Bump dessant/lock-threads in the github-actions group (#519)

Bumps the github-actions group with 1 update: [dessant/lock-threads](https://github.com/dessant/lock-threads).


Updates `dessant/lock-threads` from 5.0.1 to 6.0.0
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md)
- [Commits](1bf7ec2505...7266a7ce5c)

---
updated-dependencies:
- dependency-name: dessant/lock-threads
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.changes/2.0.3.md

@@ -0,0 +1,169 @@
+# [2.0.3] (2022-11-01)
+
+### NOTES
+
+* Reduced occurrences of GitHub Actions warnings for setting output [#247](https://github.com/hashicorp/setup-terraform/pull/247)
+
+# [2.0.2] (2022-10-12)
+
+### BUG FIXES
+
+* Update 2.0.1 release metadata by @jpogran in https://github.com/hashicorp/setup-terraform/pull/253
+* `README.md` updates - direct links to license and code of conduct, updated GitHub documents link by @magnetikonline in https://github.com/hashicorp/setup-terraform/pull/244
+
+### INTERNAL
+
+* Bump jest from 29.0.3 to 29.1.2 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/248
+
+# [2.0.1] (2022-10-12)
+
+### ENHANCEMENTS
+
+* Do not fail when theres an exit-code 2 by @dannyibishev in https://github.com/hashicorp/setup-terraform/pull/125
+* Updated README to reflect GitHub limitations by @rnsc in https://github.com/hashicorp/setup-terraform/pull/205
+
+### BUG FIXES
+
+* Fix terraform extract by @cpc-camarj in https://github.com/hashicorp/setup-terraform/pull/187
+* Add new-style readme build badges, bump `actions/checkout` in `README.md` examples by @magnetikonline in https://github.com/hashicorp/setup-terraform/pull/188
+* Fixed `master` to `main` workflow branch triggers by @magnetikonline in https://github.com/hashicorp/setup-terraform/pull/216
+* Fix the example of how to comment on pull request. by @acarmel in https://github.com/hashicorp/setup-terraform/pull/220
+
+### INTERNAL
+
+* Bump @actions/core from 1.6.0 to 1.7.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/185
+* Bump @vercel/ncc from 0.33.3 to 0.33.4 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/182
+* Bump jest from 27.5.1 to 28.0.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/184
+* Bump jest from 28.0.0 to 28.0.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/190
+* Bump husky from 7.0.4 to 8.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/193
+* Bump jest from 28.0.3 to 28.1.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/194
+* Bump @actions/github from 5.0.1 to 5.0.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/201
+* Bump @actions/core from 1.7.0 to 1.8.2 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/200
+* Bump @actions/tool-cache from 1.7.2 to 2.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/199
+* TF DevEx: repo adoption by @detro in https://github.com/hashicorp/setup-terraform/pull/204
+* Bump nock from 13.2.4 to 13.2.6 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/212
+* Bump @vercel/ncc from 0.33.4 to 0.34.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/210
+* Bump jest from 28.1.0 to 28.1.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/215
+* Bump nock from 13.2.6 to 13.2.7 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/217
+* Bump jest from 28.1.1 to 28.1.2 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/221
+* Bump jest from 28.1.2 to 28.1.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/224
+* Bump nock from 13.2.7 to 13.2.9 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/225
+* Bump leonsteinhaeuser/project-beta-automations from 1.2.1 to 1.3.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/233
+* Bump leonsteinhaeuser/project-beta-automations from 1.3.0 to 2.0.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/243
+* Bump jest from 28.1.3 to 29.0.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/242
+* Bump @hashicorp/js-releases from 1.5.1 to 1.6.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/226
+* Bump @actions/core from 1.8.2 to 1.9.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/235
+* Bump @actions/core from 1.6.0 to 1.9.1 in /wrapper by @dependabot in https://github.com/hashicorp/setup-terraform/pull/236
+* Bump @actions/github from 5.0.3 to 5.1.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/249
+* Bump leonsteinhaeuser/project-beta-automations from 2.0.0 to 2.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/250
+
+# [2.0.0] (2022-04-18)
+
+BREAKING CHANGES:
+
+* Support Actions Runners v2.285.0 or later by upgrading to Nodejs v16 runtime by @chenrui333 in https://github.com/hashicorp/setup-terraform/pull/170
+
+NOTES:
+
+* docs: Update existing PR comments example by @tobiasbueschel in https://github.com/hashicorp/setup-terraform/pull/178
+* Update Terraform versions and usage in README examples by @ksatirli in https://github.com/hashicorp/setup-terraform/pull/176
+* Update grammar in README.md by @dustindortch in https://github.com/hashicorp/setup-terraform/pull/180
+
+INTERNAL:
+
+* Bump @actions/github from 5.0.0 to 5.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/177
+* dependabot: track github-actions dependency changes by @chenrui333 in https://github.com/hashicorp/setup-terraform/pull/179
+
+# [1.4.0] (2022-04-04)
+
+NOTES:
+
+ - Update readme using github-script@v5 by @krrrr38 in ([#135](https://github.com/hashicorp/setup-terraform/pull/135))
+ - Update actions/github-script to v6 in README by @shouichi in ([#148](https://github.com/hashicorp/setup-terraform/pull/148))
+
+ENHANCEMENTS:
+
+ - Improve output for PR comment by @skpy in ([#129](https://github.com/hashicorp/setup-terraform/pull/129))
+ - Allow proxy values to be set by @rabun788 in ([#147](https://github.com/hashicorp/setup-terraform/pull/147))
+
+INTERNAL:
+
+ - Allow dependabot to check node modules by @jlosito in ([#87](https://github.com/hashicorp/setup-terraform/pull/87))
+ - Update js-releases to v1.4.0 by @aeschright in ([#111](https://github.com/hashicorp/setup-terraform/pull/111))
+ - Updates Readme by @ndrone-kr in ([#86](https://github.com/hashicorp/setup-terraform/pull/86))
+ - Update husky to v6.0 by @aeschright in ([#113](https://github.com/hashicorp/setup-terraform/pull/113))
+ - Bump development dependencies by @jpogran in ([#153](https://github.com/hashicorp/setup-terraform/pull/153))
+ - Bump node-fetch from 2.6.1 to 2.6.7 by @dependabot in ([#154](https://github.com/hashicorp/setup-terraform/pull/154))
+ - Bump @actions/github from 4.0.0 to 5.0.0 by @dependabot in ([#114](https://github.com/hashicorp/setup-terraform/pull/114))
+ - Bump @actions/io from 1.1.0 to 1.1.1 by @dependabot in ([#156](https://github.com/hashicorp/setup-terraform/pull/156))
+ - Bump @actions/core from 1.2.7 to 1.6.0 by @dependabot in ([#158](https://github.com/hashicorp/setup-terraform/pull/158))
+ - Bump @actions/tool-cache from 1.6.1 to 1.7.1 by @dependabot in ([#159](https://github.com/hashicorp/setup-terraform/pull/159))
+ - Bump @actions/core from 1.2.7 to 1.6.0 by @jpogran in ([#160](https://github.com/hashicorp/setup-terraform/pull/160))
+ - Bump @actions/exec from 1.0.4 to 1.1.0 by @jpogran in ([#161](https://github.com/hashicorp/setup-terraform/pull/161))
+ - Bump @actions/io from 1.1.0 to 1.1.1 by @jpogran in ([#162](https://github.com/hashicorp/setup-terraform/pull/162))
+ - Bump @hashicorp/js-releases from 1.5.0 to 1.5.1 by @dependabot in ([#166](https://github.com/hashicorp/setup-terraform/pull/166))
+ - Bump minimist from 1.2.5 to 1.2.6 by @dependabot in ([#168](https://github.com/hashicorp/setup-terraform/pull/168))
+ - Bump @actions/tool-cache from 1.7.1 to 1.7.2 by @dependabot in ([#164](https://github.com/hashicorp/setup-terraform/pull/164))
+ - Bump @actions/io from 1.1.1 to 1.1.2 by @dependabot in ([#165](https://github.com/hashicorp/setup-terraform/pull/165))
+ - Bump minimist from 1.2.5 to 1.2.6 in /wrapper by @dependabot in ([#169](https://github.com/hashicorp/setup-terraform/pull/169))
+ - Add GitHub automatic release by @jpogran in ([#173](https://github.com/hashicorp/setup-terraform/pull/173))
+
+# [1.3.2] (2020-12-09)
+
+ENHANCEMENTS:
+
+ - Update js-releases to fix missing dep in bundle ([#78](https://github.com/hashicorp/setup-terraform/pull/78))
+
+# [1.3.1] (2020-12-08)
+
+BUG FIXES:
+
+ - Fix build dependency ([#76](https://github.com/hashicorp/setup-terraform/pull/76))
+
+# [1.3.0] (2020-12-08)
+
+ENHANCEMENTS:
+
+ - Use `@hashicorp/js-releases` package to identify and download the specified version of Terraform. This will ensure that our tooling is consistent in how it works with the releases API, especially when handling pre-releases. ([#70](https://github.com/hashicorp/setup-terraform/pull/70), [#73](https://github.com/hashicorp/setup-terraform/pull/73))
+
+# [1.2.1] (2020-10-30)
+
+INTERNAL:
+
+ - Update dependencies to resolve CVE-2020-15228 ([#63](https://github.com/hashicorp/setup-terraform/pull/63))
+
+# [1.2.0]
+
+ENHANCEMENTS:
+
+ - Allow `terraform_version` to take a version constraint. ([#38](https://github.com/hashicorp/setup-terraform/pull/38))
+
+# [1.1.0]
+
+ENHANCEMENTS:
+
+ - Ignore pre-release versions when `terraform_version` is set to `latest`. ([#19](https://github.com/hashicorp/setup-terraform/pull/19))
+
+# [1.0.1]
+
+INTERNAL:
+
+ - Bump @actions/http-client from 1.0.6 to 1.0.8. ([#1](https://github.com/hashicorp/setup-terraform/pull/1))
+
+# [1.0.0]
+
+ - Initial release.
+
+<!-- Links to tag comparisons -->
+[Unreleased]: https://github.com/hashicorp/setup-terraform/compare/v2.0.2...main
+[2.0.2]: https://github.com/hashicorp/setup-terraform/compare/v2.0.1...v2.0.2
+[2.0.1]: https://github.com/hashicorp/setup-terraform/compare/v2.0.0...v2.0.1
+[2.0.0]: https://github.com/hashicorp/setup-terraform/compare/v1.4.0...v2.0.0
+[1.4.0]: https://github.com/hashicorp/setup-terraform/compare/v1.3.2...v1.4.0
+[1.3.2]: https://github.com/hashicorp/setup-terraform/compare/v1.3.1...v1.3.2
+[1.3.1]: https://github.com/hashicorp/setup-terraform/compare/v1.3.0...v1.3.1
+[1.3.0]: https://github.com/hashicorp/setup-terraform/compare/v1.2.1...v1.3.0
+[1.2.1]: https://github.com/hashicorp/setup-terraform/compare/v1.2.0...v1.2.1
+[1.2.0]: https://github.com/hashicorp/setup-terraform/compare/v1.1.0...v1.2.0
+[1.1.0]: https://github.com/hashicorp/setup-terraform/compare/v1.0.1...v1.1.0
+[1.0.1]: https://github.com/hashicorp/setup-terraform/compare/v1.0.0...v1.0.1

.changes/3.0.0.md

@@ -0,0 +1,11 @@
+## 3.0.0 (2023-10-30)
+
+NOTES:
+
+* Updated default runtime to node20 ([#346](https://github.com/hashicorp/setup-terraform/issues/346))
+* The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with `v3.0.0`, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. ([#367](https://github.com/hashicorp/setup-terraform/issues/367))
+
+BUG FIXES:
+
+* Fixed malformed stdout when wrapper is enabled ([#367](https://github.com/hashicorp/setup-terraform/issues/367))
+

.changes/3.1.0.md

@@ -0,0 +1,6 @@
+## 3.1.0 (2024-04-23)
+
+ENHANCEMENTS:
+
+* Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available ([#409](https://github.com/hashicorp/setup-terraform/issues/409))
+

.changes/3.1.1.md

@@ -0,0 +1,6 @@
+## 3.1.1 (2024-05-07)
+
+BUG FIXES:
+
+* wrapper: Fix wrapper to output to stdout and stderr immediately when data is received ([#395](https://github.com/hashicorp/setup-terraform/issues/395))
+

.changes/3.1.2.md

@@ -0,0 +1,6 @@
+## 3.1.2 (2024-08-19)
+
+NOTES:
+
+* This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. ([#430](https://github.com/hashicorp/setup-terraform/issues/430))
+

.changie.yaml

@@ -0,0 +1,22 @@
+changesDir: .changes
+unreleasedDir: unreleased
+changelogPath: CHANGELOG.md
+versionExt: md
+versionFormat: '## {{.Version}} ({{.Time.Format "2006-01-02"}})'
+kindFormat: '{{.Kind}}:'
+changeFormat: '* {{.Body}} ([#{{.Custom.Issue}}](https://github.com/hashicorp/setup-terraform/issues/{{.Custom.Issue}}))'
+custom:
+  - key: Issue
+    label: Issue/PR Number
+    type: int
+    minInt: 1
+kinds:
+  - label: BREAKING CHANGES
+  - label: NOTES
+  - label: FEATURES
+  - label: ENHANCEMENTS
+  - label: BUG FIXES
+newlines:
+  afterKind: 1
+  beforeKind: 1
+  endOfVersion: 2

.copywrite.hcl

@@ -0,0 +1,33 @@
+schema_version = 1
+
+project {
+  license        = "MPL-2.0"
+  copyright_year = 2020
+
+  header_ignore = [
+    # internal catalog metadata (prose)
+    "META.d/**/*.yaml",
+
+    # changie tooling configuration and CHANGELOG entries (prose)
+    ".changes/unreleased/*.yaml",
+    ".changie.yaml",
+
+    # GitHub issue template configuration
+    ".github/ISSUE_TEMPLATE/*.yml",
+
+    # GitHub Actions workflow-specific configurations
+    ".github/labeler-*.yml",
+
+    # Github Action linting configuration
+    ".github/actionlint.yaml",
+
+    # Release Engineering tooling configuration
+    ".release/*.hcl",
+
+    # Auto-generated /dist
+    "dist/**",
+
+    # GitHub Action metadata file
+    "action.yml",
+  ]
+}

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @hashicorp/terraform-core-plugins

.github/dependabot.yml

@@ -0,0 +1,17 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      "github-actions":
+        patterns:
+          - "*" # Group all GitHub Actions dependencies together
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "Etc/UTC"

.github/pull_request_template.md

@@ -0,0 +1,16 @@
+## Related Issue
+
+Fixes # <!-- INSERT ISSUE NUMBER -->
+
+## Description
+
+In plain English, describe your approach to addressing the issue linked above. For example, if you made a particular design decision, let us know why you chose this path instead of another solution.
+
+<!-- heimdall_github_prtemplate:grc-pci_dss-2024-01-05 -->
+## Rollback Plan
+
+- [ ] If a change needs to be reverted, we will roll out an update to the code within 7 days.
+
+## Changes to Security Controls
+
+Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

.github/workflows/ci-changie.yml

@@ -0,0 +1,23 @@
+# Continuous integration handling for changie
+name: ci-changie
+
+on:
+  pull_request:
+    paths:
+      - .changes/unreleased/*.yaml
+      - .changie.yaml
+      - .github/workflows/ci-changie.yml
+
+permissions:
+  contents: read
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: miniscruff/changie-action@5036dffa79ffc007110dc7f75eca7ef72780e147 # v2.1.0
+        with:
+          version: latest
+          args: batch patch --dry-run
+

.github/workflows/compliance.yml

@@ -0,0 +1,17 @@
+name: compliance
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  # Reference: ENGSRV-059
+  copywrite:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3
+      - run: copywrite headers --plan
+      - run: copywrite license --plan

.github/workflows/continuous-integration.yml

@@ -3,35 +3,20 @@ name: 'Continuous Integration'
 on:
   push:
     branches:
-    - master
+    - main
   pull_request:
 
 jobs:
+  check-dist:
+    name: Check dist/ directory
+    uses: actions/reusable-workflows/.github/workflows/check-dist.yml@95d9656793415e47f574f7967f3850ea3bf5a7ed
+    with:
+      node-version: 20.x
+      node-caching: npm
+
   test:
     name: Test
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Setup Node.js 12.x
-      uses: actions/setup-node@v1
-      with:
-        node-version: '12.x'
-
-    - name: Install
-      run: npm clean-install
-    
-    - name: Verify
-      if: runner.os == 'Linux'
-      run: |
-        npm run build
-        # Fail if "npm run build" generated new changes in dist
-        git update-index --refresh dist/* && git diff-index --quiet HEAD dist
-
-    - name: Test
-      run: npm test
+    uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@95d9656793415e47f574f7967f3850ea3bf5a7ed
+    with:
+      node-version: 20.x
+      node-caching: npm

.github/workflows/data/delay/main.tf

@@ -0,0 +1,11 @@
+resource "null_resource" "previous" {}
+
+resource "time_sleep" "wait_30_seconds" {
+  depends_on = [null_resource.previous]
+
+  create_duration = "30s"
+}
+
+resource "null_resource" "next" {
+  depends_on = [time_sleep.wait_30_seconds]
+}

.github/workflows/data/local/main.tf

@@ -1,5 +1,5 @@
-resource "null_resource" "null" {
-  triggers = {
-    value = "${timestamp()}"
-  }
+resource "random_pet" "pet" {}
+
+output "pet" {
+  value = random_pet.pet.id
 }

.github/workflows/issue-comment-triage.yml

@@ -0,0 +1,21 @@
+# DO NOT EDIT - This GitHub Workflow is managed by automation
+# https://github.com/hashicorp/terraform-devex-repos
+name: Issue Comment Triage
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  issue_comment_triage:
+    runs-on: ubuntu-latest
+    env:
+      # issue_comment events are triggered by comments on issues and pull requests. Checking the
+      # value of github.event.issue.pull_request tells us whether the issue is an issue or is
+      # actually a pull request, allowing us to dynamically set the gh subcommand:
+      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment-on-issues-only-or-pull-requests-only
+      COMMAND: ${{ github.event.issue.pull_request && 'pr' || 'issue' }}
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: 'Remove waiting-response on comment'
+        run: gh ${{ env.COMMAND }} edit ${{ github.event.issue.html_url }} --remove-label waiting-response

.github/workflows/lock.yml

@@ -0,0 +1,22 @@
+# DO NOT EDIT - This GitHub Workflow is managed by automation
+# https://github.com/hashicorp/terraform-devex-repos
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '0 10 * * *'
+
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    steps:
+      # NOTE: When TSCCR updates the GitHub action version, update the template workflow file to avoid drift:
+      # https://github.com/hashicorp/terraform-devex-repos/blob/main/modules/repo/workflows/lock.tftpl
+      - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v6.0.0
+        with:
+          process-only: 'issues, prs'
+          github-token: ${{ github.token }}
+          issue-inactive-days: '30'
+          issue-lock-reason: resolved
+          pr-inactive-days: '30'
+          pr-lock-reason: resolved

.github/workflows/release.yml

@@ -0,0 +1,134 @@
+name: release
+
+on:
+  workflow_dispatch:
+    inputs:
+      versionNumber:
+        description: 'Release version number (v#.#.#)'
+        type: string
+        required: true
+
+permissions:
+  contents: read # Changelog commit operations use service account PAT
+
+jobs:
+  major-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.major-version.outputs.version }}
+    steps:
+      - id: major-version
+        run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -d. -f1)" >> "$GITHUB_OUTPUT"
+
+  changelog-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.changelog-version.outputs.version }}
+    steps:
+      - id: changelog-version
+        run: echo "version=$(echo "${{ inputs.versionNumber }}" | cut -c 2-)" >> "$GITHUB_OUTPUT"
+
+  changelog:
+    needs: changelog-version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0
+          # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
+          # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
+          persist-credentials: false
+      - name: Batch changes
+        uses: miniscruff/changie-action@5036dffa79ffc007110dc7f75eca7ef72780e147 # v2.1.0
+        with:
+          version: latest
+          args: batch ${{ needs.changelog-version.outputs.version }}
+      - name: Merge changes
+        uses: miniscruff/changie-action@5036dffa79ffc007110dc7f75eca7ef72780e147 # v2.1.0
+        with:
+          version: latest
+          args: merge
+      - name: Git push changelog
+        run: |
+          git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
+          git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
+          git add .
+          git commit -a -m "Update changelog"
+          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
+
+  update-package-version:
+    needs: changelog
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0
+          # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
+          # to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
+          ref: ${{ github.ref }}
+          # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
+          # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
+          persist-credentials: false
+
+      - name: Set up Node.js
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        with:
+          node-version: 20
+      - name: Update package version
+        run: npm version "${{ inputs.versionNumber }}" --git-tag-version false
+      - name: Git push
+        run: |
+          git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
+          git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
+          git add .
+          git commit -a -m "Update package version"
+          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
+
+  release-tag:
+    needs: [ update-package-version, major-version ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0
+          # Default input is the SHA that initially triggered the workflow. As we created a new commit in the previous job,
+          # to ensure we get the latest commit we use the ref for checkout: 'refs/heads/<branch_name>'
+          ref: ${{ github.ref }}
+          # Avoid persisting GITHUB_TOKEN credentials as they take priority over our service account PAT for `git push` operations
+          # More details: https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
+          persist-credentials: false
+
+      - name: Git push release tag
+        run: |
+          git config --global user.name "${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}"
+          git config --global user.email "${{ vars.TF_DEVEX_CI_COMMIT_EMAIL }}"
+
+          git tag "${{ inputs.versionNumber }}"
+          git tag -f "${{ needs.major-version.outputs.version }}"
+          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" "${{ inputs.versionNumber }}"
+          git push "https://${{ vars.TF_DEVEX_CI_COMMIT_AUTHOR }}:${{ secrets.TF_DEVEX_COMMIT_GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" -f "${{ needs.major-version.outputs.version }}"
+
+  release:
+    needs: [ changelog-version, release-tag ]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Needed to create GitHub release
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          ref: ${{ inputs.versionNumber }}
+          fetch-depth: 0
+
+      - name: Generate Release Notes
+        run: |
+          cd .changes
+          sed -e "1{/# /d;}" -e "2{/^$/d;}" ${{ needs.changelog-version.outputs.version }}.md > /tmp/release-notes.txt
+
+      - name: GH Release
+        run: |
+          gh release create "${{ inputs.versionNumber }}" --notes-file /tmp/release-notes.txt --title "${{ inputs.versionNumber }}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/setup-terraform.yml

@@ -1,9 +1,9 @@
-name: 'Setup Terraform'
+name: 'setup-terraform tests'
 
 on:
   push:
     branches:
-    - master
+    - main
   pull_request:
 
 defaults:
@@ -12,46 +12,95 @@ defaults:
 
 jobs:
   terraform-versions:
-    name: 'Terraform Versions' 
+    name: 'Terraform Versions'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
-        terraform-versions: [0.11.14, 0.12.24]
+        terraform-versions: [0.11.14, latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform - ${{ matrix['terraform-versions'] }}
       uses: ./
       with:
         terraform_version: ${{ matrix['terraform-versions'] }}
-    
+
     - name: Validate Teraform Version - ${{ matrix['terraform-versions'] }}
+      if: ${{ matrix['terraform-versions'] != 'latest' }}
       run: terraform version | grep ${{ matrix['terraform-versions']}}
-  
+
+    - name: Validate Teraform Version - ${{ matrix['terraform-versions'] }}
+      if: ${{ matrix['terraform-versions'] == 'latest' }}
+      run: terraform version | grep 'Terraform v'
+
   terraform-versions-no-wrapper:
-    name: 'Terraform Versions No Wrapper' 
+    name: 'Terraform Versions No Wrapper'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
-        terraform-versions: [0.11.14, 0.12.24]
+        terraform-versions: [0.11.14, latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
-  
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
     - name: Setup Terraform (no wrapper) - ${{ matrix['terraform-versions'] }}
       uses: ./
       with:
         terraform_version: ${{ matrix['terraform-versions'] }}
         terraform_wrapper: false
 
-    - name: Validate Teraform Version (no wrapper) - ${{ matrix['terraform-versions'] }}
+    - name: Validate Teraform Version - ${{ matrix['terraform-versions'] }}
+      if: ${{ matrix['terraform-versions'] != 'latest' }}
       run: terraform version | grep ${{ matrix['terraform-versions']}}
-  
+
+    - name: Validate Teraform Version - ${{ matrix['terraform-versions'] }}
+      if: ${{ matrix['terraform-versions'] == 'latest' }}
+      run: terraform version | grep 'Terraform v'
+
+  terraform-versions-constraints:
+    name: 'Terraform Versions Constraints'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        terraform-versions: [~0.12, 0.12.x, <0.13.0]
+    steps:
+    - name: Checkout
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+    - name: Setup Terraform - ${{ matrix['terraform-versions'] }}
+      uses: ./
+      with:
+        terraform_version: ${{ matrix['terraform-versions'] }}
+
+    - name: Validate Teraform Version - ${{ matrix['terraform-versions'] }}
+      run: terraform version | grep 'Terraform v0\.12'
+
+  terraform-versions-constraints-no-wrapper:
+    name: 'Terraform Versions Constraints No Wrapper'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        terraform-versions: [~0.12, 0.12.x, <0.13.0]
+    steps:
+    - name: Checkout
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+    - name: Setup Terraform (no wrapper) - ${{ matrix['terraform-versions'] }}
+      uses: ./
+      with:
+        terraform_version: ${{ matrix['terraform-versions'] }}
+        terraform_wrapper: false
+
+    - name: Validate Teraform Version - ${{ matrix['terraform-versions'] }}
+      run: terraform version | grep 'Terraform v0\.12'
+
   terraform-credentials-cloud:
-    name: 'Terraform Cloud Credentials' 
+    name: 'HCP Terraform Credentials'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -60,14 +109,14 @@ jobs:
       TF_CLOUD_API_TOKEN: 'XXXXXXXXXXXXXX.atlasv1.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform
       uses: ./
       with:
         cli_config_credentials_token: ${{ env.TF_CLOUD_API_TOKEN }}
-    
-    - name: Validate Terraform Credentials (Windows) 
+
+    - name: Validate Terraform Credentials (Windows)
       if: runner.os == 'Windows'
       run: |
         cat ${APPDATA}/terraform.rc | grep 'credentials "app.terraform.io"'
@@ -78,9 +127,9 @@ jobs:
       run: |
         cat ${HOME}/.terraformrc | grep 'credentials "app.terraform.io"'
         cat ${HOME}/.terraformrc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }}"'
-  
+
   terraform-credentials-enterprise:
-    name: 'Terraform Enterprise Credentials' 
+    name: 'Terraform Enterprise Credentials'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -89,15 +138,15 @@ jobs:
       TF_CLOUD_API_TOKEN: 'XXXXXXXXXXXXXX.atlasv1.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform
       uses: ./
       with:
         cli_config_credentials_hostname: 'terraform.example.com'
         cli_config_credentials_token: ${{ env.TF_CLOUD_API_TOKEN }}
-    
-    - name: Validate Terraform Credentials (Windows) 
+
+    - name: Validate Terraform Credentials (Windows)
       if: runner.os == 'Windows'
       run: |
         cat ${APPDATA}/terraform.rc | grep 'credentials "terraform.example.com"'
@@ -108,154 +157,245 @@ jobs:
       run: |
         cat ${HOME}/.terraformrc | grep 'credentials "terraform.example.com"'
         cat ${HOME}/.terraformrc | grep 'token = "${{ env.TF_CLOUD_API_TOKEN }}"'
-  
+
   terraform-credentials-none:
-    name: 'Terraform No Credentials' 
+    name: 'Terraform No Credentials'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform
       uses: ./
-    
-    - name: Validate Terraform Credentials (Windows) 
+
+    - name: Validate Terraform Credentials (Windows)
       if: runner.os == 'Windows'
       run: |
         [[ -f ${APPDATA}/terraform.rc ]] || exit 0
-    
+
     - name: Validate Teraform Credentials (Linux & macOS)
       if: runner.os != 'Windows'
       run: |
         [[ -f ${HOME}/.terraformrc ]] || exit 0
-  
+
   terraform-arguments:
-    name: 'Terraform Arguments' 
+    name: 'Terraform Arguments'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform
       uses: ./
-    
+
     - name: Check No Arguments
       run: terraform || exit 0
-    
+
     - name: Check Single Argument
       run: terraform help || exit 0
-    
+
     - name: Check Single Argument Hyphen
       run: terraform -help
-    
+
     - name: Check Single Argument Double Hyphen
       run: terraform --help
-    
+
     - name: Check Single Argument Subcommand
       run: terraform fmt -check
 
     - name: Check Multiple Arguments Subcommand
       run: terraform fmt -check -list=true -no-color
-  
+
   terraform-arguments-no-wrapper:
-    name: 'Terraform Arguments No Wrapper' 
+    name: 'Terraform Arguments No Wrapper'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform
       uses: ./
       with:
         terraform_wrapper: false
-    
+
     - name: Check No Arguments
       run: terraform || exit 0
-    
+
     - name: Check Single Argument
       run: terraform help || exit 0
-    
+
     - name: Check Single Argument Hyphen
       run: terraform -help
-    
+
     - name: Check Single Argument Double Hyphen
       run: terraform --help
-    
+
     - name: Check Single Argument Subcommand
       run: terraform fmt -check
 
     - name: Check Multiple Arguments Subcommand
       run: terraform fmt -check -list=true -no-color
-  
+
   terraform-run-local:
-    name: 'Terraform Run Local' 
+    name: 'Terraform Run Local'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     defaults:
       run:
+        shell: bash
         working-directory: ./.github/workflows/data/local
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform
       uses: ./
-    
-    - name: Terraform Init 
-      shell: bash
-      run: terraform init
-    
-    - name: Terraform Format 
-      shell: bash
-      run: terraform fmt -check
-    
-    - name: Terraform Plan 
-      id: plan
-      shell: bash
-      run: terraform plan 
 
-    - name: Print Terraform Plan 
-      shell: bash
+    - name: Terraform Init
+      run: terraform init
+
+    - name: Terraform Format
+      run: terraform fmt -check
+
+    - name: Terraform Plan
+      id: plan
+      run: terraform plan
+
+    - name: Print Terraform Plan
       run: echo "${{ steps.plan.outputs.stdout }}"
-  
+
   terraform-run-local-no-wrapper:
-    name: 'Terraform Run Local No Wrapper' 
+    name: 'Terraform Run Local No Wrapper'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     defaults:
       run:
+        shell: bash
         working-directory: ./.github/workflows/data/local
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Setup Terraform
       uses: ./
       with:
         terraform_wrapper: false
-    
-    - name: Terraform Init 
-      shell: bash
+
+    - name: Terraform Init
       run: terraform init
-    
-    - name: Terraform Format 
-      shell: bash
+
+    - name: Terraform Format
       run: terraform fmt -check
-    
-    - name: Terraform Plan 
+
+    - name: Terraform Plan
       id: plan
-      shell: bash
-      run: terraform plan 
+      run: terraform plan
+
+  terraform-stdout-wrapper:
+    name: 'Terraform STDOUT'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./.github/workflows/data/local
+    steps:
+    - name: Checkout
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+    - name: Setup Terraform
+      uses: ./
+      with:
+        terraform_wrapper: true
+
+    - name: Terraform Init
+      run: terraform init
+
+    - name: Terraform Format
+      run: terraform fmt -check
+
+    - name: Terraform Apply
+      id: apply
+      run: terraform apply -auto-approve
+
+    - name: Terraform Output to JQ
+      id: output
+      run: terraform output -json | jq '.pet.value'
+
+  terraform-stdout-no-wrapper:
+    name: 'Terraform STDOUT No Wrapper'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./.github/workflows/data/local
+    steps:
+    - name: Checkout
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+    - name: Setup Terraform
+      uses: ./
+      with:
+        terraform_wrapper: false
+
+    - name: Terraform Init
+      run: terraform init
+
+    - name: Terraform Format
+      run: terraform fmt -check
+
+    - name: Terraform Apply
+      id: apply
+      run: terraform apply -auto-approve
+
+    - name: Terraform Output to JQ
+      id: output
+      run: terraform output -json | jq '.pet.value'
+
+  # This test has an artificial delay for testing the streaming of STDOUT 
+  terraform-wrapper-delayed-apply:
+    name: 'Terraform Delayed Apply'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./.github/workflows/data/delay
+    steps:
+    - name: Checkout
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+    - name: Setup Terraform
+      uses: ./
+      with:
+        terraform_wrapper: true
+
+    - name: Terraform Init
+      run: terraform init
+
+    - name: Terraform Format
+      run: terraform fmt -check
+
+    - name: Terraform Apply
+      id: apply
+      run: terraform apply -auto-approve

.gitignore

@@ -66,3 +66,7 @@ typings/
 
 # ./wrapper/dist gets included in top-level ./dist
 wrapper/dist
+
+# Jetbrains IDEs
+.idea/
+.iml

CHANGELOG.md

@@ -0,0 +1,198 @@
+## 3.1.2 (2024-08-19)
+
+NOTES:
+
+* This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. ([#430](https://github.com/hashicorp/setup-terraform/issues/430))
+
+## 3.1.1 (2024-05-07)
+
+BUG FIXES:
+
+* wrapper: Fix wrapper to output to stdout and stderr immediately when data is received ([#395](https://github.com/hashicorp/setup-terraform/issues/395))
+
+## 3.1.0 (2024-04-23)
+
+ENHANCEMENTS:
+
+* Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available ([#409](https://github.com/hashicorp/setup-terraform/issues/409))
+
+## 3.0.0 (2023-10-30)
+
+NOTES:
+
+* Updated default runtime to node20 ([#346](https://github.com/hashicorp/setup-terraform/issues/346))
+* The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with `v3.0.0`, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. ([#367](https://github.com/hashicorp/setup-terraform/issues/367))
+
+BUG FIXES:
+
+* Fixed malformed stdout when wrapper is enabled ([#367](https://github.com/hashicorp/setup-terraform/issues/367))
+
+# [2.0.3] (2022-11-01)
+
+### NOTES
+
+* Reduced occurrences of GitHub Actions warnings for setting output [#247](https://github.com/hashicorp/setup-terraform/pull/247)
+
+# [2.0.2] (2022-10-12)
+
+### BUG FIXES
+
+* Update 2.0.1 release metadata by @jpogran in https://github.com/hashicorp/setup-terraform/pull/253
+* `README.md` updates - direct links to license and code of conduct, updated GitHub documents link by @magnetikonline in https://github.com/hashicorp/setup-terraform/pull/244
+
+### INTERNAL
+
+* Bump jest from 29.0.3 to 29.1.2 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/248
+
+# [2.0.1] (2022-10-12)
+
+### ENHANCEMENTS
+
+* Do not fail when theres an exit-code 2 by @dannyibishev in https://github.com/hashicorp/setup-terraform/pull/125
+* Updated README to reflect GitHub limitations by @rnsc in https://github.com/hashicorp/setup-terraform/pull/205
+
+### BUG FIXES
+
+* Fix terraform extract by @cpc-camarj in https://github.com/hashicorp/setup-terraform/pull/187
+* Add new-style readme build badges, bump `actions/checkout` in `README.md` examples by @magnetikonline in https://github.com/hashicorp/setup-terraform/pull/188
+* Fixed `master` to `main` workflow branch triggers by @magnetikonline in https://github.com/hashicorp/setup-terraform/pull/216
+* Fix the example of how to comment on pull request. by @acarmel in https://github.com/hashicorp/setup-terraform/pull/220
+
+### INTERNAL
+
+* Bump @actions/core from 1.6.0 to 1.7.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/185
+* Bump @vercel/ncc from 0.33.3 to 0.33.4 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/182
+* Bump jest from 27.5.1 to 28.0.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/184
+* Bump jest from 28.0.0 to 28.0.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/190
+* Bump husky from 7.0.4 to 8.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/193
+* Bump jest from 28.0.3 to 28.1.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/194
+* Bump @actions/github from 5.0.1 to 5.0.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/201
+* Bump @actions/core from 1.7.0 to 1.8.2 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/200
+* Bump @actions/tool-cache from 1.7.2 to 2.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/199
+* TF DevEx: repo adoption by @detro in https://github.com/hashicorp/setup-terraform/pull/204
+* Bump nock from 13.2.4 to 13.2.6 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/212
+* Bump @vercel/ncc from 0.33.4 to 0.34.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/210
+* Bump jest from 28.1.0 to 28.1.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/215
+* Bump nock from 13.2.6 to 13.2.7 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/217
+* Bump jest from 28.1.1 to 28.1.2 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/221
+* Bump jest from 28.1.2 to 28.1.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/224
+* Bump nock from 13.2.7 to 13.2.9 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/225
+* Bump leonsteinhaeuser/project-beta-automations from 1.2.1 to 1.3.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/233
+* Bump leonsteinhaeuser/project-beta-automations from 1.3.0 to 2.0.0 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/243
+* Bump jest from 28.1.3 to 29.0.3 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/242
+* Bump @hashicorp/js-releases from 1.5.1 to 1.6.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/226
+* Bump @actions/core from 1.8.2 to 1.9.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/235
+* Bump @actions/core from 1.6.0 to 1.9.1 in /wrapper by @dependabot in https://github.com/hashicorp/setup-terraform/pull/236
+* Bump @actions/github from 5.0.3 to 5.1.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/249
+* Bump leonsteinhaeuser/project-beta-automations from 2.0.0 to 2.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/250
+
+# [2.0.0] (2022-04-18)
+
+BREAKING CHANGES:
+
+* Support Actions Runners v2.285.0 or later by upgrading to Nodejs v16 runtime by @chenrui333 in https://github.com/hashicorp/setup-terraform/pull/170
+
+NOTES:
+
+* docs: Update existing PR comments example by @tobiasbueschel in https://github.com/hashicorp/setup-terraform/pull/178
+* Update Terraform versions and usage in README examples by @ksatirli in https://github.com/hashicorp/setup-terraform/pull/176
+* Update grammar in README.md by @dustindortch in https://github.com/hashicorp/setup-terraform/pull/180
+
+INTERNAL:
+
+* Bump @actions/github from 5.0.0 to 5.0.1 by @dependabot in https://github.com/hashicorp/setup-terraform/pull/177
+* dependabot: track github-actions dependency changes by @chenrui333 in https://github.com/hashicorp/setup-terraform/pull/179
+
+# [1.4.0] (2022-04-04)
+
+NOTES:
+
+ - Update readme using github-script@v5 by @krrrr38 in ([#135](https://github.com/hashicorp/setup-terraform/pull/135))
+ - Update actions/github-script to v6 in README by @shouichi in ([#148](https://github.com/hashicorp/setup-terraform/pull/148))
+
+ENHANCEMENTS:
+
+ - Improve output for PR comment by @skpy in ([#129](https://github.com/hashicorp/setup-terraform/pull/129))
+ - Allow proxy values to be set by @rabun788 in ([#147](https://github.com/hashicorp/setup-terraform/pull/147))
+
+INTERNAL:
+
+ - Allow dependabot to check node modules by @jlosito in ([#87](https://github.com/hashicorp/setup-terraform/pull/87))
+ - Update js-releases to v1.4.0 by @aeschright in ([#111](https://github.com/hashicorp/setup-terraform/pull/111))
+ - Updates Readme by @ndrone-kr in ([#86](https://github.com/hashicorp/setup-terraform/pull/86))
+ - Update husky to v6.0 by @aeschright in ([#113](https://github.com/hashicorp/setup-terraform/pull/113))
+ - Bump development dependencies by @jpogran in ([#153](https://github.com/hashicorp/setup-terraform/pull/153))
+ - Bump node-fetch from 2.6.1 to 2.6.7 by @dependabot in ([#154](https://github.com/hashicorp/setup-terraform/pull/154))
+ - Bump @actions/github from 4.0.0 to 5.0.0 by @dependabot in ([#114](https://github.com/hashicorp/setup-terraform/pull/114))
+ - Bump @actions/io from 1.1.0 to 1.1.1 by @dependabot in ([#156](https://github.com/hashicorp/setup-terraform/pull/156))
+ - Bump @actions/core from 1.2.7 to 1.6.0 by @dependabot in ([#158](https://github.com/hashicorp/setup-terraform/pull/158))
+ - Bump @actions/tool-cache from 1.6.1 to 1.7.1 by @dependabot in ([#159](https://github.com/hashicorp/setup-terraform/pull/159))
+ - Bump @actions/core from 1.2.7 to 1.6.0 by @jpogran in ([#160](https://github.com/hashicorp/setup-terraform/pull/160))
+ - Bump @actions/exec from 1.0.4 to 1.1.0 by @jpogran in ([#161](https://github.com/hashicorp/setup-terraform/pull/161))
+ - Bump @actions/io from 1.1.0 to 1.1.1 by @jpogran in ([#162](https://github.com/hashicorp/setup-terraform/pull/162))
+ - Bump @hashicorp/js-releases from 1.5.0 to 1.5.1 by @dependabot in ([#166](https://github.com/hashicorp/setup-terraform/pull/166))
+ - Bump minimist from 1.2.5 to 1.2.6 by @dependabot in ([#168](https://github.com/hashicorp/setup-terraform/pull/168))
+ - Bump @actions/tool-cache from 1.7.1 to 1.7.2 by @dependabot in ([#164](https://github.com/hashicorp/setup-terraform/pull/164))
+ - Bump @actions/io from 1.1.1 to 1.1.2 by @dependabot in ([#165](https://github.com/hashicorp/setup-terraform/pull/165))
+ - Bump minimist from 1.2.5 to 1.2.6 in /wrapper by @dependabot in ([#169](https://github.com/hashicorp/setup-terraform/pull/169))
+ - Add GitHub automatic release by @jpogran in ([#173](https://github.com/hashicorp/setup-terraform/pull/173))
+
+# [1.3.2] (2020-12-09)
+
+ENHANCEMENTS:
+
+ - Update js-releases to fix missing dep in bundle ([#78](https://github.com/hashicorp/setup-terraform/pull/78))
+
+# [1.3.1] (2020-12-08)
+
+BUG FIXES:
+
+ - Fix build dependency ([#76](https://github.com/hashicorp/setup-terraform/pull/76))
+
+# [1.3.0] (2020-12-08)
+
+ENHANCEMENTS:
+
+ - Use `@hashicorp/js-releases` package to identify and download the specified version of Terraform. This will ensure that our tooling is consistent in how it works with the releases API, especially when handling pre-releases. ([#70](https://github.com/hashicorp/setup-terraform/pull/70), [#73](https://github.com/hashicorp/setup-terraform/pull/73))
+
+# [1.2.1] (2020-10-30)
+
+INTERNAL:
+
+ - Update dependencies to resolve CVE-2020-15228 ([#63](https://github.com/hashicorp/setup-terraform/pull/63))
+
+# [1.2.0]
+
+ENHANCEMENTS:
+
+ - Allow `terraform_version` to take a version constraint. ([#38](https://github.com/hashicorp/setup-terraform/pull/38))
+
+# [1.1.0]
+
+ENHANCEMENTS:
+
+ - Ignore pre-release versions when `terraform_version` is set to `latest`. ([#19](https://github.com/hashicorp/setup-terraform/pull/19))
+
+# [1.0.1]
+
+INTERNAL:
+
+ - Bump @actions/http-client from 1.0.6 to 1.0.8. ([#1](https://github.com/hashicorp/setup-terraform/pull/1))
+
+# [1.0.0]
+
+ - Initial release.
+
+<!-- Links to tag comparisons -->
+[Unreleased]: https://github.com/hashicorp/setup-terraform/compare/v2.0.2...main
+[2.0.2]: https://github.com/hashicorp/setup-terraform/compare/v2.0.1...v2.0.2
+[2.0.1]: https://github.com/hashicorp/setup-terraform/compare/v2.0.0...v2.0.1
+[2.0.0]: https://github.com/hashicorp/setup-terraform/compare/v1.4.0...v2.0.0
+[1.4.0]: https://github.com/hashicorp/setup-terraform/compare/v1.3.2...v1.4.0
+[1.3.2]: https://github.com/hashicorp/setup-terraform/compare/v1.3.1...v1.3.2
+[1.3.1]: https://github.com/hashicorp/setup-terraform/compare/v1.3.0...v1.3.1
+[1.3.0]: https://github.com/hashicorp/setup-terraform/compare/v1.2.1...v1.3.0
+[1.2.1]: https://github.com/hashicorp/setup-terraform/compare/v1.2.0...v1.2.1
+[1.2.0]: https://github.com/hashicorp/setup-terraform/compare/v1.1.0...v1.2.0
+[1.1.0]: https://github.com/hashicorp/setup-terraform/compare/v1.0.1...v1.1.0
+[1.0.1]: https://github.com/hashicorp/setup-terraform/compare/v1.0.0...v1.0.1

LICENSE

@@ -1,3 +1,5 @@
+Copyright (c) 2020 HashiCorp, Inc.
+
 Mozilla Public License Version 2.0
 ==================================
 

META.d/_summary.yaml

@@ -0,0 +1,11 @@
+---
+schema: 1.1
+
+partition: tf-ecosystem
+category: github-action
+
+summary:
+  owner: team-tf-core-plugins
+  description: |
+    Sets up Terraform CLI in your GitHub Actions workflow.
+  visibility: public

META.d/data.yml

@@ -0,0 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+data_summary:
+  gdpr:
+    exempt: true

NOTICE

@@ -1,28 +0,0 @@
-# Notice
-
-This project includes code under the following license(s):
-
-```
-MIT License
-
-Copyright (c) 2020 GitHub, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
-```

README.md

@@ -1,70 +1,69 @@
 # setup-terraform
 
-<p align="left">
-  <a href="https://github.com/hashicorp/setup-terraform/actions"><img alt="Continuous Integration" src="https://github.com/hashicorp/setup-terraform/workflows/Continuous%20Integration/badge.svg" /></a>
-  <a href="https://github.com/hashicorp/setup-terraform/actions"><img alt="Setup Terraform" src="https://github.com/hashicorp/setup-terraform/workflows/Setup%20Terraform/badge.svg" /></a>
-</p>
+[![Continuous Integration](https://github.com/hashicorp/setup-terraform/actions/workflows/continuous-integration.yml/badge.svg)](https://github.com/hashicorp/setup-terraform/actions/workflows/continuous-integration.yml)
+[![Setup Terraform](https://github.com/hashicorp/setup-terraform/actions/workflows/setup-terraform.yml/badge.svg)](https://github.com/hashicorp/setup-terraform/actions/workflows/setup-terraform.yml)
 
-This action sets up Terraform CLI in your [GitHub Actions](https://github.com/features/actions) workflow by:
+The `hashicorp/setup-terraform` action is a JavaScript action that sets up Terraform CLI in your GitHub Actions workflow by:
 
 - Downloading a specific version of Terraform CLI and adding it to the `PATH`.
-- Configuring the Terraform CLI configuration file with a Terraform Cloud/Enterprise hostname and API token.
-- Optionally installing a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively.
+- Configuring the [Terraform CLI configuration file](https://www.terraform.io/docs/commands/cli-config.html) with a HCP Terraform/Terraform Enterprise hostname and API token.
+- Installing a wrapper script to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. (This can be optionally skipped if subsequent steps in the same job do not need to access the results of Terraform commands.)
+
+After you've used the action, subsequent steps in the same job can run arbitrary Terraform commands using [the GitHub Actions `run` syntax](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun). This allows most Terraform commands to work exactly like they do on your local command line.
 
 ## Usage
 
-This action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners. When running on `windows-latest` the shell should be set to Bash.
+This action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners. When running on `windows-latest` the shell should be set to Bash. When running on self-hosted GitHub Actions runners, NodeJS must be previously installed with the version specified in the [`action.yml`](https://github.com/hashicorp/setup-terraform/blob/main/action.yml).
 
-The default configuration installs the latest version of Terraform CLI and installs the wrapper to wrap subsequent calls to the `terraform` binary.
+The default configuration installs the latest version of Terraform CLI and installs the wrapper script to wrap subsequent calls to the `terraform` binary:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v1 
+- uses: hashicorp/setup-terraform@v3
 ```
 
-A specific version of Terraform CLI can be installed.
+A specific version of Terraform CLI can be installed:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v1 
+- uses: hashicorp/setup-terraform@v3
   with:
-    terraform_version: 0.12.24
+    terraform_version: "1.1.7"
 ```
 
-Credentials for Terraform Cloud (app.terraform.io) can be configured.
+Credentials for HCP Terraform ([app.terraform.io](https://app.terraform.io/)) can be configured:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v1 
+- uses: hashicorp/setup-terraform@v3
   with:
     cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 ```
 
-Credentials for Terraform Enterprise can be configured.
+Credentials for Terraform Enterprise (TFE) can be configured:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v1 
+- uses: hashicorp/setup-terraform@v3
   with:
     cli_config_credentials_hostname: 'terraform.example.com'
     cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 ```
 
-The wrapper installation can be skipped.
+The wrapper script installation can be skipped by setting the `terraform_wrapper` variable to `false`:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v1 
+- uses: hashicorp/setup-terraform@v3
   with:
     terraform_wrapper: false
 ```
 
-Subsequent steps can access outputs when the wrapper is installed.
-
+Subsequent steps can access outputs when the wrapper script is installed:
 
 ```yaml
 steps:
-- uses: hashicorp/setup-terraform@v1
+- uses: hashicorp/setup-terraform@v3
 
 - run: terraform init
 
@@ -76,58 +75,211 @@ steps:
 - run: echo ${{ steps.plan.outputs.exitcode }}
 ```
 
-The outputs can be used in subsequent steps to comment on the pull request:
+Outputs can be used in subsequent steps to comment on the pull request:
+
+> **Notice:** There's a limit to the number of characters inside a GitHub comment (65535).
+>
+> Due to that limitation, you might end up with a failed workflow run even if the plan succeeded.
+>
+> Another approach is to append your plan into the $GITHUB_STEP_SUMMARY environment variable which supports markdown.
 
 ```yaml
+defaults:
+  run:
+    working-directory: ${{ env.tf_actions_working_dir }}
+permissions:
+  pull-requests: write
 steps:
-- uses: hashicorp/setup-terraform@v1
+- uses: actions/checkout@v4
+- uses: hashicorp/setup-terraform@v3
 
-- run: terraform init
+- name: Terraform fmt
+  id: fmt
+  run: terraform fmt -check
+  continue-on-error: true
 
-- id: plan
-  run: terraform plan -no-color
+- name: Terraform Init
+  id: init
+  run: terraform init -input=false
 
-- uses: actions/github-script@0.9.0
+- name: Terraform Validate
+  id: validate
+  run: terraform validate -no-color
+
+- name: Terraform Plan
+  id: plan
+  run: terraform plan -no-color -input=false
+  continue-on-error: true
+
+- uses: actions/github-script@v7
   if: github.event_name == 'pull_request'
   env:
-    STDOUT: "```${{ steps.plan.outputs.stdout }}```"
+    PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
   with:
     github-token: ${{ secrets.GITHUB_TOKEN }}
     script: |
-      github.issues.createComment({
+      const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+      #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+      #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+      <details><summary>Validation Output</summary>
+
+      \`\`\`\n
+      ${{ steps.validate.outputs.stdout }}
+      \`\`\`
+
+      </details>
+
+      #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+      <details><summary>Show Plan</summary>
+
+      \`\`\`\n
+      ${process.env.PLAN}
+      \`\`\`
+
+      </details>
+
+      *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+      github.rest.issues.createComment({
         issue_number: context.issue.number,
         owner: context.repo.owner,
         repo: context.repo.repo,
-        body: process.env.STDOUT
+        body: output
       })
 ```
 
+Instead of creating a new comment each time, you can also update an existing one:
+
+```yaml
+defaults:
+  run:
+    working-directory: ${{ env.tf_actions_working_dir }}
+permissions:
+  pull-requests: write
+steps:
+- uses: actions/checkout@v4
+- uses: hashicorp/setup-terraform@v3
+
+- name: Terraform fmt
+  id: fmt
+  run: terraform fmt -check
+  continue-on-error: true
+
+- name: Terraform Init
+  id: init
+  run: terraform init -input=false
+
+- name: Terraform Validate
+  id: validate
+  run: terraform validate -no-color
+
+- name: Terraform Plan
+  id: plan
+  run: terraform plan -no-color -input=false
+  continue-on-error: true
+
+- uses: actions/github-script@v7
+  if: github.event_name == 'pull_request'
+  env:
+    PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+  with:
+    github-token: ${{ secrets.GITHUB_TOKEN }}
+    script: |
+      // 1. Retrieve existing bot comments for the PR
+      const { data: comments } = await github.rest.issues.listComments({
+        owner: context.repo.owner,
+        repo: context.repo.repo,
+        issue_number: context.issue.number,
+      })
+      const botComment = comments.find(comment => {
+        return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+      })
+
+      // 2. Prepare format of the comment
+      const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+      #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+      #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+      <details><summary>Validation Output</summary>
+
+      \`\`\`\n
+      ${{ steps.validate.outputs.stdout }}
+      \`\`\`
+
+      </details>
+
+      #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+      <details><summary>Show Plan</summary>
+
+      \`\`\`\n
+      ${process.env.PLAN}
+      \`\`\`
+
+      </details>
+
+      *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+      // 3. If we have a comment, update it, otherwise create a new one
+      if (botComment) {
+        github.rest.issues.updateComment({
+          owner: context.repo.owner,
+          repo: context.repo.repo,
+          comment_id: botComment.id,
+          body: output
+        })
+      } else {
+        github.rest.issues.createComment({
+          issue_number: context.issue.number,
+          owner: context.repo.owner,
+          repo: context.repo.repo,
+          body: output
+        })
+      }
+```
+
 ## Inputs
 
-The following inputs are supported.
+The action supports the following inputs:
 
-- `cli_config_credentials_hostname` - (optional) The hostname of a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file.
-
-- `cli_config_credentials_token` - (optional) The API token for a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file.
-
-- `terraform_version` - (optional) The version of Terraform CLI to install. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.
-
-- `terraform_wrapper` - (optional) Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`. 
+- `cli_config_credentials_hostname` - (optional) The hostname of a HCP Terraform/Terraform Enterprise instance to
+   place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.
+- `cli_config_credentials_token` - (optional) The API token for a HCP Terraform/Terraform Enterprise instance to
+   place within the credentials block of the Terraform CLI configuration file.
+- `terraform_version` - (optional) The version of Terraform CLI to install. Instead of a full version string,
+   you can also specify a constraint string (see [Semver Ranges](https://www.npmjs.com/package/semver#ranges)
+   for available range specifications). Examples are: `"<1.2.0"`, `"~1.1.0"`, `"1.1.7"` (all three installing
+   the latest available `1.1` version). Prerelease versions can be specified and a range will stay within the
+   given tag such as `beta` or `rc`. If no version is given, it will default to `latest`.
+- `terraform_wrapper` - (optional) Whether to install a wrapper to wrap subsequent calls of
+   the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs
+   named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.
 
 ## Outputs
 
-This action does not configure any outputs directly. However, when the `terraform_wrapper` input is set to `true`, the following outputs will be available for subsequent steps that call the `terraform` binary.
+This action does not configure any outputs directly. However, when you set the `terraform_wrapper` input
+to `true`, the following outputs are available for subsequent steps that call the `terraform` binary:
 
-- `stdout` - The STDOUT stream of the call to the `terraform` binary. 
-
-- `stderr` - The STDERR stream of the call to the `terraform` binary. 
-
-- `exitcode` - The exit code of the call to the `terraform` binary.. 
+- `stdout` - The STDOUT stream of the call to the `terraform` binary.
+- `stderr` - The STDERR stream of the call to the `terraform` binary.
+- `exitcode` - The exit code of the call to the `terraform` binary.
 
 ## License
 
-[Mozilla Public License v2.0](https://github.com/hashicorp/setup-terraform/blob/master/LICENSE)
+[Mozilla Public License v2.0](LICENSE)
 
 ## Code of Conduct
 
-[Code of Conduct](https://github.com/hashicorp/setup-terraform/blob/master/CODE_OF_CONDUCT.md)
+[Code of Conduct](CODE_OF_CONDUCT.md)
+
+## Experimental Status
+
+By using the software in this repository (the "Software"), you acknowledge that: (1) the Software is still in development, may change, and has not been released as a commercial product by HashiCorp and is not currently supported in any way by HashiCorp; (2) the Software is provided on an "as-is" basis, and may include bugs, errors, or other issues;  (3) the Software is NOT INTENDED FOR PRODUCTION USE, use of the Software may result in unexpected results, loss of data, or other unexpected results, and HashiCorp disclaims any and all liability resulting from use of the Software; and (4) HashiCorp reserves all rights to make all decisions about the features, functionality and commercial release (or non-release) of the Software, at any time and without any obligation or liability whatsoever.
+
+## Contributing
+
+### License Headers
+
+All source code files (excluding autogenerated files like `package.json`, prose, and files excluded in [.copywrite.hcl](.copywrite.hcl)) must have a license header at the top.
+
+This can be autogenerated by installing the HashiCorp [`copywrite`](https://github.com/hashicorp/copywrite#getting-started) tool and running `copywrite headers` in the root of the repository.

action.yml

@@ -3,14 +3,14 @@ description: 'Sets up Terraform CLI in your GitHub Actions workflow.'
 author: 'HashiCorp, Inc.'
 inputs:
   cli_config_credentials_hostname:
-    description: 'The hostname of a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file.'
+    description: 'The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.'
     default: 'app.terraform.io'
     required: false
   cli_config_credentials_token:
-    description: 'The API token for a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file.'
+    description: 'The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.'
     required: false
   terraform_version:
-    description: 'The version of Terraform CLI to install. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.'
+    description: 'The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.'
     default: 'latest'
     required: false
   terraform_wrapper:
@@ -18,7 +18,7 @@ inputs:
     default: 'true'
     required: false
 runs:
-  using: 'node12'
+  using: 'node20'
   main: 'dist/index.js'
 branding:
   icon: 'terminal'

index.js

@@ -1,3 +1,8 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
 const core = require('@actions/core');
 
 const setup = require('./lib/setup-terraform');

lib/setup-terraform.js

@@ -1,51 +1,19 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
 // Node.js core
 const fs = require('fs').promises;
 const os = require('os');
 const path = require('path');
+const semver = require('semver');
 
 // External
 const core = require('@actions/core');
 const tc = require('@actions/tool-cache');
 const io = require('@actions/io');
-const fetch = require('node-fetch');
-const semver = require('semver');
-
-// Find latest version given list of all available
-function findLatest (allVersions) {
-  core.debug('Parsing version list for latest version');
-
-  let latest = '0.0.0';
-
-  for (const version in allVersions.versions) {
-    // is "version" greater than "latest"
-    latest = semver.gt(version, latest) ? version : latest;
-  }
-
-  return allVersions.versions[latest];
-}
-
-// Find specific version given list of all available
-function findSpecific (allVersions, version) {
-  core.debug(`Parsing version list for version ${version}`);
-
-  const versionObj = allVersions.versions[version];
-
-  if (!versionObj) {
-    throw new Error(`Could not find Terraform version ${version} in version list`);
-  }
-
-  return versionObj;
-}
-
-async function downloadMetadata () {
-  core.debug('Downloading version metadata');
-
-  return fetch('https://releases.hashicorp.com/terraform/index.json')
-    .then(res => res.json())
-    .catch(err => {
-      core.setFailed(`Failed to fetch version metadata. ${err}`);
-    });
-}
+const releases = require('@hashicorp/js-releases');
 
 // arch in [arm, x32, x64...] (https://nodejs.org/api/os.html#os_os_arch)
 // return value in [amd64, 386, arm]
@@ -66,29 +34,23 @@ function mapOS (os) {
   return mappings[os] || os;
 }
 
-// Get build for an operating system and architecture
-function getBuild (versionObj, os, arch) {
-  core.debug(`Getting build for Terraform version ${versionObj.version}, os ${os}, and arch ${arch}`);
-
-  const buildObj = versionObj.builds.length &&
-    versionObj.builds.find(build =>
-      build.arch === mapArch(arch) &&
-        build.os === mapOS(os)
-    );
-
-  if (!buildObj) {
-    throw new Error(`Terraform version ${versionObj.version} not available for ${os} and ${arch}`);
-  }
-
-  return buildObj;
-}
-
 async function downloadCLI (url) {
   core.debug(`Downloading Terraform CLI from ${url}`);
   const pathToCLIZip = await tc.downloadTool(url);
 
+  let pathToCLI = '';
+
   core.debug('Extracting Terraform CLI zip file');
-  const pathToCLI = await tc.extractZip(pathToCLIZip);
+  if (os.platform().startsWith('win')) {
+    core.debug(`Terraform CLI Download Path is ${pathToCLIZip}`);
+    const fixedPathToCLIZip = `${pathToCLIZip}.zip`;
+    io.mv(pathToCLIZip, fixedPathToCLIZip);
+    core.debug(`Moved download to ${fixedPathToCLIZip}`);
+    pathToCLI = await tc.extractZip(fixedPathToCLIZip);
+  } else {
+    pathToCLI = await tc.extractZip(pathToCLIZip);
+  }
+
   core.debug(`Terraform CLI path is ${pathToCLI}.`);
 
   if (!pathToCLIZip || !pathToCLI) {
@@ -168,20 +130,29 @@ async function run () {
     const wrapper = core.getInput('terraform_wrapper') === 'true';
 
     // Gather OS details
-    const osPlat = os.platform();
+    const osPlatform = os.platform();
     const osArch = os.arch();
 
-    // Download metadata about all versions of Terraform CLI
-    const versionMetadata = await downloadMetadata();
+    core.debug(`Finding releases for Terraform version ${version}`);
+    const release = await releases.getRelease('terraform', version, 'GitHub Action: Setup Terraform');
+    const platform = mapOS(osPlatform);
+    let arch = mapArch(osArch);
 
-    // Find latest or a specific version like 0.1.0
-    const versionObj = version.toLowerCase() === 'latest' ? findLatest(versionMetadata) : findSpecific(versionMetadata, version);
+    // Terraform was not available for darwin/arm64 until 1.0.2, however macOS
+    // runners can emulate darwin/amd64.
+    if (platform === 'darwin' && arch === 'arm64' && semver.valid(release.version) && semver.lt(release.version, '1.0.2')) {
+      core.warning('Terraform is not available for darwin/arm64 until version 1.0.2. Falling back to darwin/amd64.');
+      arch = 'amd64';
+    }
 
-    // Get the build available for this runner's OS and a 64 bit architecture
-    const buildObj = getBuild(versionObj, osPlat, osArch);
+    core.debug(`Getting build for Terraform version ${release.version}: ${platform} ${arch}`);
+    const build = release.getBuild(platform, arch);
+    if (!build) {
+      throw new Error(`Terraform version ${version} not available for ${platform} and ${arch}`);
+    }
 
     // Download requested version
-    const pathToCLI = await downloadCLI(buildObj.url);
+    const pathToCLI = await downloadCLI(build.url);
 
     // Install our wrapper
     if (wrapper) {
@@ -193,11 +164,12 @@ async function run () {
 
     // Add credentials to file if they are provided
     if (credentialsHostname && credentialsToken) {
-      await addCredentials(credentialsHostname, credentialsToken, osPlat);
+      await addCredentials(credentialsHostname, credentialsToken, osPlatform);
     }
+    return release;
   } catch (error) {
     core.error(error);
-    throw new Error(error);
+    throw error;
   }
 }
 

package.json

@@ -1,47 +1,40 @@
 {
   "name": "setup-terraform",
-  "version": "1.0.0",
+  "version": "3.1.2",
   "description": "Setup Terraform CLI for GitHub Actions",
+  "license": "MPL-2.0",
+  "publisher": "hashicorp",
   "main": "index.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/hashicorp/setup-terraform.git"
+  },
   "scripts": {
-    "test": "cd wrapper && npm test && cd .. && semistandard --env jest && jest --coverage",
-    "lint": "cd wrapper && npm run lint && cd .. && semistandard --env jest --fix",
-    "build": "cd wrapper && npm run build && cd .. && ncc build index.js --out dist",
-    "postinstall": "cd wrapper && npm install"
+    "test": "semistandard --env jest && jest --coverage",
+    "lint": "semistandard --env jest --fix",
+    "build": "ncc build wrapper/terraform.js --out wrapper/dist && ncc build index.js --out dist",
+    "format-check": "echo \"unimplemented for actions/reusable-workflows basic-validation\""
   },
   "keywords": [],
   "author": "",
   "dependencies": {
-    "@actions/core": "^1.2.3",
-    "@actions/github": "^2.1.1",
-    "@actions/io": "^1.0.2",
-    "@actions/tool-cache": "^1.3.3",
-    "node-fetch": "^2.6.0",
-    "semver": "^7.1.3"
+    "@actions/core": "^1.11.1",
+    "@actions/exec": "^1.1.1",
+    "@actions/github": "^6.0.1",
+    "@actions/io": "^2.0.0",
+    "@actions/tool-cache": "^2.0.2",
+    "@hashicorp/js-releases": "^1.7.5",
+    "semver": "^7.7.3"
   },
   "devDependencies": {
-    "@zeit/ncc": "0.22.1",
-    "husky": "^4.2.3",
-    "jest": "^25.2.4",
-    "nock": "^12.0.3",
-    "semistandard": "^14.2.0"
-  },
-  "jest": {
-    "testPathIgnorePatterns": [
-      "<rootDir>/dist/",
-      "<rootDir>/node_modules/",
-      "<rootDir>/wrapper/"
-    ]
+    "@vercel/ncc": "^0.38.4",
+    "jest": "^30.2.0",
+    "nock": "^14.0.10",
+    "semistandard": "^17.0.0"
   },
   "semistandard": {
     "ignore": [
-      "dist/**",
-      "wrapper/**"
+      "**/dist/**"
     ]
-  },
-  "husky": {
-    "hooks": {
-      "pre-commit": "npm run build && git add dist/"
-    }
   }
 }

test/setup-terraform.test.js

@@ -1,3 +1,8 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
 // Mock external modules by default
 jest.mock('@actions/core');
 jest.mock('@actions/tool-cache');
@@ -68,11 +73,11 @@ describe('Setup Terraform', () => {
       .get('/terraform/index.json')
       .reply(200, json);
 
-    await setup();
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.1.1');
 
     // downloaded CLI has been added to path
     expect(core.addPath).toHaveBeenCalled();
-
     // expect credentials are in ${HOME}.terraformrc
     const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
     expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
@@ -94,6 +99,8 @@ describe('Setup Terraform', () => {
       .fn()
       .mockReturnValueOnce('file.zip');
 
+    io.mv = jest.fn();
+
     tc.extractZip = jest
       .fn()
       .mockReturnValueOnce('file');
@@ -110,7 +117,8 @@ describe('Setup Terraform', () => {
       .get('/terraform/index.json')
       .reply(200, json);
 
-    await setup();
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.1.1');
 
     // downloaded CLI has been added to path
     expect(core.addPath).toHaveBeenCalled();
@@ -152,7 +160,8 @@ describe('Setup Terraform', () => {
       .get('/terraform/index.json')
       .reply(200, json);
 
-    await setup();
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.10.0');
 
     // downloaded CLI has been added to path
     expect(core.addPath).toHaveBeenCalled();
@@ -163,6 +172,259 @@ describe('Setup Terraform', () => {
     expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
   });
 
+  test('gets latest version matching specification adds token and hostname on linux, amd64', async () => {
+    const version = '<0.10.0';
+    const credentialsHostname = 'app.terraform.io';
+    const credentialsToken = 'asdfjkl';
+
+    core.getInput = jest
+      .fn()
+      .mockReturnValueOnce(version)
+      .mockReturnValueOnce(credentialsHostname)
+      .mockReturnValueOnce(credentialsToken);
+
+    tc.downloadTool = jest
+      .fn()
+      .mockReturnValueOnce('file.zip');
+
+    tc.extractZip = jest
+      .fn()
+      .mockReturnValueOnce('file');
+
+    os.platform = jest
+      .fn()
+      .mockReturnValue('linux');
+
+    os.arch = jest
+      .fn()
+      .mockReturnValue('amd64');
+
+    nock('https://releases.hashicorp.com')
+      .get('/terraform/index.json')
+      .reply(200, json);
+
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.1.1');
+
+    // downloaded CLI has been added to path
+    expect(core.addPath).toHaveBeenCalled();
+
+    // expect credentials are in ${HOME}.terraformrc
+    const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
+    expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
+    expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
+  });
+
+  test('gets latest version matching tilde range patch', async () => {
+    const version = '~0.1.0';
+    const credentialsHostname = 'app.terraform.io';
+    const credentialsToken = 'asdfjkl';
+
+    core.getInput = jest
+      .fn()
+      .mockReturnValueOnce(version)
+      .mockReturnValueOnce(credentialsHostname)
+      .mockReturnValueOnce(credentialsToken);
+
+    tc.downloadTool = jest
+      .fn()
+      .mockReturnValueOnce('file.zip');
+
+    tc.extractZip = jest
+      .fn()
+      .mockReturnValueOnce('file');
+
+    os.platform = jest
+      .fn()
+      .mockReturnValue('linux');
+
+    os.arch = jest
+      .fn()
+      .mockReturnValue('amd64');
+
+    nock('https://releases.hashicorp.com')
+      .get('/terraform/index.json')
+      .reply(200, json);
+
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.1.1');
+
+    // downloaded CLI has been added to path
+    expect(core.addPath).toHaveBeenCalled();
+    // expect credentials are in ${HOME}.terraformrc
+    const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
+    expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
+    expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
+  });
+
+  test('gets latest version matching tilde range minor', async () => {
+    const version = '~0.1';
+    const credentialsHostname = 'app.terraform.io';
+    const credentialsToken = 'asdfjkl';
+
+    core.getInput = jest
+      .fn()
+      .mockReturnValueOnce(version)
+      .mockReturnValueOnce(credentialsHostname)
+      .mockReturnValueOnce(credentialsToken);
+
+    tc.downloadTool = jest
+      .fn()
+      .mockReturnValueOnce('file.zip');
+
+    tc.extractZip = jest
+      .fn()
+      .mockReturnValueOnce('file');
+
+    os.platform = jest
+      .fn()
+      .mockReturnValue('linux');
+
+    os.arch = jest
+      .fn()
+      .mockReturnValue('amd64');
+
+    nock('https://releases.hashicorp.com')
+      .get('/terraform/index.json')
+      .reply(200, json);
+
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.1.1');
+
+    // downloaded CLI has been added to path
+    expect(core.addPath).toHaveBeenCalled();
+    // expect credentials are in ${HOME}.terraformrc
+    const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
+    expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
+    expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
+  });
+
+  test('gets latest version matching tilde range minor', async () => {
+    const version = '~0';
+    const credentialsHostname = 'app.terraform.io';
+    const credentialsToken = 'asdfjkl';
+
+    core.getInput = jest
+      .fn()
+      .mockReturnValueOnce(version)
+      .mockReturnValueOnce(credentialsHostname)
+      .mockReturnValueOnce(credentialsToken);
+
+    tc.downloadTool = jest
+      .fn()
+      .mockReturnValueOnce('file.zip');
+
+    tc.extractZip = jest
+      .fn()
+      .mockReturnValueOnce('file');
+
+    os.platform = jest
+      .fn()
+      .mockReturnValue('linux');
+
+    os.arch = jest
+      .fn()
+      .mockReturnValue('amd64');
+
+    nock('https://releases.hashicorp.com')
+      .get('/terraform/index.json')
+      .reply(200, json);
+
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.10.0');
+
+    // downloaded CLI has been added to path
+    expect(core.addPath).toHaveBeenCalled();
+    // expect credentials are in ${HOME}.terraformrc
+    const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
+    expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
+    expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
+  });
+
+  test('gets latest version matching .X range ', async () => {
+    const version = '0.1.x';
+    const credentialsHostname = 'app.terraform.io';
+    const credentialsToken = 'asdfjkl';
+
+    core.getInput = jest
+      .fn()
+      .mockReturnValueOnce(version)
+      .mockReturnValueOnce(credentialsHostname)
+      .mockReturnValueOnce(credentialsToken);
+
+    tc.downloadTool = jest
+      .fn()
+      .mockReturnValueOnce('file.zip');
+
+    tc.extractZip = jest
+      .fn()
+      .mockReturnValueOnce('file');
+
+    os.platform = jest
+      .fn()
+      .mockReturnValue('linux');
+
+    os.arch = jest
+      .fn()
+      .mockReturnValue('amd64');
+
+    nock('https://releases.hashicorp.com')
+      .get('/terraform/index.json')
+      .reply(200, json);
+
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.1.1');
+
+    // downloaded CLI has been added to path
+    expect(core.addPath).toHaveBeenCalled();
+    // expect credentials are in ${HOME}.terraformrc
+    const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
+    expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
+    expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
+  });
+
+  test('gets latest version matching - range ', async () => {
+    const version = '0.1.0 - 0.1.1';
+    const credentialsHostname = 'app.terraform.io';
+    const credentialsToken = 'asdfjkl';
+
+    core.getInput = jest
+      .fn()
+      .mockReturnValueOnce(version)
+      .mockReturnValueOnce(credentialsHostname)
+      .mockReturnValueOnce(credentialsToken);
+
+    tc.downloadTool = jest
+      .fn()
+      .mockReturnValueOnce('file.zip');
+
+    tc.extractZip = jest
+      .fn()
+      .mockReturnValueOnce('file');
+
+    os.platform = jest
+      .fn()
+      .mockReturnValue('linux');
+
+    os.arch = jest
+      .fn()
+      .mockReturnValue('amd64');
+
+    nock('https://releases.hashicorp.com')
+      .get('/terraform/index.json')
+      .reply(200, json);
+
+    const versionObj = await setup();
+    expect(versionObj.version).toEqual('0.1.1');
+
+    // downloaded CLI has been added to path
+    expect(core.addPath).toHaveBeenCalled();
+    // expect credentials are in ${HOME}.terraformrc
+    const creds = await fs.readFile(`${process.env.HOME}/.terraformrc`, { encoding: 'utf8' });
+    expect(creds.indexOf(credentialsHostname)).toBeGreaterThan(-1);
+    expect(creds.indexOf(credentialsToken)).toBeGreaterThan(-1);
+  });
+
   test('fails when metadata cannot be downloaded', async () => {
     const version = 'latest';
     const credentialsHostname = 'app.terraform.io';

wrapper/lib/output-listener.js

@@ -1,3 +1,8 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
 /**
  * Acts as a listener for @actions/exec, by capturing STDOUT and STDERR
  * streams, and exposing them via a contents attribute.
@@ -15,13 +20,18 @@
  * console.log(listener.contents);
  */
 class OutputListener {
-  constructor () {
+  constructor (streamWriter) {
     this._buff = [];
+    this._streamWriter = streamWriter;
   }
 
   get listener () {
     const listen = function listen (data) {
       this._buff.push(data);
+
+      if (this._streamWriter) {
+        this._streamWriter.write(data);
+      }
     };
     return listen.bind(this);
   }

wrapper/lib/terraform-bin.js

@@ -1,3 +1,8 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
 const os = require('os');
 const path = require('path');
 

wrapper/package.json

@@ -1,27 +0,0 @@
-{
-  "name": "terraform.js",
-  "version": "0.0.0",
-  "description": "JavaScript wrapper for terraform binary",
-  "main": "terraform.js",
-  "scripts": {
-    "test": "semistandard --env jest && jest --coverage",
-    "lint": "semistandard --env jest --fix",
-    "build": "ncc build terraform.js --out dist"
-  },
-  "author": "",
-  "dependencies": {
-    "@actions/core": "^1.2.3",
-    "@actions/exec": "^1.0.3",
-    "@actions/io": "^1.0.2"
-  },
-  "devDependencies": {
-    "@zeit/ncc": "0.22.1",
-    "jest": "^25.4.0",
-    "semistandard": "^14.2.0"
-  },
-  "semistandard": {
-    "ignore": [
-      "dist/**"
-    ]
-  }
-}

wrapper/terraform.js

@@ -1,4 +1,9 @@
 #!/usr/bin/env node
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
 const io = require('@actions/io');
 const core = require('@actions/core');
 const { exec } = require('@actions/exec');
@@ -16,9 +21,9 @@ async function checkTerraform () {
   // This will fail if Terraform isn't found, which is what we want
   await checkTerraform();
 
-  // Create listeners to receive output (in memory) as well
-  const stdout = new OutputListener();
-  const stderr = new OutputListener();
+  // Create listeners to receive output (in memory)
+  const stdout = new OutputListener(process.stdout);
+  const stderr = new OutputListener(process.stderr);
   const listeners = {
     stdout: stdout.listener,
     stderr: stderr.listener
@@ -28,21 +33,24 @@ async function checkTerraform () {
   const args = process.argv.slice(2);
   const options = {
     listeners,
-    ignoreReturnCode: true
+    ignoreReturnCode: true,
+    silent: true // avoid printing command in stdout: https://github.com/actions/toolkit/issues/649
   };
   const exitCode = await exec(pathToCLI, args, options);
-  core.debug(`Terraform exited with code ${exitCode}.`);
-  core.debug(`stdout: ${stdout.contents}`);
-  core.debug(`stderr: ${stderr.contents}`);
-  core.debug(`exitcode: ${exitCode}`);
 
   // Set outputs, result, exitcode, and stderr
   core.setOutput('stdout', stdout.contents);
   core.setOutput('stderr', stderr.contents);
   core.setOutput('exitcode', exitCode.toString(10));
 
-  // A non-zero exitCode is considered an error
-  if (exitCode !== 0) {
-    core.setFailed(`Terraform exited with code ${exitCode}.`);
+  if (exitCode === 0 || exitCode === 2) {
+    // A exitCode of 0 is considered a success
+    // An exitCode of 2 may be returned when the '-detailed-exitcode' option
+    // is passed to plan. This denotes Success with non-empty
+    // diff (changes present).
+    return;
   }
+
+  // A non-zero exitCode is considered an error
+  core.setFailed(`Terraform exited with code ${exitCode}.`);
 })();

wrapper/test/output-listener.test.js

@@ -1,12 +1,36 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
 const OutputListener = require('../lib/output-listener');
 
 describe('output-listener', () => {
-  it('receives and exposes data', () => {
+  it('receives and buffers data to .contents', () => {
     const listener = new OutputListener();
     const listen = listener.listener;
+
     listen(Buffer.from('foo'));
     listen(Buffer.from('bar'));
     listen(Buffer.from('baz'));
+
     expect(listener.contents).toEqual('foobarbaz');
   });
+
+  it('receives and writes data to stream immediately', () => {
+    const mockWrite = jest.fn();
+    const listener = new OutputListener({ write: mockWrite });
+    const listen = listener.listener;
+
+    listen(Buffer.from('first write'));
+    expect(mockWrite.mock.lastCall[0]).toStrictEqual(Buffer.from('first write'));
+
+    listen(Buffer.from('second write'));
+    expect(mockWrite.mock.lastCall[0]).toStrictEqual(Buffer.from('second write'));
+
+    listen(Buffer.from('third write'));
+    expect(mockWrite.mock.lastCall[0]).toStrictEqual(Buffer.from('third write'));
+
+    expect(mockWrite).toHaveBeenCalledTimes(3);
+  });
 });