Information about upcoming changes, recent releases, new features, and bug fixes.
Below are specific features and bug fixes for past releases.
- Fixed a bug where run quotas were not being applied correctly for runs created by incoming webhook.
- Fixed a bug where the job page would not load in some cases.
- Fixed a minor issue in rich text editor display.
- Jobs have a new trigger type called “incoming webhook”. Incoming webhook jobs can be easily triggered from external systems that fire webhook events. Variables can be arbitrarily transformed from the input request using an expression.
- CentOS 7 containers can no longer be created from the application.
- Some bug fixes and QoL improvements.
Runner Agent v1.88.x
- CentOS 7 container runners are now considered deprecated and will no longer recieve updates. They will remain in the app for some time, but users are encouraged to change their runners to use CentOS 8 virtual machines.
- Added hard isolation technology to expression evaluation. Evaluation of expressions is now sandboxed, which provides an extra layer of security. Note that this does not prevent execution of arbitrary code in your pipelines (in fact, that’s a feature!). Rather, it ensures that expressions can never escape into the runner process environment, and also places limits on CPU and memory consumption during expression evaluation.
- The runner agent distributable has changed to a tarball (.tgz) and now contains multiple installation files. Installation documentation has been updated to reflect this change.
- Fixed a bug where the delete project button was not showing up in the app.
- Improved the horizontal scrolling behavior of the run event viewer on the run page.
- Routine security updates.
- Added a “summary” field to pipelines. The summary is now displayed in pipeline cards by default. The “description” field now accepts Markdown syntax, and the description is rendered as rich text on the pipeline page. This is like a “README” file and is helpful for adding more detailed documentation for a pipeline.
- Improved the UI of the run page. Run events can now be collapsed.
- Added a “default” option to pipeline variables. When this option is true, the pipeline variable value will be used by default when creating runs if a value is not provided. This feature allows users to provide default values for visible variables. Previously only hidden variables could be used as defaults.
- Pipeline variable values can now be omitted when saving a pipeline revision, even if the variable is required. The values will now only be required at run time.
- Various improvements to API behavior when providing variables to pipelines, jobs, and runs. See below for more info.
- Various other UI improvements.
Runner Agent v1.87.x
- Fixed a bug where npm packages installed with
npm install -g were not being found by the Node.js step module.
- Fixed a bug where project variables were overriding pipeline variables with the same key when evaluating step variables for pipeline includes. The precedence is now reversed.
- For VM runners, the
docker service is now enabled by default.
Upcoming Changes to Pipeline Variables, 12/31/20
In order smooth over some API behavior, and to pave the way for upgrades to Refactr’s variables system, we are making some changes to API and runner behavior that may be breaking for some users.
- Currently, project variables are overriding pipeline variables for included pipelines when the variables have the same key. This is incorrect behavior, and it will be corrected in this update by reversing the precedence (pipeline variables will take precedence over project variables with the same key when evaluating pipeline step include variables). To check whether this might be a change in behavior for your pipelines, look for project-level variables with the same keys as as pipeline variables (including those created by the “Set Variables” step module), and check if those are also being used in the step variables for an included pipeline.
- It’s currently possible to create pipeline runs using the API by omitting variables entirely, even if there is at least one required pipeline variable. This defers the full validation to the runner agent, which will always reject these cases. In this update, API requests to create runs (pipeline and job) without variables in the request body when at least one variable is required will be rejected with a 400 status code. Because these cases would currently fail, it’s unlikely this change will affect many users.
- It’s currently possible to provide a value at run time for a hidden pipeline variable when using the API. While the value will always be overridden by the hidden value, the API request will pass validation. This behavior is changing so that providing a value at run time for a hidden variable will fail with a 400 status code.
- Currently, when creating pipelines, variables marked as required must have a value provided. This behavior is changing so that a value is only required when the variable is marked as both hidden and required.
- A new “default” option will be added to pipeline variables, which will specify whether the value specified in the pipeline variables will be used by default if a value is not provided at run time. This is a backwards compatible change.
These changes are expected to take effect on 12/31/20 at midnight PST.
- Fixed a rare bug in the pipeline designer that could break the page.
- Added an
env.* context variable to expressions which contains the “virtual” environment variables used by pipeline steps.
- Improved the error message displayed when a project has no runners assigned and a pipeline is run.
- Added a feature for guest users to leave an organization.
- Added Vault AppRole credential type.
- Added Java installer step module.
- Added Bridgecrew Checkov and Checkov installer step modules.
- Renamed “Bearer Token” credential type to “API Token”. The old “Bearer Token” (
bearer_token) has been deprecated and will be removed in a future release.
- Fixed a bug in calculation of subscription credits in certain cases.
- Switch to credit-based subscriptions. Organization administrators can now configure subscription credit allocation to runner, user, and project counts.
- Updated the navigation bar to match the Refactr color scheme.
- Improved release rollout behavior, which should largely eliminate downtime during updates to the cloud-hosted platform. Expected downtime going forward will mostly be limited to planned maintenance windows.
- Fixed a bug where self-hosted runners would not transition to Stopped state after going offline.
- Fixed a bug where some form fields were not displaying values correctly.
Runner Agent v1.82.6
- Added a LOG_LEVEL option to configuration file. Options are info, debug, warn, error.
- Added global tool installer step modules for all supported tools, plus a few additional tools including the AWS CLI and HashiCorp Vault CLI (a dedicated Vault CLI step module is coming soon!).
- Add an “unsaved changes” dialog when the step sidebar is closed in the builder and there are unsaved changes.
- Improved the display of step names in builder steps.
- Pipeline include steps in the builder now display an icon.
- Users are now navigated to the job page after creating a job.
- Fixed a bug preventing installation of custom kubectl versions from the kubectl step module.
- Fixed a bug where some variable combinations would cause errors in the agent.
v72-v73, 10-20-20 - 11-3-20
- Internal infrastructure upgrades.
- Removed personal accounts (see below).
- Internal infrastructure upgrades.
Personal Account Migration, 10/21/20
Currently, the Refactr Platform offers “personal” accounts, which have limited features, and are only accessible by a single user. This functionality is being replaced by “community” plans which, while still free, will require that all users be associated with a named organization.
On 10/11/20, we will be migrating all users to be associated with a single “primary” organization. All personal projects will also be moved into the primary organization assigned to each user.
- Personal projects, and all data within them, including pipelines, variables, jobs, and credentials, will become owned by your organization.
- Organization administrators will be able to view, modify, and delete all of your personal account data.
- A temporary group will be created in organizations for each personal account migrated, granting each user access to their migrated personal projects.
- All pending organization and project invites will be revoked, and will need to be resent.
- If you’re not sure which organization will become your primary organization, please contact us at firstname.lastname@example.org
- Internal infrastructure upgrades.
- More info is displayed in the UI about the Authy app for 2FA authentication.
- Fixed a minor bug in Authy push notification messages.
- Improved responsive layout behavior for desktop screens.
- Added a function-style syntax for retrieving credentials,
credential('my_cred_id'). Equivalent to the filter style,
'my_cred_id' | credential.
- Added several expression test functions for checking the state of local files and directories.
- Fixed a bug where template expressions were being coerced to strings in some cases.
- Minor UI improvements
- Some SDK improvements (CLI, Node.js API client)
- Minor UI improvements
- Reduced minimum job scheduler interval to 1 minute.
- Added a feature to enable/disable the automatic disabling of jobs when scheduled runs fail.
- Minor UI improvements
- Fixed a bug where some run events would have duplicates in the run log.
- Further improvements to API error response behavior.
- Updated login page design.
- Added password reset feature from the login page.
- Pipeline builder sidebars now remember their last position.
- Other minor UI improvements.
- Application performance improvements.
- Login emails are now case-insensitive.
- Improved logo display in the Authy app on mobile devices.
- Improved the project chooser page with organization filter and New Project button.
- Added close buttons to pipeline builder sidebars.
- Users are now granted individual access to projects they create, unless they’re in the Administrators group.
- Personal project invites have been disabled.
- Other minor UX improvements and bug fixes.
- Beta release of virtual machine hosted runners. Visit the Runners page and open the New Runner dialog to create a virtual machine runner.
- Project quotas are now enforced on creation
- Fixed a bug in the kubectl module where the
dry_run option was being treated as a boolean
steps.<id> syntax to pipeline expressions. This is a more compact alternative to
- Improved run event secret replacer algorithm. Now splits secret values on newlines and treats each line as an individual secret.
- Some minor UI fixes.
- Increased default maximum run queue size to 100
- Improved API error handling and error responses. Added JSON response data for several common API errors.
- Some minor UI cleanups
- Fixed a UI bug that was causing flashing on initial page load
- Some minor UI cleanups
- Improve application Content Security Policy headers; other application behavior tweaks
- Application performance improvements
- Some minor UI fixes
- Added Credential step module.
- Added more options to the runner config file for controlling log file behavior. Now supports various types of rolling logs.
- Improvements to secret field UI, for example in variable forms for SecureString variables.
- New pipeline icon.
- Improved step module names, labels, and icons.
- Minor bug fixes and performance improvements.
- Improved pipeline validation. The YAML editor in the builder now gives more detailed validation error messages.
- User is now routed to the pipeline builder after creating a new pipeline.
- Added user to pipeline revision history on pipeline details page.
- The step sidebar in the pipeline builder now displays detailed validation error messages in a tooltip.
- The HTTP Request step module now defaults to
https:// if no protocol is specified in the URL. Also improved error messages when an invalid URL is provided.
- Added Go Executor step module.
- Minor bug fixes.
- Added three output suppression options to jobs and runs. These are
suppress_events. With all three options enabled, no run data will be sent to the Refactr application from the runner, and variables associated with the run are not saved.
- Other minor improvements.
- Ansible playbook content and file path are now exclusive; provide one or the other but not both. Only applies to direct YAML edits.
- Git checkout step module destination path is now optional, and defaults to the run directory
- After cloning a pipeline, the user is now redirected to the appropriate pipeline list page.
- All API endpoints for running pipelines now include additional JSON response fields.
- Hidden run variables are no longer displayed on the run page in the Variables dialog.
- Added tooltips in a few places.
- Fixed a bug where authentication sessions could sometimes be lost without being redirected to the login page.
- Performance improvements. In particular, initial page load time has been improved significantly.
- Beta release of self-hosted runners. Users on organization plans can now create new runners from the organization settings page. See the user guide for more information.
- Added a few secondary tools to cloud-hosted runner image, including
jq CLI tool.
- Now enforcing stricter validation on JSON and YAML inputs. In most fields in the application, YAML must only use language features that are transformable to JSON.
- Fixed a bug where API status codes were 500 in some cases where they should have been 401.
- Various minor UI and performance improvements.
- Launched new documentation site.
- Improved the kubectl step module significantly. The module can now execute any kubectl commands, and has an inline/file kubeconfig property for conveniently generating a kubeconfig file for the step.
- Added a Run button to the pipeline builder page.
- Various minor UI improvements.
- Added CIS-CAT Assessor step module.
- Some UX improvements to OpenSCAP scanner step module.
- Fixed a bug where builder arrows could disappear in rare cases.
- Updated documentation.
- Added OpenSCAP scanner step module. This module executes the oscap and oscap-ssh tools to process SCAP content files such as XCCDF and OVAL, as well as perform automated benchmark assessments against remote systems.
- Added Assert step module. This module can be used to fail a pipeline if a condition is not met.
- Added Bearer Token credential type support to HTTP step module.
- Added read_file() expression helper function.
- Added stricter validation for SSH Private Key credentials. Now only allows PEM-encoded RSA keys.
- Improved in-app support. New support site.
- Some minor UI updates.
- Updated documentation, particularly expression reference.
- Added feature to set a custom image for each step in a pipeline, including built-in step modules.
- Fixed a bug where HTTP step result fields were not set properly when the step failed and ignore_errors was true.
- Added two-factor authentication feature. Enable this feature from Account Settings -> My Profile by configuring a mobile device.
- Some UI bug fixes.
- Fixed a UI bug where new Boolean variables were not being initialized correctly in some variables forms.
- Added reference documentation for step results.
- Added documentation about step results.
- Added documentation about agent Idle TTL and Autostart.
- Various other documentation cleanups.
- Added result fields to script step modules (Bash, Python, Node.js, Powershell) and CLI-driven step modules (Ansible Playbook, Terraform). Fields include stdout, stderr, and exit_code.