(workflow): PR Linter not triggered when "Codebuild PR Build" completes #36055
Description
Describe the bug
Related to #30128
The PR Linter workflow is configured to auto-trigger when "Codebuild PR Build" completes via workflow_run event, but this mechanism FAILED for PR #36049. The workflow_run event DID fire, but the PR Linter run failed immediately because it couldn't determine which PR to validate.
Expected Behavior
should trigger successfully after Codebuild PR Build
Current Behavior
not triggered
Missing PR Info Artifact in Codebuild PR Build
Reproduction Steps
N/A
Possible Solution
The Core Problem:
The "Codebuild PR Build" workflow does NOT upload the pr_info artifact that PR Linter requires to identify which PR to validate when triggered via workflow_run.
Technical Details:
- PR Linter's Dependency Chain:
# PR Linter expects this artifact from triggering workflow:
- name: 'Download workflow_run artifact'
uses: dawidd6/action-download-artifact@v11
with:
run_id: ${{ github.event.workflow_run.id }}
name: pr_info # <-- EXPECTS THIS
# Fallback if artifact doesn't exist:
- name: 'Determine PR info'
run: |
if [[ ! -f pr/pr_number ]]; then
# Uses GitHub's pull_requests array
echo "${{ github.event.workflow_run.pull_requests[0].number }}" > pr/pr_number
fi- Codebuild PR Build Missing Steps:
# codebuild-pr-build.yml has NO artifact upload
# It should have:
- name: Save PR number
run: |
mkdir -p ./pr
echo ${{ github.event.pull_request.number }} > ./pr/pr_number
echo ${{ github.event.pull_request.head.sha }} > ./pr/pr_sha
- uses: actions/upload-artifact@v5
with:
name: pr_info
path: pr/
- GitHub Actions Limitation:
When a workflow uses pull_request trigger (not pull_request_target) from the same repo (not a fork), the workflow_run.pull_requests array is EMPTY.
Evidence:
{
"id": 19342493369,
"name": "Codebuild PR Build",
"event": "pull_request",
"pull_requests": [] // EMPTY!
}- Result:
• No pr_info artifact → artifact download succeeds but file doesn't exist
• Fallback to pull_requests[0].number → returns NULL (array is empty)
• Script tries to echo NULL → creates invalid pr_number file
• Validation job cannot determine PR number → FAILS
Why Other Workflows Work
The "PR Linter Trigger" workflow (.github/workflows/pr-linter-review-trigger.yml) DOES upload the artifact:
name: PR Linter Trigger
on:
pull_request_review: # Different trigger
types: [submitted, edited, dismissed]
jobs:
trigger:
steps:
- name: Save PR number
run: |
mkdir -p ./pr
echo ${{ github.event.pull_request.number }} > ./pr/pr_number
echo ${{ github.event.pull_request.head.sha }} > ./pr/pr_sha
- uses: actions/upload-artifact@v5
with:
name: pr_info
path: pr/This is why PR Linter successfully triggers after reviews but NOT after Codebuild completes.
Evidence of Failure
A workflow_run-triggered PR Linter run DID occur at 20:24:28 (run #19344816945) but for a different commit (main branch), and it FAILED:
Job: download-if-workflow-run
✓ Download workflow_run artifact (success)
✗ Determine PR info (FAILURE)
Job: validate-pr (SKIPPED - dependency failed)
Solution
Add the following steps to .github/workflows/codebuild-pr-build.yml:
jobs:
build:
steps:
# ... existing steps ...
- name: Save PR info for PR Linter
if: github.event_name == 'pull_request'
run: |
mkdir -p ./pr
echo ${{ github.event.pull_request.number }} > ./pr/pr_number
echo ${{ github.event.pull_request.head.sha }} > ./pr/pr_sha
- name: Upload PR info artifact
if: github.event_name == 'pull_request'
uses: actions/upload-artifact@v5
with:
name: pr_info
path: pr/This will allow PR Linter to correctly identify and validate the PR when triggered by Codebuild PR Build completion.
Additional Information/Context
Timeline with Root Cause
18:53:15 - PR #36049 opened
18:53:19 - PR Linter run #19342493014 (pull_request_target) ✓ SUCCESS
18:53:20 - Codebuild PR Build #19342493369 started
20:24:25 - Codebuild PR Build COMPLETED ✓ SUCCESS
20:24:28 - PR Linter run #19344816945 (workflow_run) ✗ FAILED
└─ download-if-workflow-run job FAILED
└─ "Determine PR info" step FAILED
execution flow
> PR #36049 WORKFLOW EXECUTION FLOW
=====================================
EXPECTED BEHAVIOR:
------------------
PR Opened
│
├──► PR Linter ──────────────► ✓ SUCCESS
│ (pull_request_target)
│
└──► Codebuild PR Build
(pull_request)
│
│ (29 minutes)
│
▼
✓ COMPLETED
│
│ workflow_run event
│
▼
PR Linter ──────────────► ✓ SUCCESS
(re-validates PR)
ACTUAL BEHAVIOR (WHAT HAPPENED):
---------------------------------
PR #36049 Opened (18:53:15)
│
├──► PR Linter ──────────────► ✓ SUCCESS (18:55:12)
│ (pull_request_target)
│ ✓ Has PR context
│
└──► Codebuild PR Build (18:53:20)
(pull_request)
│
│ Build running...
│
▼
✓ COMPLETED (20:24:25)
│
│ workflow_run event fires
│
▼
PR Linter (20:24:28)
(workflow_run)
│
├─ download-if-workflow-run job
│ │
│ ├─ Download pr_info artifact
│ │ └─ ✓ No artifact found (Codebuild didn't upload)
│ │
│ └─ Determine PR info
│ │
│ ├─ Check pr/pr_number file ──► ✗ Doesn't exist
│ │
│ └─ Fallback: pull_requests[0].number
│ │
│ └─ pull_requests = [] ──► ✗ EMPTY!
│ │
│ └─ Returns NULL
│ │
│ ▼
│ ✗ FAILURE
│
└─ validate-pr job ──► ⊘ SKIPPED (dependency failed)
ROOT CAUSE DIAGRAM:
-------------------
┌─────────────────────────────────────────────────────────────┐
│ Codebuild PR Build Workflow │
│ (.github/workflows/codebuild-pr-build.yml) │
│ │
│ Trigger: pull_request │
│ │
│ ┌────────────────────────────────────────────────────┐ │
│ │ Jobs: │ │
│ │ - Checkout │ │
│ │ - Setup Node │ │
│ │ - Build │ │
│ │ - Run Rosetta │ │
│ │ - Check uncommitted changes │ │
│ │ │ │
│ │ ✗ MISSING: │ │
│ │ - Save PR info │ │
│ │ - Upload pr_info artifact │ │
│ └────────────────────────────────────────────────────┘ │
│ │
│ Result: │
│ ✓ Build succeeds │
│ ✗ No pr_info artifact uploaded │
│ ✗ pull_requests array = [] (GitHub limitation) │
└─────────────────────────────────────────────────────────────┘
│
│ workflow_run event
▼
┌─────────────────────────────────────────────────────────────┐
│ PR Linter Workflow │
│ (.github/workflows/pr-linter.yml) │
│ │
│ Trigger: workflow_run (Codebuild PR Build completed) │
│ │
│ ┌────────────────────────────────────────────────────┐ │
│ │ download-if-workflow-run job: │ │
│ │ │ │
│ │ 1. Download pr_info artifact │ │
│ │ └─► ✗ Not found (Codebuild didn't upload) │ │
│ │ │ │
│ │ 2. Determine PR info: │ │
│ │ if [[ ! -f pr/pr_number ]]; then │ │
│ │ echo "${{ pull_requests[0].number }}" │ │
│ │ └─► pull_requests = [] │ │
│ │ └─► [0].number = NULL │ │
│ │ └─► ✗ FAILURE │ │
│ │ │ │
│ │ validate-pr job: │ │
│ │ └─► ⊘ SKIPPED (needs: download-if-workflow-run) │ │
│ └────────────────────────────────────────────────────┘ │
│ │
│ Result: ✗ WORKFLOW FAILED │
└─────────────────────────────────────────────────────────────┘
COMPARISON: WORKING vs BROKEN
------------------------------
WORKING: PR Linter Trigger Workflow
┌──────────────────────────────────┐
│ PR Review Submitted │
│ │ │
│ ▼ │
│ PR Linter Trigger │
│ ├─ Save PR info ✓ │
│ └─ Upload pr_info artifact ✓ │
│ │ │
│ │ workflow_run │
│ ▼ │
│ PR Linter │
│ ├─ Download pr_info ✓ │
│ ├─ Read pr_number ✓ │
│ └─ Validate PR ✓ │
└──────────────────────────────────┘
BROKEN: Codebuild PR Build
┌──────────────────────────────────┐
│ Codebuild PR Build │
│ ├─ Build code ✓ │
│ ├─ Run tests ✓ │
│ └─ Upload pr_info ✗ MISSING │
│ │ │
│ │ workflow_run │
│ ▼ │
│ PR Linter │
│ ├─ Download pr_info ✗ Not found│
│ ├─ Fallback: pull_requests[0] ✗│
│ │ └─ Array is empty! │
│ └─ ✗ FAILURE │
└──────────────────────────────────┘
AWS CDK Library version (aws-cdk-lib)
na
AWS CDK CLI version
na
Node.js Version
na
OS
na
Language
TypeScript
Language Version
No response
Other information
No response