chore: Migrate CodeBuild release to GHA (without publishing step) #1614
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
October 29, 2025 13:20
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
lucasmcdonald3
changed the title
lucasmcdonald3
changed the title
seebees
requested changes
Oct 30, 2025
| fetch-depth: 0 | ||
| submodules: true | ||
|
|
||
| - name: Setup Node.js 16 |
There was a problem hiding this comment.
That's what the CodeBuild uses today
| NPM_CONFIG_UNSAFE_PERM: true | ||
|
|
||
| jobs: | ||
| compliance: |
There was a problem hiding this comment.
Do these need to come first? Can we break this up maybe? To have the publishing things come first?
There was a problem hiding this comment.
We need some validations to come first:
- Pre-publish validation that the head of main is healthy
- Publish
- Post-publish validation on the published artifact
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
Translate this package's the CodeBuild release workflow to GHA.
Today we publish to npm with legacy tokens which are slated to be removed sometime next week.
Suggested alternatives are
Testing: Had a previous commit that ran this workflow on PRs: https://github.com/aws/aws-encryption-sdk-javascript/actions/runs/19046654780/job/54400214440?pr=1614
Successful except for browser test vectors failure, whose failure reason is documented in workflow comments.
The next PR would add publishing.
The current CodeBuild publishing steps are not what we would use in GHA, so I won't copy them over.
CodeBuild uses OTP to publish, but GHA would follow these steps.
I'm keeping that out of scope for this "translation" PR so the new publishing steps would be easier to see.
(Also bump testing timeout -- 2s was timing out while loading AWS SDK, bump to 5s seems to work)
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Check any applicable: