diff --git a/.github/workflows/breaking-change-check.yml b/.github/workflows/breaking-change-check.yml index dca8f383..979a23af 100644 --- a/.github/workflows/breaking-change-check.yml +++ b/.github/workflows/breaking-change-check.yml @@ -47,7 +47,9 @@ jobs: # Fetch the base branch so the ref is available for griffe's worktree. - name: Fetch base branch - run: git fetch origin "${{ github.base_ref }}" --depth=1 + env: + BASE_REF: ${{ github.base_ref }} + run: git fetch origin "$BASE_REF" --depth=1 # Run griffe using its Python API for stable, structured output. # The Python API is used instead of the CLI to: @@ -150,6 +152,8 @@ jobs: # rather than creating a new one per commit. - name: Post or update PR comment uses: actions/github-script@v8 + env: + GRIFFE_EXIT_CODE: ${{ steps.griffe.outputs.exit_code }} with: script: | const fs = require('fs'); @@ -186,7 +190,7 @@ jobs: } // Log summary to the Actions step output for visibility. - const exitCode = '${{ steps.griffe.outputs.exit_code }}'; + const exitCode = process.env.GRIFFE_EXIT_CODE; if (exitCode === '1') { core.warning('Breaking changes detected — see PR comment for details.'); } diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index aa8fe4dc..9ce99174 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -56,20 +56,28 @@ jobs: env: PR_URL: ${{ github.event.pull_request.html_url }} GH_TOKEN: ${{ steps.app-token.outputs.token }} + DEP_NAMES: ${{ steps.metadata.outputs.dependency-names }} + PREV_VERSION: ${{ steps.metadata.outputs.previous-version }} + NEW_VERSION: ${{ steps.metadata.outputs.new-version }} + UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }} run: | gh pr merge --auto --squash "$PR_URL" - echo "✓ Auto-merge enabled: ${{ steps.metadata.outputs.dependency-names }} \ - (${{ steps.metadata.outputs.previous-version }} → \ - ${{ steps.metadata.outputs.new-version }}, \ - ${{ steps.metadata.outputs.update-type }})" + echo "✓ Auto-merge enabled: $DEP_NAMES \ + ($PREV_VERSION → \ + $NEW_VERSION, \ + $UPDATE_TYPE)" # major bumps: log clearly and do nothing. # The PR stays open and is assigned to aws/bedrock-agentcore-maintainers # via dependabot.yml for human review. - name: Skip major bumps — human review required if: steps.metadata.outputs.update-type == 'version-update:semver-major' + env: + DEP_NAMES: ${{ steps.metadata.outputs.dependency-names }} + PREV_VERSION: ${{ steps.metadata.outputs.previous-version }} + NEW_VERSION: ${{ steps.metadata.outputs.new-version }} run: | - echo "⏭ Skipped: ${{ steps.metadata.outputs.dependency-names }} \ - is a major bump (${{ steps.metadata.outputs.previous-version }} → \ - ${{ steps.metadata.outputs.new-version }}). \ + echo "⏭ Skipped: $DEP_NAMES \ + is a major bump ($PREV_VERSION → \ + $NEW_VERSION). \ Requires review from aws/bedrock-agentcore-maintainers." diff --git a/.github/workflows/integration-testing-regression.yml b/.github/workflows/integration-testing-regression.yml index 5554c0d5..6d12b117 100644 --- a/.github/workflows/integration-testing-regression.yml +++ b/.github/workflows/integration-testing-regression.yml @@ -216,11 +216,13 @@ jobs: # Install test dependencies only — NOT the library (already installed above). - name: Install test dependencies + env: + EXTRA_DEPS: ${{ matrix.extra-deps }} run: | pip install --no-cache-dir \ pytest pytest-xdist pytest-order pytest-rerunfailures \ requests strands-agents uvicorn httpx starlette websockets \ - ${{ matrix.extra-deps }} + $EXTRA_DEPS # Run the old test suite against the new library. # A failure here means a test that passed in the previous release @@ -235,14 +237,18 @@ jobs: RESOURCE_POLICY_TEST_ARN: ${{ secrets.RESOURCE_POLICY_TEST_ARN }} RESOURCE_POLICY_TEST_PRINCIPAL: ${{ secrets.RESOURCE_POLICY_TEST_PRINCIPAL }} BASELINE_TAG: ${{ needs.resolve-tag.outputs.tag }} + TEST_GROUP: ${{ matrix.group }} + PYTEST_PATH: ${{ matrix.path }} timeout-minutes: ${{ matrix.timeout }} working-directory: /tmp/baseline-tests + # PYTEST_PATH comes from the job matrix and holds space-separated pytest + # path args; left unquoted intentionally so it word-splits. run: | echo "================================================" echo "Library: bedrock-agentcore (PR branch source)" - echo "Test suite: $BASELINE_TAG tests_integ/${{ matrix.group }}" + echo "Test suite: $BASELINE_TAG tests_integ/$TEST_GROUP" echo "================================================" - pytest ${{ matrix.path }} \ + pytest $PYTEST_PATH \ -n auto --dist=loadscope \ -s --log-cli-level=INFO diff --git a/.github/workflows/integration-testing.yml b/.github/workflows/integration-testing.yml index fd6e41d9..23f0c09a 100644 --- a/.github/workflows/integration-testing.yml +++ b/.github/workflows/integration-testing.yml @@ -185,9 +185,11 @@ jobs: python-version: '3.10' - name: Install dependencies + env: + EXTRA_DEPS: ${{ matrix.extra-deps }} run: | pip install -e . - pip install --no-cache-dir pytest pytest-xdist pytest-order pytest-rerunfailures requests strands-agents uvicorn httpx starlette websockets ${{ matrix.extra-deps }} + pip install --no-cache-dir pytest pytest-xdist pytest-order pytest-rerunfailures requests strands-agents uvicorn httpx starlette websockets $EXTRA_DEPS - name: Run integration tests env: @@ -208,10 +210,14 @@ jobs: COGNITO_POOL_ID: ${{ secrets.COGNITO_POOL_ID }} COGNITO_CLIENT_ID: ${{ secrets.COGNITO_CLIENT_ID }} COGNITO_CLIENT_SECRET: ${{ secrets.COGNITO_CLIENT_SECRET }} + PYTEST_PATH: ${{ matrix.path }} + PYTEST_IGNORE: ${{ matrix.ignore }} id: tests timeout-minutes: ${{ matrix.timeout }} + # PYTEST_PATH/PYTEST_IGNORE come from the job matrix and hold space-separated + # pytest path/ignore args; left unquoted intentionally so they word-split. run: | - pytest ${{ matrix.path }} ${{ matrix.ignore }} -n auto --dist=loadscope -s --log-cli-level=INFO + pytest $PYTEST_PATH $PYTEST_IGNORE -n auto --dist=loadscope -s --log-cli-level=INFO safety-gate: runs-on: ubuntu-latest diff --git a/.github/workflows/release-prepare.yml b/.github/workflows/release-prepare.yml index df5cf658..1724d144 100644 --- a/.github/workflows/release-prepare.yml +++ b/.github/workflows/release-prepare.yml @@ -31,8 +31,10 @@ jobs: steps: - name: Validate running from main if: github.ref != 'refs/heads/main' + env: + GITHUB_REF: ${{ github.ref }} run: | - echo "❌ ERROR: Must run from main branch, got ${{ github.ref }}" + echo "❌ ERROR: Must run from main branch, got $GITHUB_REF" exit 1 - name: Checkout code