Skip to content

fix(release): Set AWS_DEFAULT_REGION in release workflow for S3 uploads and CloudFront invalidation#268

Merged
victorvhs017 merged 1 commit into
mainfrom
fix/add-missing-aws-region
Jun 17, 2026
Merged

fix(release): Set AWS_DEFAULT_REGION in release workflow for S3 uploads and CloudFront invalidation#268
victorvhs017 merged 1 commit into
mainfrom
fix/add-missing-aws-region

Conversation

@victorvhs017

@victorvhs017 victorvhs017 commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Description 📣

Type ✨

  • Bug fix
  • New feature
  • Improvement
  • Breaking change
  • Documentation

@infisical-review-police

infisical-review-police Bot commented Jun 17, 2026

Copy link
Copy Markdown

💬 Discussion in Slack: #pr-review-cli-268-fix-release-set-aws-default-region-in-release-workflow-for-s3

Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel.

@victorvhs017 victorvhs017 requested a review from maidul98 June 17, 2026 02:13
@greptile-apps

greptile-apps Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes a missing AWS_DEFAULT_REGION environment variable in the CLI release workflow that caused the AWS CLI to fail when uploading packages to S3 and invalidating the CloudFront distribution.

  • AWS_DEFAULT_REGION: us-east-1 is added to both the "Publish packages to repositories" step and the "Invalidate Cloudfront cache" step, supplying the region the AWS CLI requires when no default profile or config file is present in the GitHub Actions runner environment.
  • The region is hardcoded as a literal value rather than sourced from a repository secret or variable, so a bucket migration to a different region would require a code change rather than a configuration update.

Confidence Score: 4/5

The change is safe to merge — it unblocks the release workflow by supplying a previously absent required environment variable to two AWS CLI steps.

Both affected steps now receive the region they need. The only concern is that the region is baked in as a literal rather than read from a secret, which could require a code change if the S3 bucket ever moves to a different region.

.github/workflows/release_build_infisical_cli.yml — the hardcoded region value is worth a second look if the S3 bucket is not in us-east-1.

Important Files Changed

Filename Overview
.github/workflows/release_build_infisical_cli.yml Adds AWS_DEFAULT_REGION: us-east-1 to two steps (S3 publish and CloudFront invalidation) that previously lacked a region, fixing AWS CLI failures in the release workflow. Region is hardcoded rather than driven by a secret/variable.

Comments Outside Diff (1)

  1. .github/workflows/release_build_infisical_cli.yml, line 264-278 (link)

    P2 The region is hardcoded to us-east-1 in both steps. If the S3 bucket lives in a different region, aws s3 commands will receive a redirect response and may fail with a PermanentRedirect error (the AWS CLI does not always follow S3 redirects transparently). Storing the region in a repository secret or variable (e.g. INFISICAL_CLI_REPO_AWS_REGION) makes it consistent with the other credentials and lets the bucket migrate without a code change.

Reviews (1): Last reviewed commit: "fix(release): Set AWS_DEFAULT_REGION in ..." | Re-trigger Greptile

@victorvhs017 victorvhs017 merged commit d26ab11 into main Jun 17, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maidul98 maidul98 maidul98 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@victorvhs017 @maidul98