Terrapod is a free, open-source platform replacement for Terraform Enterprise. v0.25.1 is a patch release fixing two runner binary/artifact download failures reported from the field.
Bug Fixes
- Exact version pinning at run creation (#338) — a workspace version set without a patch number (e.g.
1.11) was passed to the runner verbatim. The runner's upstream binary fallback interpolates it into a release-artifact URL that requires a fully-qualifiedx.y.zand 404s otherwise, so any deployment whose binary cache wasn't serving was broken forx.yversions. The version is now resolved to an exactx.y.zand pinned on the run at creation (the workspace still stores the operator's intent —1.11tracks the latest1.11.x), so both the cache and upstream paths always receive a concrete version. - S3 presigned URLs pinned to SigV4 (#339) — the S3 client was created without a signature version; botocore's implicit default can emit a SigV2 presigned URL, which S3 rejects for any SSE-KMS-encrypted object and rejects outright in GovCloud / newer regions. The client now pins
signature_version=s3v4(universally backward-compatible). This unblocks binary-cache and configuration-archive downloads on KMS-encrypted buckets. - Surfaced silent runner download failures (#339) — the runner entrypoint masked storage errors (
curl -f, suppressed stderr, an unset HTTP-status variable, and a misleading "working directory not found" follow-on). Storage failures now log the real HTTP status and response body (e.g. the S3InvalidArgumentXML) so the actual cause is visible.
Status
Beta — both fixes carry regression tests (including an always-on offline SigV4 guard) and the runner artifact-download path was smoke-tested end-to-end on a live stack.
Full Changelog: v0.25.0...v0.25.1