ci: add cross-package e2e matrix testing against CDK constructs main #672
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2E Tests | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| aws_region: | |
| description: 'AWS region for deployment' | |
| default: 'us-east-1' | |
| pull_request_target: | |
| branches: [main] | |
| push: | |
| branches: [feat/cross-package-e2e-matrix] # TEMPORARY: remove before merging | |
| concurrency: | |
| group: e2e-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| id-token: write # OIDC — lets GitHub assume an AWS IAM role via short-lived token (no stored keys) | |
| contents: read | |
| jobs: | |
| authorize: | |
| runs-on: ubuntu-latest | |
| if: | |
| github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request_target' || github.event_name == | |
| 'push' | |
| outputs: | |
| is_authorized: ${{ steps.check.outputs.is_authorized }} | |
| steps: | |
| - name: Check authorization | |
| id: check | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" || "${{ github.event_name }}" == "push" ]]; then | |
| echo "✅ ${{ github.event_name }} — authorized" | |
| echo "is_authorized=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| AUTHORIZED_USERS="${{ secrets.AUTHORIZED_USERS }}" | |
| if [[ ",$AUTHORIZED_USERS," == *",${{ github.actor }},"* ]]; then | |
| echo "✅ User ${{ github.actor }} is authorized" | |
| echo "is_authorized=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "⏭️ User ${{ github.actor }} is not in AUTHORIZED_USERS — skipping E2E tests." | |
| echo "ℹ️ External contributors: ask a maintainer to run the E2E tests manually via workflow_dispatch." | |
| echo "is_authorized=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| e2e: | |
| needs: authorize | |
| if: needs.authorize.outputs.is_authorized == 'true' | |
| runs-on: ubuntu-latest | |
| environment: e2e-testing | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| cdk-source: [npm, main] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20.x' | |
| cache: 'npm' | |
| - name: Configure git | |
| run: | | |
| git config --global user.email "ci@amazon.com" | |
| git config --global user.name "CI" | |
| - uses: astral-sh/setup-uv@v7 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v6 | |
| with: | |
| role-to-assume: ${{ secrets.E2E_AWS_ROLE_ARN }} | |
| aws-region: ${{ inputs.aws_region || 'us-east-1' }} | |
| - name: Get AWS Account ID | |
| id: aws | |
| run: echo "account_id=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_OUTPUT" | |
| - name: Get API keys from Secrets Manager | |
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | |
| with: | |
| secret-ids: | | |
| E2E,${{ secrets.E2E_SECRET_ARN }} | |
| parse-json-secrets: true | |
| # Build @aws/agentcore-cdk from source and override the template dependency. | |
| # Requires secrets: CDK_CONSTRUCTS_REPO (org/repo), CROSS_REPO_TOKEN (fine-grained PAT) | |
| - name: Checkout CDK constructs | |
| if: matrix.cdk-source == 'main' | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ secrets.CDK_CONSTRUCTS_REPO }} | |
| token: ${{ secrets.CROSS_REPO_TOKEN }} | |
| path: /tmp/cdk-constructs | |
| - name: Build CDK constructs from main | |
| if: matrix.cdk-source == 'main' | |
| run: | | |
| cd /tmp/cdk-constructs | |
| npm ci | |
| npm run build || true # type errors in constructs are OK — schemas still compile | |
| TARBALL=$(npm pack --pack-destination /tmp 2>/dev/null | tail -1) | |
| echo "CDK_TARBALL=/tmp/$TARBALL" >> "$GITHUB_ENV" | |
| - name: Override CDK dependency in template | |
| if: matrix.cdk-source == 'main' | |
| run: | | |
| cd src/assets/cdk | |
| node -e " | |
| const pkg = require('./package.json'); | |
| pkg.dependencies['@aws/agentcore-cdk'] = 'file:${{ env.CDK_TARBALL }}'; | |
| require('fs').writeFileSync('package.json', JSON.stringify(pkg, null, 2)); | |
| " | |
| echo "Overrode @aws/agentcore-cdk to: file:${{ env.CDK_TARBALL }}" | |
| - run: npm ci | |
| - run: npm run build | |
| - name: Run E2E tests (${{ matrix.cdk-source }}) | |
| env: | |
| AWS_ACCOUNT_ID: ${{ steps.aws.outputs.account_id }} | |
| AWS_REGION: ${{ inputs.aws_region || 'us-east-1' }} | |
| ANTHROPIC_API_KEY: ${{ env.E2E_ANTHROPIC_API_KEY }} | |
| OPENAI_API_KEY: ${{ env.E2E_OPENAI_API_KEY }} | |
| GEMINI_API_KEY: ${{ env.E2E_GEMINI_API_KEY }} | |
| run: npx vitest run --project e2e strands-bedrock strands-openai langgraph-bedrock googleadk-gemini |