Skip to content

ci: fix integration-test-deployment script #35716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Oct 15, 2025
+17 −28
Merged

ci: fix integration-test-deployment script #35716

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d081bf1
ci: fix integration-test-deployment script invocation
Abogical Oct 10, 2025
047c01d
ci: pass PATH environment variables to deploy integ test
Abogical Oct 13, 2025
1e4630f
ci: fix and rename deployment integ test script
Abogical Oct 13, 2025
31f9616
refactor: bring back OIDC
Abogical Oct 13, 2025
8f5fe22
Merge branch 'main' into integ-deployment-test-invoke-fix
mergify[bot] Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 14 additions & 26 deletions .github/workflows/integration-test-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ on:
workflow_dispatch: {}
merge_group: {}
pull_request_target:
types:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the default behaviour if we didn't mention any?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It won't listen to any labelling events by default. So if we add the pr/needs-integration-test-deployment label, the workflow will still be skipped.

- opened
- synchronize
- reopened
- labeled
branches:
- main
paths:
Expand All @@ -21,26 +26,18 @@ jobs:
integration_test_deployment:
runs-on: codebuild-aws-cdk-github-actions-deployment-integ-runner-${{ github.run_id }}-${{ github.run_attempt }}
environment: deployment-integ-test # Do not change or remove this without discussing with Appsec
if: contains(github.event.pull_request.labels.*.name, 'pr/needs-integration-tests-deployment ')
if: contains(github.event.pull_request.labels.*.name, 'pr/needs-integration-tests-deployment')
name: 'Deploy integration test snapshots (requires `pr/needs-integration-tests-deployment` label)'

env:
PR_BUILD: true

steps:
- name: Checkout BASE
uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.base.sha }}
fetch-depth: 0
path: base

- name: Checkout HEAD
uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
path: head

- name: Configure AWS credentials
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we have the OIDC? Unless there's some concern on it that i'm not aware of

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OIDC added back in. I'm currently testing in my fork if it still works.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It works with OIDC: https://github.com/Abogical/aws-cdk/actions/runs/18468338437/job/52623823984

uses: aws-actions/configure-aws-credentials@v5
Expand All @@ -55,8 +52,7 @@ jobs:
node-version: "lts/*"
cache: "yarn"
cache-dependency-path: |
base/yarn.lock
head/yarn.lock
yarn.lock

- name: Set up Docker
uses: docker/setup-buildx-action@v3
Expand Down Expand Up @@ -85,26 +81,18 @@ jobs:
run: |
(command -v sysctl || sudo apt-get update && sudo apt-get install -y procps) && \
sudo sysctl -w vm.max_map_count=2251954

- name: Install dependencies for integration-test-deployment (BASE)
working-directory: base
run: yarn --cwd tools/@aws-cdk/integration-test-deployment install

- name: Build deployment-integ (BASE)
working-directory: base
run: yarn --cwd tools/@aws-cdk/integration-test-deployment build

- name: Install dependencies for Integration Tests (HEAD)
working-directory: head
- name: Install dependencies for Integration Tests
run: yarn install

- name: Build deployment-integ
run: yarn --cwd tools/@aws-cdk/integration-test-deployment build

- name: Build Integration Tests (HEAD)
working-directory: head
- name: Build Integration Tests
run: npx lerna run build --scope=@aws-cdk-testing/framework-integ

- name: Run integration tests from HEAD using integration-test-deployment script from BASE
run: yarn --cwd ../base/tools/@aws-cdk/integration-test-deployment/ integration-test-deployment
working-directory: head
- name: Run integration tests using integration-test-deployment script
run: yarn run atmosphere-integ-test
env:
CDK_ATMOSPHERE_ENDPOINT: ${{ vars.CDK_ATMOSPHERE_ENDPOINT }}
CDK_ATMOSPHERE_POOL: ${{ vars.CDK_ATMOSPHERE_POOL}}
Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
"pack": "./pack.sh",
"compat": "./scripts/check-api-compatibility.sh",
"bump": "./bump.sh",
"build-all": "tsc -b"
"build-all": "tsc -b",
"atmosphere-integ-test": "lerna run build --scope @aws-cdk/integration-test-deployment && node tools/@aws-cdk/integration-test-deployment/bin/index.js"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is it building? I believe the normal pattern here is another separate command building, then this one only running

Copy link
Member Author

@Abogical Abogical Oct 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • pkglint above in package.json follows the same pattern.
  • It'll be helpful as a developer to have one command to rebuild and test the script to allow for faster development.

},
"devDependencies": {
"@nx/workspace": "^20",
Expand Down
1 change: 1 addition & 0 deletions tools/@aws-cdk/integration-test-deployment/lib/integration-test-runner.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ export const deployInegTestsWithAtmosphere = async ({ endpoint, pool }: {endpoin

try {
const env = {
PATH: process.env.PATH, // Allows the spawn process to find the yarn binary.
AWS_ACCESS_KEY_ID: allocation.allocation.credentials.accessKeyId,
AWS_SECRET_ACCESS_KEY: allocation.allocation.credentials.secretAccessKey,
AWS_SESSION_TOKEN: allocation.allocation.credentials.sessionToken,
Expand Down
1 change: 0 additions & 1 deletion tools/@aws-cdk/integration-test-deployment/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,5 @@
"ts-jest": "^29.4.1",
"typescript": "~5.5.4"
},
"main": "bin/project-sync.js",
"license": "Apache-2.0"
}
Loading