DPC-5102 Handle error in generate token github action (#2874)

jdettmannnava · web-flow · commit cb4883d8b4c4 · 2026-01-02T12:41:15.000-08:00
## 🎫 Ticket https://jira.cms.gov/browse/DPC-5102 ## 🛠 Changes Github Action Workflow for generating token validates token before loading into parameter store ## ℹ️ Context We ran this workflow when the API was down, and an html page was entered as the golden macaroon, which made everything else fail. ## 🧪 Validation - Ran the workflow with api up and verified golden macaroon in dev parameter store changed: https://github.com/CMSgov/dpc-app/actions/runs/20664928982 - Ran the workflow with api down and verified the workflow failed and that the token was not updated: https://github.com/CMSgov/dpc-app/actions/runs/20665012110
diff --git a/.github/workflows/generate-macaroon.yml b/.github/workflows/generate-macaroon.yml
@@ -44,6 +44,8 @@ jobs:
       - name: Get and load Golden Macaroon
         run: |
           ALB_URL=$(aws elbv2 describe-load-balancers --names dpc-${{ inputs.env }}-frontend-internal | jq -r '.LoadBalancers[0].DNSName')
-          token=$(curl -X POST ${ALB_URL}:9900/tasks/generate-token)
-          aws ssm put-parameter --name '/dpc/${{ inputs.env }}/web/golden_macaroon' --type 'SecureString' --value "${token}" --key-id 'alias/dpc-${{ inputs.env }}-master-key' --overwrite
-          
+          token=$(curl --fail --silent -X POST ${ALB_URL}:9900/tasks/generate-token)
+          if [[ -n $token ]]; then
+             echo $token | base64 -d -i 1>/dev/null && \
+                 aws ssm put-parameter --name '/dpc/${{ inputs.env }}/web/golden_macaroon' --type 'SecureString' --value "${token}" --key-id 'alias/dpc-${{ inputs.env }}-master-key' --overwrite
+          fi
