github mattrobinsonsre/terrapod v0.53.0

7 hours ago

Terrapod is a free, open-source platform replacement for Terraform Enterprise. This release adds custom runner execution hooks — operator-defined shell steps that run at fixed points in a plan/apply — along with two operational hardening improvements.

Highlights

  • Execution hooks — a central library of reusable shell steps (pre_init, pre_plan, post_plan, pre_apply, post_apply) that an admin defines once and associates with specific workspaces. Hooks run inside the runner Job with the workspace's cloud identity; a non-zero exit fails the run, so post_plan/pre_apply hooks work as external gates (e.g. an out-of-band policy check before apply). Managed via the API, the terrapod_execution_hook provider resource, and Admin → Execution Hooks in the UI. Kill-switch: runners.hooksEnabled (default true), enforced authoritatively server-side. See docs/execution-hooks.md.
  • Autodiscovery hook templates — autodiscovery rules can attach execution hooks to every workspace they create, picked by name in the rule form (no ids to type).
  • platform:hook-admin capability — added to the platform capability vocabulary so the built-in admin capability set is complete.
  • Migration-smoke CI + schema-skew guard — a startup guard on /ready fails fast when the running app and the database schema are out of step, plus a CI job that smoke-tests migrations.

Bug Fixes

  • Execution hooks: post_plan hooks are now actually executed (they were accepted and delivered but never run); hook input validation hardened (non-numeric priority → 422, idempotent workspace association, 64 KiB script bound).
  • Registry: provider signature verification now honours GPG key revocation.

Status

Beta — the execution-hooks surface (API, SDK, provider, UI, docs) is complete and covered across the unit, services-API, and integration test tiers.

Full Changelog: v0.52.0...v0.53.0

Don't miss a new terrapod release

NewReleases is sending notifications on new releases.