Skip to content

ci: use GitHub App token for prerelease workflow#1369

Merged
jesseturner21 merged 1 commit into
aws:mainfrom
Hweinstock:feat/prerelease-app-token
May 22, 2026
Merged

ci: use GitHub App token for prerelease workflow#1369
jesseturner21 merged 1 commit into
aws:mainfrom
Hweinstock:feat/prerelease-app-token

Conversation

@Hweinstock
Copy link
Copy Markdown
Contributor

@Hweinstock Hweinstock commented May 22, 2026
edited
Loading

Description

Switch the prerelease-tarball workflow from secrets.GITHUB_TOKEN to a GitHub App token, consistent with all other workflows in the repo.

The default workflow token was insufficient because we need access to the private repo, see: https://github.com/aws/agentcore-cli/actions/runs/26293331790

Related Issue

N/A

Documentation PR

N/A

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update
  • Other (please describe): CI fix

Testing

How have you tested the change?

  • I ran npm run test:unit and npm run test:integ
  • I ran npm run typecheck
  • I ran npm run lint
  • If I modified src/assets/, I ran npm run test:update-snapshots and committed the updated snapshots

Workflow-only change — validated YAML syntax locally.

Checklist

  • I have read the CONTRIBUTING document
  • I have added any necessary tests that prove my fix is effective or my feature works
  • I have updated the documentation accordingly
  • I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
  • My changes generate no new warnings
  • Any dependent changes have been merged and published

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the
terms of your choice.

@github-actions github-actions Bot added the size/xs PR size: XS label May 22, 2026
@agentcore-devx-automation agentcore-devx-automation Bot added the claude-security-reviewing Claude Code /security-review in progress label May 22, 2026
@github-actions github-actions Bot added the agentcore-harness-reviewing AgentCore Harness review in progress label May 22, 2026
@agentcore-devx-automation
Copy link
Copy Markdown
Contributor

agentcore-devx-automation Bot commented May 22, 2026

Claude Security Review: no high-confidence findings. (run)

@agentcore-devx-automation agentcore-devx-automation Bot removed the claude-security-reviewing Claude Code /security-review in progress label May 22, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 22, 2026

Package Tarball

aws-agentcore-0.14.2.tgz

How to install

gh release download pr-1369-tarball --repo aws/agentcore-cli --pattern "*.tgz" --dir /tmp/pr-tarball
npm install -g /tmp/pr-tarball/aws-agentcore-0.14.2.tgz

agentcore-cli-automation
agentcore-cli-automation approved these changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown

@agentcore-cli-automation agentcore-cli-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to merge. The change mirrors the GitHub App token pattern already used in release.yml, release-main-and-preview.yml, sync-from-public.yml, sync-preview.yml, and strands-command.yml (same actions/create-github-app-token@v1, same vars.APP_ID / secrets.APP_PRIVATE_KEY), so it's consistent with the rest of the repo. The rationale (default GITHUB_TOKEN lacking access to the private agentcore-l3-cdk-constructs repo during npm run bundle) checks out.

Minor (non-blocking) observation: the top-level permissions: contents: write block is now effectively dead since the release create/delete uses the App token instead of GITHUB_TOKEN. Safe to leave as-is or drop in a follow-up — not worth blocking on.

@github-actions github-actions Bot removed the agentcore-harness-reviewing AgentCore Harness review in progress label May 22, 2026
@Hweinstock Hweinstock marked this pull request as ready for review May 22, 2026 15:28
@Hweinstock Hweinstock requested a review from a team May 22, 2026 15:28
@jesseturner21 jesseturner21 merged commit dfde466 into aws:main May 22, 2026
29 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jesseturner21 jesseturner21 jesseturner21 approved these changes

+1 more reviewer

@agentcore-cli-automation agentcore-cli-automation agentcore-cli-automation approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

size/xs PR size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hweinstock @jesseturner21 @agentcore-cli-automation