From 2c2dcdb2929b6c6222afa7ad2ccca5e1ce64d0e2 Mon Sep 17 00:00:00 2001 From: Jordan Ritter Date: Sat, 30 May 2026 10:39:10 -0700 Subject: [PATCH 1/7] Fix Slack notification workflows: use org-standard incoming-webhook pattern --- .github/workflows/slack-issue-notification.yml | 14 ++++---------- .github/workflows/slack-open-prs-notification.yml | 11 ++++------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/.github/workflows/slack-issue-notification.yml b/.github/workflows/slack-issue-notification.yml index d046bb00d..1a07e16e4 100644 --- a/.github/workflows/slack-issue-notification.yml +++ b/.github/workflows/slack-issue-notification.yml @@ -12,15 +12,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Send issue details to Slack - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 + uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 with: - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: webhook-trigger + webhook: ${{ secrets.SLACK_WEBHOOK_OSS_ALERTS }} + webhook-type: incoming-webhook payload: | - issue_title: "${{ github.event.issue.title }}" - issue_number: "${{ github.event.issue.number }}" - issue_url: "${{ github.event.issue.html_url }}" - issue_author: "${{ github.event.issue.user.login }}" - issue_body: ${{ toJSON(github.event.issue.body) }} - repository: "${{ github.repository }}" - created_at: "${{ github.event.issue.created_at }}" + { "text": ${{ toJSON(format(':inbox_tray: *New issue in {0}*: #{1} {2} (by {3})\n{4}', github.repository, github.event.issue.number, github.event.issue.title, github.event.issue.user.login, github.event.issue.html_url)) }} } diff --git a/.github/workflows/slack-open-prs-notification.yml b/.github/workflows/slack-open-prs-notification.yml index bd8d5936c..6260fc1b3 100644 --- a/.github/workflows/slack-open-prs-notification.yml +++ b/.github/workflows/slack-open-prs-notification.yml @@ -40,12 +40,9 @@ jobs: ); - name: Send open PRs summary to Slack - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 + uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 with: - webhook: ${{ secrets.SLACK_OPEN_PRS_WEBHOOK_URL }} - webhook-type: webhook-trigger + webhook: ${{ secrets.SLACK_WEBHOOK_OSS_ALERTS }} + webhook-type: incoming-webhook payload: | - pr_count: "${{ steps.open-prs.outputs.count }}" - pr_list: ${{ toJSON(steps.open-prs.outputs.pr_list) }} - repository: "${{ github.repository }}" - repository_url: "https://github.com/${{ github.repository }}/pulls" + { "text": ${{ toJSON(format(':bar_chart: *Open PRs in {0}* ({1}): https://github.com/{0}/pulls\n{2}', github.repository, steps.open-prs.outputs.count, steps.open-prs.outputs.pr_list)) }} } From 3a4bb18f77a5deae719984cd1c8004b524002104 Mon Sep 17 00:00:00 2001 From: Jordan Ritter Date: Sat, 30 May 2026 10:52:44 -0700 Subject: [PATCH 2/7] Skip open-PRs Slack post when zero PRs; fix DST-misleading cron comment --- .github/workflows/slack-open-prs-notification.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/slack-open-prs-notification.yml b/.github/workflows/slack-open-prs-notification.yml index 6260fc1b3..d810dc6dc 100644 --- a/.github/workflows/slack-open-prs-notification.yml +++ b/.github/workflows/slack-open-prs-notification.yml @@ -2,7 +2,7 @@ name: Slack Open PRs Notification on: schedule: - - cron: '0 13 * * *' # 8:00 AM EST (13:00 UTC) + - cron: '0 13 * * *' # 13:00 UTC daily (08:00 EST / 09:00 EDT — cron does not observe DST) workflow_dispatch: permissions: @@ -40,6 +40,7 @@ jobs: ); - name: Send open PRs summary to Slack + if: ${{ steps.open-prs.outputs.count != '0' }} uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 with: webhook: ${{ secrets.SLACK_WEBHOOK_OSS_ALERTS }} From a0d1898b99b82bca03d5298dc6a7e5e7f0aa8ee3 Mon Sep 17 00:00:00 2001 From: Jordan Ritter Date: Sat, 30 May 2026 10:53:13 -0700 Subject: [PATCH 3/7] Correct stale aws-actions/configure-aws-credentials version comment to v6.1.1 (zizmor ref-version-mismatch) --- .github/workflows/e2e-tests-full.yml | 2 +- .github/workflows/e2e-tests.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-tests-full.yml b/.github/workflows/e2e-tests-full.yml index e51ced47f..374310b78 100644 --- a/.github/workflows/e2e-tests-full.yml +++ b/.github/workflows/e2e-tests-full.yml @@ -40,7 +40,7 @@ jobs: git config --global user.name "CI" - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.E2E_AWS_ROLE_ARN }} aws-region: ${{ inputs.aws_region || 'us-east-1' }} diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index c5254ca2c..d3b93988c 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -55,7 +55,7 @@ jobs: git config --global user.name "CI" - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.E2E_AWS_ROLE_ARN }} aws-region: ${{ inputs.aws_region || 'us-east-1' }} From decccca205d5c6595e9a95b9466a623026868ec6 Mon Sep 17 00:00:00 2001 From: Jordan Ritter Date: Sat, 30 May 2026 11:09:57 -0700 Subject: [PATCH 4/7] Harden open-PRs script: paginate PR list, guard null author, randomize output delimiter --- .github/workflows/slack-open-prs-notification.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/slack-open-prs-notification.yml b/.github/workflows/slack-open-prs-notification.yml index d810dc6dc..26399b354 100644 --- a/.github/workflows/slack-open-prs-notification.yml +++ b/.github/workflows/slack-open-prs-notification.yml @@ -17,26 +17,29 @@ jobs: uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | - const { data: prs } = await github.rest.pulls.list({ + const prs = await github.paginate(github.rest.pulls.list, { owner: context.repo.owner, repo: context.repo.repo, state: 'open', + per_page: 100, }); const count = prs.length; // Format each PR with plain text and bare URL (Slack auto-links URLs) const prList = prs.map(pr => - `• #${pr.number} - ${pr.title} (by ${pr.user.login})\n ${pr.html_url}` + `• #${pr.number} - ${pr.title} (by ${pr.user?.login ?? 'unknown'})\n ${pr.html_url}` ).join('\n'); core.setOutput('count', count); // Use GITHUB_OUTPUT delimiter for multiline support + const crypto = require('crypto'); + const delimiter = `PRLIST_${crypto.randomUUID()}`; const fs = require('fs'); fs.appendFileSync( process.env.GITHUB_OUTPUT, - `pr_list< Date: Sat, 30 May 2026 11:11:44 -0700 Subject: [PATCH 5/7] Harden e2e workflows: fail-loud CDK sourcing, robust npm pack, fix concurrency/region/comments --- .github/workflows/e2e-tests-full.yml | 27 +++++++++++++++++++------- .github/workflows/e2e-tests.yml | 29 +++++++++++++++++++++------- 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/.github/workflows/e2e-tests-full.yml b/.github/workflows/e2e-tests-full.yml index 374310b78..12c4be54c 100644 --- a/.github/workflows/e2e-tests-full.yml +++ b/.github/workflows/e2e-tests-full.yml @@ -6,10 +6,10 @@ on: description: 'AWS region for deployment' default: 'us-east-1' schedule: - - cron: '0 14 * * 1' # Every Monday at 9 AM EST (14:00 UTC) + - cron: '0 14 * * 1' # Mondays 14:00 UTC (09:00 EST / 10:00 EDT — cron does not observe DST) concurrency: - group: e2e-${{ github.event.pull_request.number || github.ref }} + group: e2e-full-${{ github.ref }} cancel-in-progress: false permissions: @@ -21,6 +21,10 @@ jobs: runs-on: ubuntu-latest environment: e2e-testing timeout-minutes: 60 + env: + # Single source for the AWS region default. On `workflow_dispatch` the + # input applies; on `schedule` `inputs` is empty so the fallback applies. + AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }} strategy: fail-fast: false matrix: @@ -43,7 +47,7 @@ jobs: uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.E2E_AWS_ROLE_ARN }} - aws-region: ${{ inputs.aws_region || 'us-east-1' }} + aws-region: ${{ env.AWS_REGION }} - name: Get AWS Account ID id: aws run: echo "account_id=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_OUTPUT" @@ -58,21 +62,30 @@ jobs: - name: Build CDK package from main if: matrix.cdk-source == 'main' run: | + set -euo pipefail + [ -n "${CDK_REPO_TOKEN}" ] && [ -n "${CDK_REPO}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } git clone --depth 1 "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo cd /tmp/cdk-repo npm ci npm run build - TARBALL=$(npm pack --pack-destination "$RUNNER_TEMP" | tail -1) - echo "CDK_TARBALL=$RUNNER_TEMP/$TARBALL" >> "$GITHUB_ENV" + TARBALL="$(npm pack --json --pack-destination "$RUNNER_TEMP" | jq -r '.[0].filename')" + CDK_TARBALL="$RUNNER_TEMP/$TARBALL" + # Fail loud: a missing tarball would silently fall back to the published + # CDK in installCdkTarball(), defeating the `main` matrix leg. + [ -f "$CDK_TARBALL" ] || { echo "::error::CDK tarball not found at '$CDK_TARBALL'"; exit 1; } + echo "CDK_TARBALL=$CDK_TARBALL" >> "$GITHUB_ENV" env: CDK_REPO_TOKEN: ${{ secrets.CDK_REPO_TOKEN }} CDK_REPO: ${{ secrets.CDK_REPO_NAME }} - name: Install CLI globally - run: npm install -g "$(npm pack | tail -1)" + run: | + set -euo pipefail + TARBALL="$(npm pack --json | jq -r '.[0].filename')" + npm install -g "./$TARBALL" - name: Run E2E tests (${{ matrix.cdk-source }}) env: AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }} - AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }} + AWS_REGION: ${{ env.AWS_REGION }} ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }} OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }} GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }} diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index d3b93988c..e56560560 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -23,6 +23,10 @@ jobs: runs-on: ubuntu-latest environment: e2e-testing timeout-minutes: 30 + env: + # Single source for the AWS region default. On `workflow_dispatch` the + # input applies; on other events `inputs` is empty so the fallback applies. + AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }} strategy: fail-fast: false matrix: @@ -58,7 +62,7 @@ jobs: uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.E2E_AWS_ROLE_ARN }} - aws-region: ${{ inputs.aws_region || 'us-east-1' }} + aws-region: ${{ env.AWS_REGION }} - name: Get AWS Account ID id: aws run: echo "account_id=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_OUTPUT" @@ -74,12 +78,18 @@ jobs: - name: Build CDK package from main if: matrix.cdk-source == 'main' run: | + set -euo pipefail + [ -n "${CDK_REPO_TOKEN}" ] && [ -n "${CDK_REPO}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } git clone --depth 1 "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo cd /tmp/cdk-repo npm ci npm run build - TARBALL=$(npm pack --pack-destination "$RUNNER_TEMP" | tail -1) - echo "CDK_TARBALL=$RUNNER_TEMP/$TARBALL" >> "$GITHUB_ENV" + TARBALL="$(npm pack --json --pack-destination "$RUNNER_TEMP" | jq -r '.[0].filename')" + CDK_TARBALL="$RUNNER_TEMP/$TARBALL" + # Fail loud: a missing tarball would silently fall back to the published + # CDK in installCdkTarball(), defeating the `main` matrix leg. + [ -f "$CDK_TARBALL" ] || { echo "::error::CDK tarball not found at '$CDK_TARBALL'"; exit 1; } + echo "CDK_TARBALL=$CDK_TARBALL" >> "$GITHUB_ENV" env: CDK_REPO_TOKEN: ${{ secrets.CDK_REPO_TOKEN }} CDK_REPO: ${{ secrets.CDK_REPO_NAME }} @@ -87,15 +97,20 @@ jobs: - run: npm ci - run: npm run build - name: Install CLI globally - run: npm install -g "$(npm pack | tail -1)" + run: | + set -euo pipefail + TARBALL="$(npm pack --json | jq -r '.[0].filename')" + npm install -g "./$TARBALL" - name: Run E2E tests (${{ matrix.cdk-source }}) env: AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }} - AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }} + AWS_REGION: ${{ env.AWS_REGION }} ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }} OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }} GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }} CDK_TARBALL: ${{ env.CDK_TARBALL }} - # Only run Bedrock tests on PRs to avoid creating ApiKeyCredentialProviders, - # which have a 50-resource account limit and accumulate from interrupted runs. + # This manual/dispatch workflow runs only the Bedrock subset (strands-bedrock, + # langgraph-bedrock) to limit creation of ApiKeyCredentialProviders, which have a + # 50-resource account limit and accumulate from interrupted runs. The full suite + # runs in e2e-tests-full.yml. run: npx vitest run --project e2e strands-bedrock langgraph-bedrock From 515ec2571501784c2d54cdfccc8a1601c5bd3426 Mon Sep 17 00:00:00 2001 From: Jordan Ritter Date: Sat, 30 May 2026 11:18:59 -0700 Subject: [PATCH 6/7] Address e2e review: pin CDK clone to main, fix Bedrock comment, dedupe region env, harden pack/secret guards --- .github/workflows/e2e-tests-full.yml | 8 +++++--- .github/workflows/e2e-tests.yml | 18 +++++++++++------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/workflows/e2e-tests-full.yml b/.github/workflows/e2e-tests-full.yml index 12c4be54c..2419db139 100644 --- a/.github/workflows/e2e-tests-full.yml +++ b/.github/workflows/e2e-tests-full.yml @@ -5,6 +5,7 @@ on: aws_region: description: 'AWS region for deployment' default: 'us-east-1' + type: string schedule: - cron: '0 14 * * 1' # Mondays 14:00 UTC (09:00 EST / 10:00 EDT — cron does not observe DST) @@ -63,12 +64,13 @@ jobs: if: matrix.cdk-source == 'main' run: | set -euo pipefail - [ -n "${CDK_REPO_TOKEN}" ] && [ -n "${CDK_REPO}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } - git clone --depth 1 "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo + [ -n "${CDK_REPO_TOKEN:-}" ] && [ -n "${CDK_REPO:-}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } + git clone --depth 1 --branch main "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo cd /tmp/cdk-repo npm ci npm run build TARBALL="$(npm pack --json --pack-destination "$RUNNER_TEMP" | jq -r '.[0].filename')" + [ -n "$TARBALL" ] && [ "$TARBALL" != "null" ] || { echo "::error::npm pack produced no tarball"; exit 1; } CDK_TARBALL="$RUNNER_TEMP/$TARBALL" # Fail loud: a missing tarball would silently fall back to the published # CDK in installCdkTarball(), defeating the `main` matrix leg. @@ -81,11 +83,11 @@ jobs: run: | set -euo pipefail TARBALL="$(npm pack --json | jq -r '.[0].filename')" + [ -n "$TARBALL" ] && [ "$TARBALL" != "null" ] || { echo "::error::npm pack produced no tarball"; exit 1; } npm install -g "./$TARBALL" - name: Run E2E tests (${{ matrix.cdk-source }}) env: AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }} - AWS_REGION: ${{ env.AWS_REGION }} ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }} OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }} GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }} diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index e56560560..fb029483f 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -9,6 +9,7 @@ on: aws_region: description: 'AWS region for deployment' default: 'us-east-1' + type: string concurrency: group: e2e-${{ inputs.pr_number || github.ref }} @@ -79,12 +80,13 @@ jobs: if: matrix.cdk-source == 'main' run: | set -euo pipefail - [ -n "${CDK_REPO_TOKEN}" ] && [ -n "${CDK_REPO}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } - git clone --depth 1 "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo + [ -n "${CDK_REPO_TOKEN:-}" ] && [ -n "${CDK_REPO:-}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } + git clone --depth 1 --branch main "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo cd /tmp/cdk-repo npm ci npm run build TARBALL="$(npm pack --json --pack-destination "$RUNNER_TEMP" | jq -r '.[0].filename')" + [ -n "$TARBALL" ] && [ "$TARBALL" != "null" ] || { echo "::error::npm pack produced no tarball"; exit 1; } CDK_TARBALL="$RUNNER_TEMP/$TARBALL" # Fail loud: a missing tarball would silently fall back to the published # CDK in installCdkTarball(), defeating the `main` matrix leg. @@ -100,17 +102,19 @@ jobs: run: | set -euo pipefail TARBALL="$(npm pack --json | jq -r '.[0].filename')" + [ -n "$TARBALL" ] && [ "$TARBALL" != "null" ] || { echo "::error::npm pack produced no tarball"; exit 1; } npm install -g "./$TARBALL" - name: Run E2E tests (${{ matrix.cdk-source }}) env: AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }} - AWS_REGION: ${{ env.AWS_REGION }} ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }} OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }} GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }} CDK_TARBALL: ${{ env.CDK_TARBALL }} - # This manual/dispatch workflow runs only the Bedrock subset (strands-bedrock, - # langgraph-bedrock) to limit creation of ApiKeyCredentialProviders, which have a - # 50-resource account limit and accumulate from interrupted runs. The full suite - # runs in e2e-tests-full.yml. + # This manual/dispatch workflow runs the lighter Bedrock-related e2e subset + # to keep the per-PR run fast, rather than the full suite (which runs in + # e2e-tests-full.yml). The args below are vitest substring path filters, so + # this matches every test file whose path contains `strands-bedrock` or + # `langgraph-bedrock` (e.g. strands-bedrock, strands-bedrock-memory, + # container-strands-bedrock, langgraph-bedrock), not just two suites. run: npx vitest run --project e2e strands-bedrock langgraph-bedrock From 7afdbb0db55e29ea13e6b4bbfd2bc9c0698d529a Mon Sep 17 00:00:00 2001 From: Jordan Ritter Date: Sat, 30 May 2026 11:23:36 -0700 Subject: [PATCH 7/7] Fix e2e comment/error-message accuracy (dispatch-only region note, secret names in guard) --- .github/workflows/e2e-tests-full.yml | 2 +- .github/workflows/e2e-tests.yml | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e-tests-full.yml b/.github/workflows/e2e-tests-full.yml index 2419db139..afbc69546 100644 --- a/.github/workflows/e2e-tests-full.yml +++ b/.github/workflows/e2e-tests-full.yml @@ -64,7 +64,7 @@ jobs: if: matrix.cdk-source == 'main' run: | set -euo pipefail - [ -n "${CDK_REPO_TOKEN:-}" ] && [ -n "${CDK_REPO:-}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } + [ -n "${CDK_REPO_TOKEN:-}" ] && [ -n "${CDK_REPO:-}" ] || { echo "::error::Required secrets CDK_REPO_NAME and CDK_REPO_TOKEN are not configured"; exit 1; } git clone --depth 1 --branch main "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo cd /tmp/cdk-repo npm ci diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index fb029483f..f1841229a 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -25,8 +25,9 @@ jobs: environment: e2e-testing timeout-minutes: 30 env: - # Single source for the AWS region default. On `workflow_dispatch` the - # input applies; on other events `inputs` is empty so the fallback applies. + # Single source for the AWS region default. This workflow is + # dispatch-only, so the input always applies; the fallback guards the + # case where the optional `aws_region` input is left blank on dispatch. AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }} strategy: fail-fast: false @@ -80,7 +81,7 @@ jobs: if: matrix.cdk-source == 'main' run: | set -euo pipefail - [ -n "${CDK_REPO_TOKEN:-}" ] && [ -n "${CDK_REPO:-}" ] || { echo "::error::CDK_REPO and CDK_REPO_TOKEN must be set"; exit 1; } + [ -n "${CDK_REPO_TOKEN:-}" ] && [ -n "${CDK_REPO:-}" ] || { echo "::error::Required secrets CDK_REPO_NAME and CDK_REPO_TOKEN are not configured"; exit 1; } git clone --depth 1 --branch main "https://x-access-token:${CDK_REPO_TOKEN}@github.com/${CDK_REPO}.git" /tmp/cdk-repo cd /tmp/cdk-repo npm ci