009 - Action Triggers, improved configs, default secrets
Action triggers, improved configs, default secrets.
June 5th, 2025
Action Triggers
Action triggers are now available for all workflows. You can now use the following set of triggers:
pre-provision
post-provision
pre-reprovision
post-reprovision
pre-deprovision
post-deprovision
pre-deploy-all-components
post-deploy-all-components
pre-teardown-all-components
post-teardown-all-components
pre-deprovision-sandbox
post-deprovision-sandbox
pre-reprovision-sandbox
post-reprovision-sandbox
pre-update-inputs
post-update-inputs
pre-secrets-sync
post-secrets-sync
Each workflow trigger is called at the beginning or end of the workflow. In some cases, such as pre-provision
or
pre-reprovision
that include a stack-run, the trigger will be called right after the runner is healthy.
The following triggers require a component_name
field to be set, as they are tied to a specific component:
pre-deploy-component
post-deploy-component
post-teardown-component
pre-teardown-component
pre-component-deploy
and post-component-deploy
have been renamed to pre-deploy-component
and post-deploy-component
for consistency with other triggers.
pre-sandbox-run
and post-sandbox-run
have been deprecated, in favor of pre|post-reprovision
, pre|post-provision
, and pre|post-deprovision
Inputs, Permissions and Secrets Dirs
You can now structure configs using directories. The following fields support loading their config from either a sub-directory, or a single file:
secrets
- supports either asecrets.toml
or asecrets/
directoryinputs
- supports either aninputs.toml
or aninputs/
andinput_groups
directory.permissions
- support either apermissions.toml
or apermissions/
directory.
The configuration format is slightly different for files that are added to a directory:
Input
No longer requires the [[inputs]]
syntax when added into ./inputs/input-name.toml
.
Input Group
No longer requires the [[groups]]
syntax when added into ./input_groups/group-name.toml
.
Secret
No longer requires the [[groups]]
syntax when added into ./input_groups/group-name.toml
.
Permissions
No longer requires the [provision_role]
, [deprovision_role]
, or [maintenance_role]
syntax, but now requires a
type
.
Improved Schema
Each configuration file now supports a JSON schema that can be loaded via our api. You can now add #:schema https://api.nuon.co/v1/general/config-schema?type=input
at the beginning of any Nuon config file for editor supported
TOML LSP integrations.
The following types
are valid:
runner
- for use inrunner.toml
sandbox
- for use insandbox.toml
helm
- for use in any helm component toml config incomponents/
.docker-build
- for use in any docker-build component toml config incomponents/
.container-image
- for use in any container-image component toml config incomponents/
.terraform
- for use in any terraform component toml config incomponents/
.permissions
- for use in any permissions config inpermissions/
.secret
- for use in any permissions config insecrets/
.input
- for use in any input config ininput/
.input-group
- for use in any input config ininput_groups/
.metadata
- for use inmetadata.toml
.action
- for use in action defined inactions/
.stack
- for use instack.toml
.installer
- for use ininstaller.toml
.full
- only useful for validating a full, parsed Nuon config.
Component and Action Groups
You can now group components and actions using subdirectories. For now, the change is purely for configuration management, but will soon be added into the ui and other places.
Default Secrets
You can now provide a default for secrets that get added in a cloudformation stack.
Fixes
- Made org creation email configurable for BYOC installs of Nuon.
- Fixed a bug where content in the
permissions
config would not look in the./permissions
subdirectory.