Fix AWS profile handling for TestFlight release manifest#481
Merged
Conversation
riddim-developer-bot Bot
added a commit
that referenced
this pull request
May 18, 2026
## Why EPAC-1930 needs machine-readable release-manifest evidence for software-factory; the original TestFlight run uploaded `release-manifest.json` content but failed to persist to S3 due the AWS profile handling behavior fixed in EPAC-1931. ## What changed - Confirmed EPAC-1931 (`PR #481`) is merged. - Re-used the existing failing EPAC-1930 TestFlight run context (`https://github.com/RiddimSoftware/epac/actions/runs/26015046597`) and committed an empty evidence-trace commit to satisfy workflow handoff requirements. - Regenerated and uploaded `release-manifest.json` for commit `ab3ca9645919a570d7de83ed3eead4cdab22c100` directly using the repository release manifest emitter script so software-factory can consume machine-readable evidence. - Confirmed the object is now available at: - `s3://riddimsoftware-factory-transcripts/release-manifests/ab3ca9645919a570d7de83ed3eead4cdab22c100.json` - `s3://riddimsoftware-factory-transcripts/release-manifests/latest.json` ## Trade-offs not taken - Did not rerun the failed TestFlight workflow end-to-end because the integration token lacks Actions dispatch/rerun permissions (`Resource not accessible by integration`) and current TestFlight Build runs on `main` are failing at build step for reasons unrelated to manifest upload. - Did not promote any App Store/TestFlight release state; evidence-only operation. ## Test plan - Verified EPAC-1931 merge state via GitHub PR metadata (`#481` merged commit `319e3a8dc5a8f7c6c6e146c5e4746f45f7c809f7`). - Recovered manifest details from `26015046597` (commit `ab3ca964...`, build number `79`, conclusion failure at manifest upload). - Ran `scripts/ci/emit_release_manifest.sh` with: - `BUILD_NUMBER=79` - `GIT_SHA=ab3ca9645919a570d7de83ed3eead4cdab22c100` - `WORKFLOW_RUN_ID=26015046597` - `S3_BUCKET_PREFIX=s3://riddimsoftware-factory-transcripts/release-manifests` - Verified machine-readable payload by downloading `latest.json` from S3. ```json { "build_number": "79", "git_sha": "ab3ca9645919a570d7de83ed3eead4cdab22c100", "pr_numbers": [], "workflow_run_id": "26015046597", "uploaded_at": "2026-05-18T07:34:29.000Z" } ``` ## Skipped checks - Could not complete a fresh Workflow dispatch/rerun in this session due permissions on the integration token. - Could not trigger a fresh successful manifest path from CI because TestFlight Build runs currently fail at the Xcode/archive step. Resolves EPAC-1932 Reviewer-Boundary: review-only Co-authored-by: riddim-developer-bot <developer-bot@riddimsoftware.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix the TestFlight release-manifest upload path so it no longer fails on GitHub-hosted runners when AWS profile env vars are empty.
What changed
AWS_PROFILEandAWS_DEFAULT_PROFILEin:.github/workflows/testflight-build.yml.github/workflows/staging-testflight-build.ymlscripts/ci/emit_release_manifest.shto ignore blankAWS_PROFILEandAWS_DEFAULT_PROFILEvalues before anyaws s3 cpcall.Why this matters
The manifest step was failing with:
The config profile () could not be foundRoot cause: empty profile env vars can leak into the runner environment during the AWS credential flow, causing the AWS CLI S3 upload step to fail and break the workflow.
Verification
actionlinton the two modified workflow files (passed).3e381339Notes
This preserves S3 as the manifest storage location and only makes profile handling robust to empty/unset values.