ci: revert ci-compat-e2e to AWS access keys#23212
Merged
benesjan merged 1 commit intoMay 12, 2026
Merged
Conversation
Reverts OIDC-based AWS auth in the ci-compat-e2e job back to access key credentials. The OIDC role lacks ec2:RunInstances, so spot/on-demand provisioning fails (hidden until now by continue-on-error on nightly tags). Mirrors c3c1371 which applied the same workaround to ci-release-publish. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
rangozd
pushed a commit
to rangozd/aztec-packages
that referenced
this pull request
May 16, 2026
BEGIN_COMMIT_OVERRIDE fix: dropped tagging indices no longer cause a pxe crash on sync (AztecProtocol#23044) feat: forward-port upstream oxide aztec-nr changes (AztecProtocol#23183) test: add noir tests for get_note_hash_membership_witness (AztecProtocol#23190) fix(aztec-up): explicit exit in CLI acceptance test harness (AztecProtocol#23200) refactor(pxe): batch nullifier sync across scopes (AztecProtocol#23129) ci: revert ci-compat-e2e to AWS access keys (AztecProtocol#23212) END_COMMIT_OVERRIDE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
backport-to-v4-next-staging) ontomerge-train/fairies.ci-compat-e2eand runs withAWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEYinstead. The OIDC role (pipeline-exec-aztecprotocol-aztec-packages-heads-next) has noec2:RunInstancespolicy attached, so spot requests time out and the on-demand fallback fails withUnauthorizedOperation. The job has been failing silently on every v4 nightly since feat(ci): forward-port backwards compatibility e2e workflows to v5 #22930 becausecontinue-on-errorfor-nightly.tags masked it.next(2681b23 / forward-port of chore(ci): side-stepping OIDC to unblock nightlies #23167).Example failure from v4 line: https://github.com/AztecProtocol/aztec-packages/actions/runs/25737242295/job/75580441745
Test plan
ci-compat-e2elabel here to exercise the compat-e2e job end-to-end and confirm EC2 spot/on-demand provisioning succeeds with static credentials.🤖 Generated with Claude Code