Skip to content

chore: migrate to launch-workflows 0.14.2#4

Open
bryce-lynn-nttd wants to merge 5 commits into
mainfrom
chore/sync-workflows
Open

chore: migrate to launch-workflows 0.14.2#4
bryce-lynn-nttd wants to merge 5 commits into
mainfrom
chore/sync-workflows

Conversation

@bryce-lynn-nttd
Copy link
Copy Markdown

@bryce-lynn-nttd bryce-lynn-nttd commented Mar 5, 2026

Summary

  • Migrated CI workflows to use launch-workflows reusable workflows at version 0.14.2
  • Removed legacy actions-lcaf workflow files
  • Added/updated release-drafter.yml and dependabot.yml

Files changed

  • A .github/dependabot.yml
  • A .github/release-drafter.yml
  • D .github/workflows/increment-tagged-version.yaml
  • D .github/workflows/lint-terraform.yaml
  • A .github/workflows/pull-request-label.yml
  • A .github/workflows/pull-request-terraform-check-aws.yml
  • A .github/workflows/release-publish.yml
  • D .github/workflows/validate-branch-name.yaml
  • M .tool-versions
  • M Makefile

Generated by sync_workflows.py from launch-workflows

@bryce-lynn-nttd bryce-lynn-nttd requested a review from a team as a code owner March 5, 2026 18:22
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 5, 2026

Caution

Auto-labeling failed, likely due to a misconfiguration in the .github/release-drafter.yml file on the default branch.

The auto-labeler workflow was allowed to complete successfully because you have a configuration change to .github/release-drafter.yml in this pull request. This does not guarantee your changes are valid.

Please manually apply the appropriate label (patch, minor, major) to this pull request.

@sean-fairchild-nttd
chore: bump launch-common-automation-framework to 1.8.2
e1b76ea
@sean-fairchild-nttd
fix: inline the codepipeline role policy
cb537f0 
AWS provider 6 is reconciling the role's inline policy into aws_iam_role state, which leaves the separate aws_iam_role_policy resource drifting after apply.

This moves the policy ownership onto aws_iam_role so the module stays idempotent under the sync-workflows test run.
@sean-fairchild-nttd
fix: retry codepipeline reads in post-deploy test
5fbe5b1 
The sync-workflows PR now gets through apply, but the post-deploy test reads CodePipeline immediately and intermittently gets a nil response before the control plane is fully consistent.

This adds a bounded retry around GetPipeline so the test waits for the pipeline to become readable instead of failing on a transient empty response.
@sean-fairchild-nttd
fix: use ambient aws credentials in codepipeline test
5fd4740 
The post-deploy retry logic now reaches AWS consistently, but forcing WithSharedConfigProfile(AWS_PROFILE) causes the SDK to fall back to profile-based credential resolution in GitHub Actions and fail against IMDS.

This removes the explicit shared profile override so the test uses the ambient OIDC credentials configured by the workflow, which matches the working AWS test pattern used elsewhere in the repo set.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bryce-lynn-nttd @sean-fairchild-nttd