform/Terraform Enterprise instance to
+- `cli_config_credentials_token` - (optional) The API token for a Terraform Cloud/Enterprise instance to
    place within the credentials block of the Terraform CLI configuration file.
 - `terraform_version` - (optional) The version of Terraform CLI to install. Instead of a full version string,
    you can also specify a constraint string (see [Semver Ranges](https://www.npmjs.com/package/semver#ranges)

action.yml

@@ -3,11 +3,11 @@ description: 'Sets up Terraform CLI in your GitHub Actions workflow.'
 author: 'HashiCorp, Inc.'
 inputs:
   cli_config_credentials_hostname:
-    description: 'The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.'
+    description: 'The hostname of a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.'
     default: 'app.terraform.io'
     required: false
   cli_config_credentials_token:
-    description: 'The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.'
+    description: 'The API token for a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file.'
     required: false
   terraform_version:
     description: 'The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.'

lib/setup-terraform.js

@@ -7,7 +7,6 @@
 const fs = require('fs').promises;
 const os = require('os');
 const path = require('path');
-const semver = require('semver');
 
 // External
 const core = require('@actions/core');
@@ -136,15 +135,7 @@ async function run () {
     core.debug(`Finding releases for Terraform version ${version}`);
     const release = await releases.getRelease('terraform', version, 'GitHub Action: Setup Terraform');
     const platform = mapOS(osPlatform);
-    let arch = mapArch(osArch);
-
-    // Terraform was not available for darwin/arm64 until 1.0.2, however macOS
-    // runners can emulate darwin/amd64.
-    if (platform === 'darwin' && arch === 'arm64' && semver.valid(release.version) && semver.lt(release.version, '1.0.2')) {
-      core.warning('Terraform is not available for darwin/arm64 until version 1.0.2. Falling back to darwin/amd64.');
-      arch = 'amd64';
-    }
-
+    const arch = mapArch(osArch);
     core.debug(`Getting build for Terraform version ${release.version}: ${platform} ${arch}`);
     const build = release.getBuild(platform, arch);
     if (!build) {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "setup-terraform",
-  "version": "3.1.2",
+  "version": "3.0.0",
   "description": "Setup Terraform CLI for GitHub Actions",
   "license": "MPL-2.0",
   "publisher": "hashicorp",
@@ -13,23 +13,24 @@
     "test": "semistandard --env jest && jest --coverage",
     "lint": "semistandard --env jest --fix",
     "build": "ncc build wrapper/terraform.js --out wrapper/dist && ncc build index.js --out dist",
+    "prepare": "husky install",
     "format-check": "echo \"unimplemented for actions/reusable-workflows basic-validation\""
   },
   "keywords": [],
   "author": "",
   "dependencies": {
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
-    "@actions/github": "^6.0.1",
-    "@actions/io": "^2.0.0",
-    "@actions/tool-cache": "^2.0.2",
-    "@hashicorp/js-releases": "^1.7.5",
-    "semver": "^7.7.3"
+    "@actions/github": "^6.0.0",
+    "@actions/io": "^1.1.3",
+    "@actions/tool-cache": "^2.0.1",
+    "@hashicorp/js-releases": "^1.7.0"
   },
   "devDependencies": {
-    "@vercel/ncc": "^0.38.4",
-    "jest": "^30.2.0",
-    "nock": "^14.0.10",
+    "@vercel/ncc": "^0.38.1",
+    "husky": "^8.0.3",
+    "jest": "^29.7.0",
+    "nock": "^13.3.6",
     "semistandard": "^17.0.0"
   },
   "semistandard": {

wrapper/lib/output-listener.js

@@ -20,18 +20,13 @@
  * console.log(listener.contents);
  */
 class OutputListener {
-  constructor (streamWriter) {
+  constructor () {
     this._buff = [];
-    this._streamWriter = streamWriter;
   }
 
   get listener () {
     const listen = function listen (data) {
       this._buff.push(data);
-
-      if (this._streamWriter) {
-        this._streamWriter.write(data);
-      }
     };
     return listen.bind(this);
   }

wrapper/terraform.js

@@ -21,9 +21,9 @@ async function checkTerraform () {
   // This will fail if Terraform isn't found, which is what we want
   await checkTerraform();
 
-  // Create listeners to receive output (in memory)
-  const stdout = new OutputListener(process.stdout);
-  const stderr = new OutputListener(process.stderr);
+  // Create listeners to receive output (in memory) as well
+  const stdout = new OutputListener();
+  const stderr = new OutputListener();
   const listeners = {
     stdout: stdout.listener,
     stderr: stderr.listener
@@ -34,10 +34,14 @@ async function checkTerraform () {
   const options = {
     listeners,
     ignoreReturnCode: true,
-    silent: true // avoid printing command in stdout: https://github.com/actions/toolkit/issues/649
+    silent: true, // avoid printing command in stdout: https://github.com/actions/toolkit/issues/649
   };
   const exitCode = await exec(pathToCLI, args, options);
 
+  // Pass-through stdout/err as `exec` won't due to `silent: true` option
+  process.stdout.write(stdout.contents);
+  process.stderr.write(stderr.contents);
+
   // Set outputs, result, exitcode, and stderr
   core.setOutput('stdout', stdout.contents);
   core.setOutput('stderr', stderr.contents);

wrapper/test/output-listener.test.js

@@ -6,31 +6,12 @@
 const OutputListener = require('../lib/output-listener');
 
 describe('output-listener', () => {
-  it('receives and buffers data to .contents', () => {
+  it('receives and exposes data', () => {
     const listener = new OutputListener();
     const listen = listener.listener;
-
     listen(Buffer.from('foo'));
     listen(Buffer.from('bar'));
     listen(Buffer.from('baz'));
-
     expect(listener.contents).toEqual('foobarbaz');
   });
-
-  it('receives and writes data to stream immediately', () => {
-    const mockWrite = jest.fn();
-    const listener = new OutputListener({ write: mockWrite });
-    const listen = listener.listener;
-
-    listen(Buffer.from('first write'));
-    expect(mockWrite.mock.lastCall[0]).toStrictEqual(Buffer.from('first write'));
-
-    listen(Buffer.from('second write'));
-    expect(mockWrite.mock.lastCall[0]).toStrictEqual(Buffer.from('second write'));
-
-    listen(Buffer.from('third write'));
-    expect(mockWrite.mock.lastCall[0]).toStrictEqual(Buffer.from('third write'));
-
-    expect(mockWrite).toHaveBeenCalledTimes(3);
-  });
 });