Merge branch 'conroy/deploy-tests' of https://github.com/aws/aws-cdk …

…into conroy/deploy-tests
aws · Jan 17, 2025 · e3c3670 · e3c3670
2 parents 77863b7 + 410b845
commit e3c3670
Show file tree

Hide file tree

Showing 410 changed files with 109,989 additions and 6,886 deletions.
diff --git a/.github/workflows/check-suite-test.yaml b/.github/workflows/check-suite-test.yaml
@@ -0,0 +1,25 @@
+
+name: Check Suite Logger
+
+on:
+  check_suite:
+    types: [completed]
+
+jobs:
+  log-check-suite:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Log check suite event details
+        run: |
+          echo "Check Suite ID: ${{ github.event.check_suite.id }}"
+          echo "Status: ${{ github.event.check_suite.status }}"
+          echo "Conclusion: ${{ github.event.check_suite.conclusion }}"
+          echo "URL: ${{ github.event.check_suite.url }}"
+          echo "Head Branch: ${{ github.event.check_suite.head_branch }}"
+          echo "Head SHA: ${{ github.event.check_suite.head_sha }}"
+          echo "Repository: ${{ github.event.repository.full_name }}"
+          echo "Sender: ${{ github.event.sender.login }}"
+          echo "Created At: ${{ github.event.check_suite.created_at }}"
+          echo "Updated At: ${{ github.event.check_suite.updated_at }}"
+          echo "Pull Requests: ${{ toJson(github.event.check_suite.pull_requests) }}"
diff --git a/.github/workflows/pr-linter-trigger.yml → ...ub/workflows/pr-linter-review-trigger.yml b/.github/workflows/pr-linter-trigger.yml → ...ub/workflows/pr-linter-review-trigger.yml
@@ -1,3 +1,12 @@
+# Re-evaluate the PR linter after reviews. This is used to upgrade the label
+# of a PR to `needs-maintainer-review` after a trusted community members leaves
+# an approving review.
+#
+# Unprivileged workflow that runs in the context of the PR, when a review is changed.
+#
+# Save the PR number, and download it again in the PR Linter workflow which
+# needs to run in privileged `workflow_run` context (but then must restore the
+# PR context).
 name: PR Linter Trigger
 
 on:

diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml
@@ -26,39 +26,29 @@ jobs:
     # if conditions on all individual steps because subsequent jobs depend on this job
     # and we cannot skip it entirely
     steps:
-      - name: 'Download artifact'
+      - name: 'Download workflow_run artifact'
         if: github.event_name == 'workflow_run'
-        uses: actions/github-script@v7
+        uses: dawidd6/action-download-artifact@v7
         with:
-          script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id,
-            });
-            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "pr_info"
-            })[0];
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_info.zip`, Buffer.from(download.data));
-      - name: 'Unzip artifact'
-        if: github.event_name == 'workflow_run'
-        run: unzip pr_info.zip
+          run_id: ${{ github.event.workflow_run.id }}
+          name: pr_info
+          path: pr/
+          search_artifacts: true
 
-      - name: 'Make GitHub output'
+      - name: 'Determine PR info'
+        # PR info comes from the artifact if downloaded, or GitHub context if not.
         if: github.event_name == 'workflow_run'
         id: 'pr_output'
         run: |
-          echo "cat pr_number"
-          echo "pr_number=$(cat pr_number)" >> "$GITHUB_OUTPUT"
-          echo "cat pr_sha"
-          echo "pr_sha=$(cat pr_sha)" >> "$GITHUB_OUTPUT"
+          if [[ ! -f pr/pr_number ]]; then
+            echo "${{ github.event.pull_request.number }}" > pr/pr_number
+          fi
+          if [[ ! -f pr/pr_sha ]]; then
+            echo "${{ github.event.pull_request.head.sha }}" > pr/pr_sha
+          fi
+          cat pr/*
+          echo "pr_number=$(cat pr/pr_number)" >> "$GITHUB_OUTPUT"
+          echo "pr_sha=$(cat pr/pr_sha)" >> "$GITHUB_OUTPUT"
 
   validate-pr:
     # Necessary to have sufficient permissions to write to the PR
@@ -80,7 +70,7 @@ jobs:
         uses: ./tools/@aws-cdk/prlint
         env:
           GITHUB_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }}
-          # PR_NUMBER and PR_SHA is empty if triggered by pull_request_target, since we already have that info
           PR_NUMBER: ${{ needs.download-if-workflow-run.outputs.pr_number }}
           PR_SHA: ${{ needs.download-if-workflow-run.outputs.pr_sha }}
+          LINTER_LOGIN: ${{ vars.LINTER_LOGIN }}
           REPO_ROOT: ${{ github.workspace }}
diff --git a/.mergify.yml b/.mergify.yml
@@ -12,6 +12,7 @@ queue_rules:
       - -closed
       - "#approved-reviews-by>=1"
       - -approved-reviews-by~=author
+      # This is important! It makes the PR Linter work.
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
       - status-success=validate-pr
@@ -30,6 +31,7 @@ queue_rules:
       - -closed
       - "#approved-reviews-by>=1"
       - -approved-reviews-by~=author
+      # This is important! It makes the PR Linter work.
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
       - status-success=validate-pr
@@ -61,6 +63,7 @@ pull_request_rules:
       - author!=dependabot-preview[bot]
       - "#approved-reviews-by>=1"
       - -approved-reviews-by~=author
+      # This is important! It makes the PR Linter work.
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
       - status-success=validate-pr
@@ -81,6 +84,7 @@ pull_request_rules:
       - author!=dependabot-preview[bot]
       - "#approved-reviews-by>=2"
       - -approved-reviews-by~=author
+      # This is important! It makes the PR Linter work.
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
       - status-success=validate-pr
@@ -101,6 +105,7 @@ pull_request_rules:
       - author!=dependabot-preview[bot]
       - "#approved-reviews-by>=1"
       - -approved-reviews-by~=author
+      # This is important! It makes the PR Linter work.
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
       - status-success=validate-pr
@@ -140,6 +145,7 @@ pull_request_rules:
       - -closed
       - author~=dependabot
       - "#approved-reviews-by>=1"
+      # This is important! It makes the PR Linter work.
       - "#changes-requested-reviews-by=0"
       - status-success~=AWS CodeBuild us-east-1
       - status-success=validate-pr
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -718,6 +718,10 @@ To make this easier we have a `pr/needs-review` label that we can add to each
 PR. If you do not see this label on your PR then it means that something needs
 to be fixed before it can be reviewed.
 
+> [!NOTE]  
+> The `aws-cdk` repository is frequently updated, so PR branches may quickly become out-of-date, showing "This branch is out-of-date with the base branch." This is not an issue as long as there are no conflicts with the newly merged commits. Once the PR is approved, our automation will update it with the latest `main` branch and handle the merge. No action is needed on your part.
+
+
 #### Adding construct runtime dependencies
 
 Any tool that is not part of the CDK, and needs to be used by a construct during