Skip to content

chore(release) fix iam role used for dry run releases DEVPROD-21408 #2525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 28, 2025
Merged

chore(release) fix iam role used for dry run releases DEVPROD-21408 #2525

merged 1 commit into from
Aug 28, 2025

Conversation

drichmdb
Copy link
Collaborator

This commit adjusts our release dry run task to use the correct IAM role for its operations. The non-dry-run release task was using the expected role, but dry-run wasn't assuming the role we need to use.

@drichmdb
chore(release) fix iam role used for dry run releases
359213d 
This commit adjusts our release dry run task to use the correct IAM role
for its operations. The non-dry-run release task was using the expected
role, but dry-run wasn't assuming the role we need to use.
@Copilot Copilot AI review requested due to automatic review settings August 28, 2025 14:58
@drichmdb drichmdb requested a review from a team as a code owner August 28, 2025 14:58
Copilot
Copilot AI reviewed Aug 28, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes the IAM role configuration for dry run releases by ensuring the correct AWS role is assumed and credentials are properly set. The dry run release task was missing the IAM role assumption that the non-dry-run release task already had.

  • Adds ec2.assume_role command to assume the required IAM role for dry run releases
  • Sets up AWS credential environment variables for the download center artifacts

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
.evergreen/evergreen.yml.in Template file updated with IAM role assumption and AWS credential environment variables for dry run releases
.evergreen.yml Generated file updated with the same IAM role assumption and AWS credential environment variables

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

.evergreen/evergreen.yml.in
redacted: true
- command: ec2.assume_role
params:
role_arn: "arn:aws:iam::119629040606:role/s3-access.cdn-origin-compass"
Copy link

Copilot AI Aug 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IAM role ARN is hardcoded with a specific AWS account ID (119629040606). Consider using an environment variable or parameter to make this configurable across different environments and avoid exposing account details in the codebase.

Copilot uses AI. Check for mistakes.

.evergreen.yml
redacted: true
- command: ec2.assume_role
params:
role_arn: "arn:aws:iam::119629040606:role/s3-access.cdn-origin-compass"
Copy link

Copilot AI Aug 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IAM role ARN is hardcoded with a specific AWS account ID (119629040606). Consider using an environment variable or parameter to make this configurable across different environments and avoid exposing account details in the codebase.

Copilot uses AI. Check for mistakes.

@drichmdb drichmdb changed the title chore(release) fix iam role used for dry run releases chore(release) fix iam role used for dry run releases DEVPROD-21408 Aug 28, 2025
gagik
gagik requested changes Aug 28, 2025
View reviewed changes
Copy link
Contributor

@gagik gagik left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blocking the merge before release, LGTM generally though

@gagik gagik merged commit acedf5c into mongodb-js:main Aug 28, 2025
100 of 134 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gagik gagik gagik approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@drichmdb @gagik