Release v1.0.4

AWS Elastic Beanstalk Deploy Action v1.0.4

This release includes artifact attestations for supply chain security.

Security Features

• ✅ SLSA Build Provenance attached to key artifacts
• ✅ Artifact integrity verified with SHA256 checksums
• ✅ Build environment attestation included

Verification Methods

Using GitHub CLI (Recommended):

gh attestation verify dist/index.js --repo aws-actions/aws-elasticbeanstalk-deploy
gh attestation verify action.yml --repo aws-actions/aws-elasticbeanstalk-deploy

Using SHA256 checksums:

# Download the files and verify against the .sha256 files
sha256sum -c dist/index.js.sha256
sha256sum -c action.yml.sha256

See the CHANGELOG for detailed changes in this release.

What's Changed

• chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in #58
• Add custom user-agent to AWS API calls by @VarshaRagavendran in #59
• chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in #60
• chore(deps): bump brace-expansion by @dependabot[bot] in #61

Full Changelog: v1.0.3...v1.0.4

Release v1.0.3

AWS Elastic Beanstalk Deploy Action v1.0.3

This release includes artifact attestations for supply chain security.

Security Features

• ✅ SLSA Build Provenance attached to key artifacts
• ✅ Artifact integrity verified with SHA256 checksums
• ✅ Build environment attestation included

Verification Methods

Using GitHub CLI (Recommended):

gh attestation verify dist/index.js --repo aws-actions/aws-elasticbeanstalk-deploy
gh attestation verify action.yml --repo aws-actions/aws-elasticbeanstalk-deploy

Using SHA256 checksums:

# Download the files and verify against the .sha256 files
sha256sum -c dist/index.js.sha256
sha256sum -c action.yml.sha256

See the CHANGELOG for detailed changes in this release.

What's Changed

• chore(deps): bump undici from 6.23.0 to 7.24.2 by @dependabot[bot] in #54
• chore(deps): bump fast-xml-parser and @aws-sdk/xml-builder by @dependabot[bot] in #55
• chore(deps): bump fast-xml-parser from 5.3.8 to 5.5.7 by @dependabot[bot] in #56
• feat: add .ebignore support with .gitignore fallback by @VarshaRagavendran in #57

Full Changelog: v1.0.2...v1.0.3

Release v1.0.2

AWS Elastic Beanstalk Deploy Action v1.0.2

This release includes artifact attestations for supply chain security.

Security Features

• ✅ SLSA Build Provenance attached to key artifacts
• ✅ Artifact integrity verified with SHA256 checksums
• ✅ Build environment attestation included

Verification Methods

Using GitHub CLI (Recommended):

gh attestation verify dist/index.js --repo aws-actions/aws-elasticbeanstalk-deploy
gh attestation verify action.yml --repo aws-actions/aws-elasticbeanstalk-deploy

Using SHA256 checksums:

# Download the files and verify against the .sha256 files
sha256sum -c dist/index.js.sha256
sha256sum -c action.yml.sha256

See the CHANGELOG for detailed changes in this release.

What's Changed

• chore(deps): bump minimatch by @dependabot[bot] in #41
• fix: use GitHub App token in package workflow to bypass branch ruleset by @yuxiang-zhang in #43
• fix: skip package workflow when triggered by app bot push by @yuxiang-zhang in #45
• fix: type updateEnvironment commandParams with UpdateEnvironmentCommandInput by @shinmc in #47
• fix: resolve security alerts for GITHUB_TOKEN permissions and upgrade dependencies by @VarshaRagavendran in #48
• fix: add missing error handler on output write stream in createZipFile by @VarshaRagavendran in #50
• Add integration test workflow by @VarshaRagavendran in #51
• fix: enable integration tests for fork PRs by @VarshaRagavendran in #52
• feat: add source-directory input for mono-repo support by @shinmc in #46

New Contributors

• @dependabot[bot] made their first contribution in #41

Full Changelog: v1.0.1...v1.0.2

Release v1.0.1

AWS Elastic Beanstalk Deploy Action v1.0.1

This release includes artifact attestations for supply chain security.

Security Features

• ✅ SLSA Build Provenance attached to key artifacts
• ✅ Artifact integrity verified with SHA256 checksums
• ✅ Build environment attestation included

Verification Methods

Using GitHub CLI (Recommended):

gh attestation verify dist/index.js --repo aws-actions/aws-elasticbeanstalk-deploy
gh attestation verify action.yml --repo aws-actions/aws-elasticbeanstalk-deploy

Using SHA256 checksums:

# Download the files and verify against the .sha256 files
sha256sum -c dist/index.js.sha256
sha256sum -c action.yml.sha256

See the CHANGELOG for detailed changes in this release.

What's Changed

• Updated fast-xml-parser version by @VarshaRagavendran in #6
• Update CHANGELOG.md for version 1.0.0 release by @VarshaRagavendran in #19
• fix: add missing git user.email so the package workflow can commit dist/ by @shinmc in #20
• fix: support GovCloud regions in AWS region validation by @shinmc in #7
• Updated package.yml workflow to create PR if there are dist/ changes to be committed to main by @VarshaRagavendran in #26
• Updated package.yml to diff against main by @VarshaRagavendran in #27
• Update package.yml to skip commit if already committed prior by @VarshaRagavendran in #28
• chore: remove dead bucketExists variable in createS3Bucket by @shinmc in #12
• (chore) Update dist by @github-actions[bot] in #29
• fix: stream S3 upload instead of loading entire file into memory by @shinmc in #8
• chore: remove unused @aws-sdk/client-iam dependency by @shinmc in #24
• fix: rethrow real API errors from environmentExists instead of silently returning false by @shinmc in #22
• Delete dist/tests directory by @VarshaRagavendran in #31
• (chore) Update dist by @github-actions[bot] in #30
• fix: trim and normalize deployment-package-path input by @shinmc in #25
• docs: clarify deployment-timeout applies per wait phase, not total by @shinmc in #16
• fix: exclude test files from tsconfig to prevent .d.ts leak into dist by @yuxiang-zhang in #33
• (chore) Update dist by @github-actions[bot] in #32
• fix: replace GetBucketAcl ownership check with HeadBucket + ExpectedBucketOwner by @shinmc in #9
• (chore) Update dist by @github-actions[bot] in #34
• fix: align max-retries code default with action.yml and README by @shinmc in #10
• fix: make max-retries mean retries, not total attempts by @shinmc in #23
• fix: remove hardcoded CNAMEPrefix; add optional cname-prefix input by @shinmc in #21
• chore: security hardening for workflows, examples, and .gitignore by @shinmc in #38
• (chore) Update dist by @github-actions[bot] in #39
• chore: remove unused @actions/github; move @actions/exec to devDependencies by @shinmc in #13

New Contributors

• @shinmc made their first contribution in #20
• @github-actions[bot] made their first contribution in #29
• @yuxiang-zhang made their first contribution in #33

Full Changelog: v1.0.0...v1.0.1

Release v1.0.0

AWS Elastic Beanstalk Deploy Action v1.0.0

This release includes artifact attestations for supply chain security.

Security Features

• ✅ SLSA Build Provenance attached to key artifacts
• ✅ Artifact integrity verified with SHA256 checksums
• ✅ Build environment attestation included

Verification Methods

Using GitHub CLI (Recommended):

gh attestation verify dist/index.js --repo aws-actions/aws-elasticbeanstalk-deploy
gh attestation verify action.yml --repo aws-actions/aws-elasticbeanstalk-deploy

Using SHA256 checksums:

# Download the files and verify against the .sha256 files
sha256sum -c dist/index.js.sha256
sha256sum -c action.yml.sha256

See the CHANGELOG for detailed changes in this release.

What's Changed

• Initial implementation of AWS Elastic Beanstalk Deploy Action by @VarshaRagavendran in #1
• Updated README.md by @VarshaRagavendran in #3
• Updates to error handling and validation logic by @VarshaRagavendran in #4

New Contributors

• @VarshaRagavendran made their first contribution in #1

Full Changelog: https://github.com/aws-actions/aws-elasticbeanstalk-deploy/commits/v1.0.0