chore: refactor non-prod CI to only run Go targets#2134
Conversation
* chore: add permissions: contents: read to all workflow jobs * chore: add pull-requests: write to new job-level permissions * chore: add id-token: write to new job-level permissions * Update .github/workflows/daily_ci.yml Co-authored-by: Rishav karanjit <karanjitrishav4@gmail.com> --------- Co-authored-by: Rishav karanjit <karanjitrishav4@gmail.com>
|
Detected changes to the release files or to the check-files action |
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
| code-generation: | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write |
There was a problem hiding this comment.
Does this job need pull-requests write permission?
There was a problem hiding this comment.
I am looking at https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax and it doesn't seem we need this permissions
There was a problem hiding this comment.
I experimented by adding one permission at a time.
You can see the experiments in this PR: https://github.com/aws/aws-database-encryption-sdk-dynamodb/pull/2135/commits
It was not until I had all three that CI passed.
rishav-karanjit
left a comment
There was a problem hiding this comment.
LGTM.
I still think pull-requests: write is not required but adding it does not make our CI infrastructure bad as this permission have very less power. So, I approved it
|
Detected changes to the release files or to the check-files action |
## [4.0.0](v3.9.1...v4.0.0) (2026-04-16) ### ⚠ BREAKING CHANGES * **.net:** Bump MPL V2 (#2145) ### feat * **.net:** Bump MPL V2 ([#2145](#2145)) ([87c534b](87c534b)) ### Fixes -- Java * **java:** drop hkdf offset method ([#2222](#2222)) ([7aad5fb](7aad5fb)) ### Maintenance -- Java * **java:** Attempt to reduce flaky CI ([#2220](#2220)) ([987aec6](987aec6)) * **java:** attempt to reduce flaky CI failures ([#2203](#2203)) ([b4d88f1](b4d88f1)) * **java:** merge from main ([53d6ba3](53d6ba3)) * **java:** shut down local DDB in test ([#2176](#2176)) ([fa1e151](fa1e151)) ### Maintenance -- Rust * **rust:** release v1.2.4 ([#2184](#2184)) ([6823d31](6823d31)) ### Miscellaneous * **.net:** add ddb local to .net release ([#2075](#2075)) ([db55bdf](db55bdf)) * **.net:** comment out testvectors from release ([#2076](#2076)) ([fdaa9e3](fdaa9e3)) * **.net:** fix release commands to include all json tv files ([#2072](#2072)) ([10f809d](10f809d)) * **.net:** pin mpl to latest ([#2065](#2065)) ([f6b64a6](f6b64a6)) * **.net:** reference submoduled mpl ([#2080](#2080)) ([be3f58f](be3f58f)) * add code coverage check ([#2171](#2171)) ([c2ae8e7](c2ae8e7)) * add DDBEC examples ([#2064](#2064)) ([9b7c284](9b7c284)) * add integration test and unit test ([#2139](#2139)) ([3cb8a96](3cb8a96)) * add migration examples ([#2057](#2057)) ([18dbc50](18dbc50)) * add more interop tests ([#2131](#2131)) ([c06bc3a](c06bc3a)) * add multi order test ([#2170](#2170)) ([d09cd16](d09cd16)) * add test for DDBEC with sdk v2 ([#2126](#2126)) ([e3ac7cd](e3ac7cd)) * add user agent string ([#2172](#2172)) ([88c597c](88c597c)) * bump GitHub Actions to latest versions ([#2144](#2144)) ([92615d4](92615d4)) * **ci:** add workflow_dispatch and remove run on PR for daily CI ([#2218](#2218)) ([d6fd0fb](d6fd0fb)) * **ci:** daily ci for branches ([#2208](#2208)) ([fcc4b97](fcc4b97)) * **ci:** remove branch default to main ([#2219](#2219)) ([1a3d1f0](1a3d1f0)) * **CI:** run clippy ([#2181](#2181)) ([6b54985](6b54985)) * **ci:** run test on Java 21 and windows OS ([#2159](#2159)) ([6e702d8](6e702d8)) * **ci:** use snapshot builds ([#2083](#2083)) ([0124ca6](0124ca6)) * copy DDBEC with SDK v2 code as-is from internal ([#2047](#2047)) ([dc439b4](dc439b4)) * delete ddbec which uses AWS SDK Java v1 ([#2193](#2193)) ([bb74687](bb74687)) * **deps:** bump actions/checkout v5->v6 and setup-docker-macos-action v1.0.2->v1.1.0 ([#2130](#2130)) ([337c776](337c776)) * **deps:** update aws-lc-sys requirement from 0.38 to 0.39 in /DynamoDbEncryption/runtimes/rust ([#2149](#2149)) ([b76bcb7](b76bcb7)) * fix CI (almost) and make AWS SDK v1 compileOnly ([#2049](#2049)) ([e509a56](e509a56)) * merge from main ([e9f8259](e9f8259)) * merge from main 2nd try ([eb17468](eb17468)) * merge from main and fix ubuntu failing ([#2192](#2192)) ([3317b4d](3317b4d)) * move put cache after signature verification ([#2223](#2223)) ([49b8b67](49b8b67)) * refactor non-prod CI to only run Go targets ([#2134](#2134)) ([0d2622c](0d2622c)) * release aws-db-esdk v1.2.3 ([#2122](#2122)) ([888aaba](888aaba)) * Rename `Directkmsmaterialsprovider` to `Directkmsmaterialprovider` ([#2150](#2150)) ([4126efa](4126efa)) * rename and format ([#2118](#2118)) ([091b7b4](091b7b4)) * run java test on ubuntu ([#2167](#2167)) ([cffa72c](cffa72c)) * update internal legacy override with adapter pattern ([#2054](#2054)) ([abbac83](abbac83)) * update readme and remove comments in CI ([#2158](#2158)) ([7e1c863](7e1c863))
* chore(release): 4.0.0 * **java:** add DDBEC with SDK v2 and remove DDBEC with SDK V1 (#2048) * **.net:** Bump MPL V2 (#2145) * **java:** add DDBEC with SDK v2 and remove DDBEC with SDK V1 ([#2048](#2048)) ([035dbe3](035dbe3)) * **.net:** Bump MPL V2 ([#2145](#2145)) ([87c534b](87c534b)) * use UUIDs and cleanup in beacon styles example to avoid stale item collisions ([#2125](#2125)) ([773c1ff](773c1ff)) * **.net:** add ddb local to .net release ([#2075](#2075)) ([db55bdf](db55bdf)) * **.net:** comment out testvectors from release ([#2076](#2076)) ([fdaa9e3](fdaa9e3)) * **.net:** fix release commands to include all json tv files ([#2072](#2072)) ([10f809d](10f809d)) * **.net:** pin mpl to latest ([#2065](#2065)) ([f6b64a6](f6b64a6)) * **.net:** reference submoduled mpl ([#2080](#2080)) ([be3f58f](be3f58f)) * add retries to examples ([#2262](#2262)) ([ab622af](ab622af)) * add special-characters-workaround to avoid sigv4 failure ([#2270](#2270)) ([7223d98](7223d98)) * bump GitHub Actions to latest versions ([#2144](#2144)) ([92615d4](92615d4)) * **ci:** add concurrency control ([#2265](#2265)) ([85d6be8](85d6be8)) * **ci:** add more error code in infra related failure ([#2254](#2254)) ([7d3b0b5](7d3b0b5)) * **ci:** Add retries to DDB local setup steps ([#2267](#2267)) ([7987566](7987566)) * **ci:** add workflow_dispatch and remove run on PR for daily CI ([#2218](#2218)) ([d6fd0fb](d6fd0fb)) * **ci:** daily ci for branches ([#2208](#2208)) ([fcc4b97](fcc4b97)) * **ci:** fix Test Examples workflow for v3.x-java daily ci ([#2233](#2233)) ([0140037](0140037)) * **ci:** remove branch default to main ([#2219](#2219)) ([1a3d1f0](1a3d1f0)) * **ci:** retry failed CI only for infrastructure errors ([#2235](#2235)) ([909b34a](909b34a)) * **CI:** run clippy ([#2181](#2181)) ([6b54985](6b54985)) * **ci:** run test on Java 21 and windows OS ([#2159](#2159)) ([6e702d8](6e702d8)) * **ci:** Update daily_ci to get triggered at 7AM ([#2283](#2283)) ([3ed89b5](3ed89b5)) * **ci:** use snapshot builds ([#2083](#2083)) ([0124ca6](0124ca6)) * **deps:** bump actions/checkout v5->v6 and setup-docker-macos-action v1.0.2->v1.1.0 ([#2130](#2130)) ([337c776](337c776)) * **deps:** update aws-lc-sys requirement from 0.38 to 0.39 in /DynamoDbEncryption/runtimes/rust ([#2149](#2149)) ([b76bcb7](b76bcb7)) * refactor non-prod CI to only run Go targets ([#2134](#2134)) ([0d2622c](0d2622c)) * release aws-db-esdk v1.2.3 ([#2122](#2122)) ([888aaba](888aaba)) * **release:** 4.0.0 ([#2247](#2247)) ([ddf56bf](ddf56bf)), closes [#2048](#2048) * **release:** allow local testing ([#2251](#2251)) ([546b68c](546b68c)) * run java test on ubuntu ([#2167](#2167)) ([cffa72c](cffa72c)) * separate changelog for Java and .NET ([#2242](#2242)) ([67ed551](67ed551)) * use install smithy dafny deps from MPL ([#2266](#2266)) ([4f3b542](4f3b542)) * chore: edit net changelog * chore: pin mpl version as project ref --------- Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net> Co-authored-by: Shubham Chaturvedi <scchatur@amazon.com>
Refactor CI workflows:
Refactor non-prod.yml to only run Go targets, removing all other language/verification jobs (Java, .NET, Rust, Dafny verification, format, codegen).
Add job-level permissions to every workflow job that didn't already have a permissions block (22 files, 113 jobs). Each new block includes:
contents: readpull-requests: writeid-token: writeJobs that already had a permissions block were left untouched.