From 85579e56efd7250c63bb165b8d40539d6b18a381 Mon Sep 17 00:00:00 2001 From: tiennm99 Date: Fri, 22 May 2026 15:39:42 +0700 Subject: [PATCH] fix(deploy): pass BotOwnerID and AdminUserIDs from samconfig.toml in CI CI's --parameter-overrides replaces (not merges with) samconfig.toml's parameter_overrides, so BOT_OWNER_ID was empty in the deployed Lambda. deploynotify silently skipped sending the post-deploy DM, and all Protected/Private commands were denied. Extract the values from samconfig.toml at deploy time so the file remains the single source of truth for non-secret deploy params. Also add 'stats' to samconfig.toml's ModulesCSV so local `sam deploy` doesn't regress the stats module. --- .github/workflows/deploy.yml | 7 ++++++- samconfig.toml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8f8ec72..27f2f9e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -54,7 +54,12 @@ jobs: --name "/miti99bot/${STACK_ENV}/cron-shared-secret" \ --with-decryption --query Parameter.Value --output text) echo "::add-mask::$CRON_SECRET" - OVERRIDES="CronSharedSecret=$CRON_SECRET" + # Extract non-secret deploy params from samconfig.toml so it stays + # the single source of truth (CI's --parameter-overrides replaces, + # not merges with, samconfig.toml values). + BOT_OWNER_ID=$(sed -n 's/.*BotOwnerID=\\"\\([^\\]*\\)\\".*/\1/p' samconfig.toml) + ADMIN_USER_IDS=$(sed -n 's/.*AdminUserIDs=\\"\\([^\\]*\\)\\".*/\1/p' samconfig.toml) + OVERRIDES="CronSharedSecret=$CRON_SECRET BotOwnerID=$BOT_OWNER_ID AdminUserIDs=$ADMIN_USER_IDS" if [ -n "$ALERT_EMAIL" ]; then OVERRIDES="$OVERRIDES AlertEmail=$ALERT_EMAIL" fi diff --git a/samconfig.toml b/samconfig.toml index 7c98baa..14c7fc3 100644 --- a/samconfig.toml +++ b/samconfig.toml @@ -13,7 +13,7 @@ resolve_s3 = true s3_prefix = "miti99bot" # Secrets MUST live in SSM Parameter Store (see aws/README.md). Never put # them here — this file is committed. -parameter_overrides = "StackEnv=\"prod\" ModulesCSV=\"util,misc,wordle,loldle,lolschedule,twentyq,trading\" BotOwnerID=\"1064111334\" AdminUserIDs=\"1064111334\" LambdaAdapterLayerArn=\"arn:aws:lambda:ap-southeast-1:753240598075:layer:LambdaAdapterLayerArm64:25\" AlertEmail=\"minhtienit99@gmail.com\"" +parameter_overrides = "StackEnv=\"prod\" ModulesCSV=\"util,misc,wordle,loldle,lolschedule,twentyq,trading,stats\" BotOwnerID=\"1064111334\" AdminUserIDs=\"1064111334\" LambdaAdapterLayerArn=\"arn:aws:lambda:ap-southeast-1:753240598075:layer:LambdaAdapterLayerArm64:25\" AlertEmail=\"minhtienit99@gmail.com\"" image_repositories = [] [default.validate.parameters]