From ae462c2058972fbc29d95beb9d9c710d15d37df2 Mon Sep 17 00:00:00 2001 From: sten-vw Date: Fri, 3 Oct 2025 15:48:22 +0200 Subject: [PATCH 1/6] Added version workflow --- .../workflows/aws-api-mcp-upgrade-version.yml | 174 ++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 .github/workflows/aws-api-mcp-upgrade-version.yml diff --git a/.github/workflows/aws-api-mcp-upgrade-version.yml b/.github/workflows/aws-api-mcp-upgrade-version.yml new file mode 100644 index 0000000000..a062840c43 --- /dev/null +++ b/.github/workflows/aws-api-mcp-upgrade-version.yml @@ -0,0 +1,174 @@ +--- +name: AWS API MCP Server - Upgrade AWS CLI Version +description: | + This workflow upgrades the AWS CLI version in src/aws-api-mcp-server using uv upgrade + and creates a pull request with the changes. +on: + workflow_dispatch: + schedule: + - cron: '0 5 * * *' # Daily at 6 AM Amsterdam time (UTC+1) +env: + BOT_USER_EMAIL: ${{ vars.BOT_USER_EMAIL || '203918161+awslabs-mcp@users.noreply.github.com' }} + BOT_USER_NAME: ${{ vars.BOT_USER_NAME || 'awslabs-mcp' }} +permissions: + actions: none + attestations: none + checks: none + contents: none + deployments: none + discussions: none + id-token: none + issues: none + models: none + packages: none + pages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none +jobs: + upgrade-awscli: + name: Upgrade AWS CLI Version + runs-on: ubuntu-latest + timeout-minutes: 10 + permissions: + contents: write # SECURITY: Only for branch creation and commits + pull-requests: write # SECURITY: Only for PR creation + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + token: ${{ secrets.BOT_GITHUB_TOKEN }} + - name: Install uv + uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0 + - name: Create upgrade branch + id: create-branch + run: | + set -euo pipefail + + TIMESTAMP="$(date +'%Y%m%d%H%M%S')" + UPGRADE_BRANCH="upgrade/aws-api-mcp-awscli-$TIMESTAMP" + + git config --local user.email "${{ env.BOT_USER_EMAIL }}" + git config --local user.name "${{ env.BOT_USER_NAME }}" + + git checkout -b "$UPGRADE_BRANCH" + git push --set-upstream origin "$UPGRADE_BRANCH" + + echo "upgrade-branch=$UPGRADE_BRANCH" >> $GITHUB_OUTPUT + - name: Upgrade AWS CLI in aws-api-mcp-server + working-directory: src/aws-api-mcp-server + run: | + set -euo pipefail + + echo "::debug::Upgrading AWS CLI dependencies" + uv remove awscli + uv add awscli --upgrade + uv sync + - name: Configure Git and GPG securely + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} + run: | + set -euo pipefail # SECURITY: Strict error handling + + # Create secure temporary directory for GPG + export GNUPGHOME=$(mktemp -d) + chmod 700 "$GNUPGHOME" + echo "GNUPGHOME=$GNUPGHOME" >> $GITHUB_ENV + + echo "::debug::Setting up secure GPG environment" + + # Configure git user + git config --local user.email "${{ env.BOT_USER_EMAIL }}" + git config --local user.name "${{ env.BOT_USER_NAME }}" + + # Import GPG key without exposing secrets in command line + echo "$GPG_PRIVATE_KEY" | gpg --batch --import --quiet + echo "$GPG_KEY_ID:6:" | gpg --import-ownertrust --quiet + + # Configure git GPG settings + git config --global user.signingkey "$GPG_KEY_ID" + git config --global commit.gpgsign true + git config --global tag.gpgsign true + + # Test GPG functionality + echo "test" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ + --sign --armor --local-user "$GPG_KEY_ID" <<< "$GPG_PASSPHRASE" > /dev/null + + echo "::debug::GPG configuration completed successfully" + - name: Commit and push changes + env: + GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + run: | + set -euo pipefail + echo "::debug::Committing changes" + + # Add only the source directory + git add src/aws-api-mcp-server/ + + # Check if there are changes to commit + if git diff --cached --quiet; then + echo "::warning::No changes to commit" + exit 0 + else + # Cache GPG signature + echo "commit" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ + --sign --armor --local-user "$GPG_KEY_ID" <<< "$GPG_PASSPHRASE" > /dev/null + + # Create signed commit + git commit -m "chore(aws-api-mcp-server): upgrade AWS CLI version" --sign + + # Pull with rebase to maintain linear history + git pull --rebase origin "${{ steps.create-branch.outputs.upgrade-branch }}" + + # Push changes + git push origin "${{ steps.create-branch.outputs.upgrade-branch }}" + + echo "::debug::Successfully committed and pushed changes" + fi + - name: Create pull request + env: + GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} + run: | + set -euo pipefail + + UPGRADE_BRANCH="${{ steps.create-branch.outputs.upgrade-branch }}" + BASE_BRANCH="${{ github.ref_name }}" + + PR_URL="$(gh pr create \ + --base "$BASE_BRANCH" \ + --head "$UPGRADE_BRANCH" \ + --title "chore(aws-api-mcp-server): upgrade AWS CLI version" \ + --body "# AWS CLI Version Upgrade + + This PR upgrades the AWS CLI version in the aws-api-mcp-server package. + + ## Changes + * Updated AWS CLI dependencies using \`uv sync --upgrade-package awscli\` + + ## Checklist + - [ ] Dependencies have been upgraded + - [ ] Lock file has been updated + - [ ] Tests pass with new versions + + ## Acknowledgment + By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the [project license](https://github.com/awslabs/mcp/blob/main/LICENSE).")" + + echo "::debug::Successfully created pull request $PR_URL" + echo "### :arrow_up: AWS CLI Upgrade Ready" >> $GITHUB_STEP_SUMMARY + echo "Pull request $PR_URL created for [$UPGRADE_BRANCH](https://github.com/${{ github.repository }}/tree/$UPGRADE_BRANCH) branch" >> $GITHUB_STEP_SUMMARY + - name: Secure GPG cleanup + if: always() + run: | + set +e # Don't fail on cleanup errors + echo "::debug::Performing secure cleanup" + if [[ -n "${GNUPGHOME:-}" && -d "$GNUPGHOME" ]]; then + rm -rf "$GNUPGHOME" + echo "::debug::Cleaned up GPG directory" + fi + gpgconf --kill gpg-agent 2>/dev/null || true + unset GPG_PRIVATE_KEY GPG_PASSPHRASE GPG_KEY_ID GNUPGHOME 2>/dev/null || true + echo "::debug::Secure cleanup completed" From 290b4152b46cffb917c0a4ab36a6423c05bc11a9 Mon Sep 17 00:00:00 2001 From: sten-vw Date: Fri, 3 Oct 2025 16:13:56 +0200 Subject: [PATCH 2/6] Add more debug statements --- .../workflows/aws-api-mcp-upgrade-version.yml | 40 +++++++++++++++---- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/.github/workflows/aws-api-mcp-upgrade-version.yml b/.github/workflows/aws-api-mcp-upgrade-version.yml index a062840c43..d38550ca7a 100644 --- a/.github/workflows/aws-api-mcp-upgrade-version.yml +++ b/.github/workflows/aws-api-mcp-upgrade-version.yml @@ -32,8 +32,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 permissions: - contents: write # SECURITY: Only for branch creation and commits - pull-requests: write # SECURITY: Only for PR creation + contents: write + pull-requests: write steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -49,22 +49,37 @@ jobs: TIMESTAMP="$(date +'%Y%m%d%H%M%S')" UPGRADE_BRANCH="upgrade/aws-api-mcp-awscli-$TIMESTAMP" + echo "::debug::Creating upgrade branch: $UPGRADE_BRANCH" + + # Check if branch already exists + if git ls-remote --heads origin "$UPGRADE_BRANCH" | grep -q "$UPGRADE_BRANCH"; then + echo "::error::Upgrade branch already exists: $UPGRADE_BRANCH" >&2 + exit 1 + fi + + # Configure git user git config --local user.email "${{ env.BOT_USER_EMAIL }}" git config --local user.name "${{ env.BOT_USER_NAME }}" + # Create and push branch git checkout -b "$UPGRADE_BRANCH" git push --set-upstream origin "$UPGRADE_BRANCH" + # Verify branch was created + if ! git ls-remote --heads origin "$UPGRADE_BRANCH" | grep -q "$UPGRADE_BRANCH"; then + echo "::error::Failed to verify branch creation: $UPGRADE_BRANCH" >&2 + exit 1 + fi + echo "upgrade-branch=$UPGRADE_BRANCH" >> $GITHUB_OUTPUT + echo "::debug::Successfully created upgrade branch: $UPGRADE_BRANCH" - name: Upgrade AWS CLI in aws-api-mcp-server working-directory: src/aws-api-mcp-server run: | set -euo pipefail - - echo "::debug::Upgrading AWS CLI dependencies" - uv remove awscli - uv add awscli --upgrade - uv sync + echo "::debug::Upgrading AWS CLI to latest version" + uv add --upgrade awscli + echo "::debug::AWS CLI upgrade completed" - name: Configure Git and GPG securely env: GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} @@ -138,6 +153,15 @@ jobs: UPGRADE_BRANCH="${{ steps.create-branch.outputs.upgrade-branch }}" BASE_BRANCH="${{ github.ref_name }}" + echo "::debug::Creating PR from $UPGRADE_BRANCH to $BASE_BRANCH" + + # Validate branch names + if [[ ! "$UPGRADE_BRANCH" =~ ^upgrade/aws-api-mcp-awscli-[0-9]{14}$ ]]; then + echo "::error::Invalid upgrade branch format: $UPGRADE_BRANCH" >&2 + exit 1 + fi + + # Create PR with validated content PR_URL="$(gh pr create \ --base "$BASE_BRANCH" \ --head "$UPGRADE_BRANCH" \ @@ -147,7 +171,7 @@ jobs: This PR upgrades the AWS CLI version in the aws-api-mcp-server package. ## Changes - * Updated AWS CLI dependencies using \`uv sync --upgrade-package awscli\` + * Updated AWS CLI dependencies to latest version ## Checklist - [ ] Dependencies have been upgraded From 18691b51ecedff4243a50f12acce771f95c58d26 Mon Sep 17 00:00:00 2001 From: sten-vw Date: Fri, 3 Oct 2025 16:25:24 +0200 Subject: [PATCH 3/6] Also upgrade version in pyproject.toml --- .../workflows/aws-api-mcp-upgrade-version.yml | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/.github/workflows/aws-api-mcp-upgrade-version.yml b/.github/workflows/aws-api-mcp-upgrade-version.yml index d38550ca7a..140163f17e 100644 --- a/.github/workflows/aws-api-mcp-upgrade-version.yml +++ b/.github/workflows/aws-api-mcp-upgrade-version.yml @@ -51,12 +51,6 @@ jobs: echo "::debug::Creating upgrade branch: $UPGRADE_BRANCH" - # Check if branch already exists - if git ls-remote --heads origin "$UPGRADE_BRANCH" | grep -q "$UPGRADE_BRANCH"; then - echo "::error::Upgrade branch already exists: $UPGRADE_BRANCH" >&2 - exit 1 - fi - # Configure git user git config --local user.email "${{ env.BOT_USER_EMAIL }}" git config --local user.name "${{ env.BOT_USER_NAME }}" @@ -77,8 +71,25 @@ jobs: working-directory: src/aws-api-mcp-server run: | set -euo pipefail - echo "::debug::Upgrading AWS CLI to latest version" - uv add --upgrade awscli + + echo "::debug::Upgrading AWS CLI dependencies" + + # Get latest version from PyPI + LATEST_VERSION=$(uv run --no-project python -c "import urllib.request, json; print(json.loads(urllib.request.urlopen('https://pypi.org/pypi/awscli/json').read())['info']['version'])") + echo "::debug::Latest AWS CLI version from PyPI: $LATEST_VERSION" + + # Remove existing awscli dependency + echo "::debug::Removing existing awscli dependency" + uv remove awscli + + # Add new version with exact pinning + echo "::debug::Adding awscli==$LATEST_VERSION" + uv add "awscli==$LATEST_VERSION" + + # Sync dependencies + echo "::debug::Syncing dependencies" + uv sync + echo "::debug::AWS CLI upgrade completed" - name: Configure Git and GPG securely env: From 329f7bc75ed9c86cf5e8de3bf3f854f17fd96af7 Mon Sep 17 00:00:00 2001 From: sten-vw Date: Mon, 6 Oct 2025 09:33:07 +0200 Subject: [PATCH 4/6] Cancel if there is no update in version --- .../workflows/aws-api-mcp-upgrade-version.yml | 73 +++++++++++-------- 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/.github/workflows/aws-api-mcp-upgrade-version.yml b/.github/workflows/aws-api-mcp-upgrade-version.yml index 140163f17e..14e752526a 100644 --- a/.github/workflows/aws-api-mcp-upgrade-version.yml +++ b/.github/workflows/aws-api-mcp-upgrade-version.yml @@ -67,31 +67,48 @@ jobs: echo "upgrade-branch=$UPGRADE_BRANCH" >> $GITHUB_OUTPUT echo "::debug::Successfully created upgrade branch: $UPGRADE_BRANCH" - - name: Upgrade AWS CLI in aws-api-mcp-server + - name: Check and upgrade AWS CLI version + id: upgrade working-directory: src/aws-api-mcp-server run: | set -euo pipefail - echo "::debug::Upgrading AWS CLI dependencies" + # Get current installed version + CURRENT_VERSION=$(uv run python -c "from importlib.metadata import version; print(version('awscli'))") + echo "::debug::Current AWS CLI version: $CURRENT_VERSION" # Get latest version from PyPI LATEST_VERSION=$(uv run --no-project python -c "import urllib.request, json; print(json.loads(urllib.request.urlopen('https://pypi.org/pypi/awscli/json').read())['info']['version'])") echo "::debug::Latest AWS CLI version from PyPI: $LATEST_VERSION" - # Remove existing awscli dependency - echo "::debug::Removing existing awscli dependency" - uv remove awscli + # Set version outputs + echo "current-version=$CURRENT_VERSION" >> $GITHUB_OUTPUT + echo "latest-version=$LATEST_VERSION" >> $GITHUB_OUTPUT - # Add new version with exact pinning - echo "::debug::Adding awscli==$LATEST_VERSION" - uv add "awscli==$LATEST_VERSION" + # Compare versions + if [[ "$CURRENT_VERSION" == "$LATEST_VERSION" ]]; then + echo "has-changes=false" >> $GITHUB_OUTPUT + echo "::notice::AWS CLI is already up to date (version $CURRENT_VERSION)" + else + echo "has-changes=true" >> $GITHUB_OUTPUT + echo "::notice::Upgrading AWS CLI from $CURRENT_VERSION to $LATEST_VERSION" + + # Remove existing awscli dependency + echo "::debug::Removing existing awscli dependency" + uv remove awscli - # Sync dependencies - echo "::debug::Syncing dependencies" - uv sync + # Add new version with exact pinning + echo "::debug::Adding awscli==$LATEST_VERSION" + uv add "awscli==$LATEST_VERSION" - echo "::debug::AWS CLI upgrade completed" + # Sync dependencies + echo "::debug::Syncing dependencies" + uv sync + + echo "::debug::AWS CLI upgrade completed" + fi - name: Configure Git and GPG securely + if: steps.upgrade.outputs.has-changes == 'true' env: GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} @@ -125,6 +142,7 @@ jobs: echo "::debug::GPG configuration completed successfully" - name: Commit and push changes + if: steps.upgrade.outputs.has-changes == 'true' env: GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} @@ -135,27 +153,22 @@ jobs: # Add only the source directory git add src/aws-api-mcp-server/ - # Check if there are changes to commit - if git diff --cached --quiet; then - echo "::warning::No changes to commit" - exit 0 - else - # Cache GPG signature - echo "commit" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ - --sign --armor --local-user "$GPG_KEY_ID" <<< "$GPG_PASSPHRASE" > /dev/null + # Cache GPG signature + echo "commit" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ + --sign --armor --local-user "$GPG_KEY_ID" <<< "$GPG_PASSPHRASE" > /dev/null - # Create signed commit - git commit -m "chore(aws-api-mcp-server): upgrade AWS CLI version" --sign + # Create signed commit + git commit -m "chore(aws-api-mcp-server): upgrade AWS CLI to v${{ steps.upgrade.outputs.latest-version }}" --sign - # Pull with rebase to maintain linear history - git pull --rebase origin "${{ steps.create-branch.outputs.upgrade-branch }}" + # Pull with rebase to maintain linear history + git pull --rebase origin "${{ steps.create-branch.outputs.upgrade-branch }}" - # Push changes - git push origin "${{ steps.create-branch.outputs.upgrade-branch }}" + # Push changes + git push origin "${{ steps.create-branch.outputs.upgrade-branch }}" - echo "::debug::Successfully committed and pushed changes" - fi + echo "::debug::Successfully committed and pushed changes" - name: Create pull request + if: steps.upgrade.outputs.has-changes == 'true' env: GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} run: | @@ -176,13 +189,13 @@ jobs: PR_URL="$(gh pr create \ --base "$BASE_BRANCH" \ --head "$UPGRADE_BRANCH" \ - --title "chore(aws-api-mcp-server): upgrade AWS CLI version" \ + --title "chore(aws-api-mcp-server): upgrade AWS CLI to v${{ steps.upgrade.outputs.latest-version }}" \ --body "# AWS CLI Version Upgrade This PR upgrades the AWS CLI version in the aws-api-mcp-server package. ## Changes - * Updated AWS CLI dependencies to latest version + * Updated AWS CLI from **v${{ steps.upgrade.outputs.current-version }}** to **v${{ steps.upgrade.outputs.latest-version }}** ## Checklist - [ ] Dependencies have been upgraded From 06c41e54ab1c2572a7626d884b9cf93478aed048 Mon Sep 17 00:00:00 2001 From: sten-vw Date: Thu, 9 Oct 2025 17:54:43 +0200 Subject: [PATCH 5/6] Only create branch after new version --- .../workflows/aws-api-mcp-upgrade-version.yml | 53 ++++++++++--------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/.github/workflows/aws-api-mcp-upgrade-version.yml b/.github/workflows/aws-api-mcp-upgrade-version.yml index 14e752526a..997612bbc2 100644 --- a/.github/workflows/aws-api-mcp-upgrade-version.yml +++ b/.github/workflows/aws-api-mcp-upgrade-version.yml @@ -41,32 +41,6 @@ jobs: token: ${{ secrets.BOT_GITHUB_TOKEN }} - name: Install uv uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0 - - name: Create upgrade branch - id: create-branch - run: | - set -euo pipefail - - TIMESTAMP="$(date +'%Y%m%d%H%M%S')" - UPGRADE_BRANCH="upgrade/aws-api-mcp-awscli-$TIMESTAMP" - - echo "::debug::Creating upgrade branch: $UPGRADE_BRANCH" - - # Configure git user - git config --local user.email "${{ env.BOT_USER_EMAIL }}" - git config --local user.name "${{ env.BOT_USER_NAME }}" - - # Create and push branch - git checkout -b "$UPGRADE_BRANCH" - git push --set-upstream origin "$UPGRADE_BRANCH" - - # Verify branch was created - if ! git ls-remote --heads origin "$UPGRADE_BRANCH" | grep -q "$UPGRADE_BRANCH"; then - echo "::error::Failed to verify branch creation: $UPGRADE_BRANCH" >&2 - exit 1 - fi - - echo "upgrade-branch=$UPGRADE_BRANCH" >> $GITHUB_OUTPUT - echo "::debug::Successfully created upgrade branch: $UPGRADE_BRANCH" - name: Check and upgrade AWS CLI version id: upgrade working-directory: src/aws-api-mcp-server @@ -107,6 +81,33 @@ jobs: echo "::debug::AWS CLI upgrade completed" fi + - name: Create upgrade branch + if: steps.upgrade.outputs.has-changes == 'true' + id: create-branch + run: | + set -euo pipefail + + TIMESTAMP="$(date +'%Y%m%d%H%M%S')" + UPGRADE_BRANCH="upgrade/aws-api-mcp-awscli-$TIMESTAMP" + + echo "::debug::Creating upgrade branch: $UPGRADE_BRANCH" + + # Configure git user + git config --local user.email "${{ env.BOT_USER_EMAIL }}" + git config --local user.name "${{ env.BOT_USER_NAME }}" + + # Create and push branch + git checkout -b "$UPGRADE_BRANCH" + git push --set-upstream origin "$UPGRADE_BRANCH" + + # Verify branch was created + if ! git ls-remote --heads origin "$UPGRADE_BRANCH" | grep -q "$UPGRADE_BRANCH"; then + echo "::error::Failed to verify branch creation: $UPGRADE_BRANCH" >&2 + exit 1 + fi + + echo "upgrade-branch=$UPGRADE_BRANCH" >> $GITHUB_OUTPUT + echo "::debug::Successfully created upgrade branch: $UPGRADE_BRANCH" - name: Configure Git and GPG securely if: steps.upgrade.outputs.has-changes == 'true' env: From a3c2525f8fca86a867a21a6f194ec962088bd007 Mon Sep 17 00:00:00 2001 From: sten-vw Date: Thu, 9 Oct 2025 18:01:27 +0200 Subject: [PATCH 6/6] Change branchname to use version --- .github/workflows/aws-api-mcp-upgrade-version.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/aws-api-mcp-upgrade-version.yml b/.github/workflows/aws-api-mcp-upgrade-version.yml index 997612bbc2..a12f19e232 100644 --- a/.github/workflows/aws-api-mcp-upgrade-version.yml +++ b/.github/workflows/aws-api-mcp-upgrade-version.yml @@ -87,8 +87,8 @@ jobs: run: | set -euo pipefail - TIMESTAMP="$(date +'%Y%m%d%H%M%S')" - UPGRADE_BRANCH="upgrade/aws-api-mcp-awscli-$TIMESTAMP" + LATEST_VERSION="${{ steps.upgrade.outputs.latest-version }}" + UPGRADE_BRANCH="upgrade/aws-api-mcp-awscli-v$LATEST_VERSION" echo "::debug::Creating upgrade branch: $UPGRADE_BRANCH" @@ -181,7 +181,7 @@ jobs: echo "::debug::Creating PR from $UPGRADE_BRANCH to $BASE_BRANCH" # Validate branch names - if [[ ! "$UPGRADE_BRANCH" =~ ^upgrade/aws-api-mcp-awscli-[0-9]{14}$ ]]; then + if [[ ! "$UPGRADE_BRANCH" =~ ^upgrade/aws-api-mcp-awscli-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "::error::Invalid upgrade branch format: $UPGRADE_BRANCH" >&2 exit 1 fi