fix(lambda): fix typo in local variable name resouceArns to resourceArns
#660
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration Test deployment (Auto) | |
| # This workflow automatically runs integration tests when a PR with snapshot changes | |
| # is approved by a CDK team member. No manual approval required. | |
| # | |
| # SHADOW MODE: This workflow is in shadow mode - failures don't block PR merges. | |
| # Once validated, this will replace the label-based workflow (integration-test-deployment.yml). | |
| on: | |
| pull_request_review: | |
| types: [submitted] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| # Early validation: Check if approver is a CDK team member and PR has snapshot changes | |
| validate_approver: | |
| if: github.event.review.state == 'approved' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_run: ${{ steps.check_team.outputs.is_member == 'true' && steps.check_snapshots.outputs.has_snapshots == 'true' }} | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| steps: | |
| - name: Checkout for path filtering | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "lts/*" | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Build deployment-integ | |
| run: yarn --cwd tools/@aws-cdk/integration-test-deployment build | |
| - name: Check for snapshot changes | |
| id: check_snapshots | |
| env: | |
| TARGET_BRANCH_COMMIT: ${{ github.event.pull_request.base.sha }} | |
| SOURCE_BRANCH_COMMIT: ${{ github.event.pull_request.head.sha }} | |
| run: | | |
| # Reuses getChangedSnapshots() from utils.ts — single source of truth | |
| if yarn --cwd tools/@aws-cdk/integration-test-deployment check-snapshots; then | |
| echo "has_snapshots=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "has_snapshots=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check if approver is CDK team member | |
| id: check_team | |
| if: steps.check_snapshots.outputs.has_snapshots == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }} | |
| APPROVER: ${{ github.event.review.user.login }} | |
| run: | | |
| # Use gh CLI to check team membership (pre-installed in GitHub Actions runners) | |
| # https://docs.github.com/en/rest/teams/members#get-team-membership-for-a-user | |
| if gh api "orgs/aws/teams/aws-cdk-team/memberships/${APPROVER}" --jq '.state' 2>/dev/null | grep -q "active"; then | |
| echo "${APPROVER} is an active CDK team member" | |
| echo "is_member=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "${APPROVER} is not a CDK team member or membership is not active" | |
| echo "is_member=false" >> $GITHUB_OUTPUT | |
| fi | |
| integration_test_deployment_auto: | |
| needs: validate_approver | |
| # Only run if approver is a CDK team member AND PR has snapshot changes | |
| if: needs.validate_approver.outputs.should_run == 'true' | |
| runs-on: codebuild-aws-cdk-github-actions-deployment-integ-runner-${{ github.run_id }}-${{ github.run_attempt }} | |
| # No environment - runs automatically without manual approval | |
| # Shadow mode: workflow reports success even if tests fail | |
| continue-on-error: true | |
| name: 'Deploy integration test snapshots (Auto)' | |
| # Job-level permissions for least privilege | |
| permissions: | |
| id-token: write # Required for OIDC authentication with AWS Atmosphere | |
| pull-requests: read # Required to check PR reviews and labels | |
| contents: read # Required to checkout code | |
| env: | |
| PR_BUILD: true | |
| steps: | |
| - name: Checkout HEAD | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "lts/*" | |
| cache: "yarn" | |
| cache-dependency-path: | | |
| yarn.lock | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Load Docker images | |
| id: docker-cache | |
| uses: actions/cache/restore@v5 | |
| with: | |
| path: | | |
| ~/.docker-images.tar | |
| key: docker-cache-${{ runner.os }} | |
| - name: Restore Docker images | |
| if: ${{ steps.docker-cache.outputs.cache-hit }} | |
| run: docker image load --input ~/.docker-images.tar | |
| - name: Cache build artifacts | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.s3buildcache | |
| key: s3buildcache-${{ runner.os }} | |
| - name: Configure system settings | |
| run: | | |
| (command -v sysctl || sudo apt-get update && sudo apt-get install -y procps) && \ | |
| sudo sysctl -w vm.max_map_count=2251954 | |
| - name: Install dependencies for Integration Tests | |
| run: yarn install --frozen-lockfile | |
| - name: Build deployment-integ | |
| run: yarn --cwd tools/@aws-cdk/integration-test-deployment build | |
| - name: Build Integration Test packages | |
| run: npx lerna run build --scope="{@aws-cdk/*,@aws-cdk-testing/framework-integ}" | |
| - name: Run integration tests | |
| run: yarn run atmosphere-integ-test | |
| env: | |
| CDK_ATMOSPHERE_ENDPOINT: ${{ vars.CDK_ATMOSPHERE_ENDPOINT }} | |
| CDK_ATMOSPHERE_POOL: ${{ vars.CDK_ATMOSPHERE_POOL }} | |
| CDK_ATMOSPHERE_OIDC_ROLE: ${{ vars.CDK_ATMOSPHERE_OIDC_ROLE }} | |
| CDK_ATMOSPHERE_BATCH_SIZE: ${{ vars.CDK_ATMOSPHERE_BATCH_SIZE }} | |
| TARGET_BRANCH_COMMIT: ${{ github.event.pull_request.base.sha }} | |
| SOURCE_BRANCH_COMMIT: ${{ github.event.pull_request.head.sha }} | |
| # GitHub context for preflight check (validates CDK team membership) | |
| GITHUB_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }} | |
| GITHUB_REPOSITORY: ${{ github.repository }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} |