update workflow to ignore reproducilbe updates

roger-zhangg · roger-zhangg · commit c740774f36e1 · 2026-01-30T12:26:36.000-08:00
diff --git a/.github/workflows/automated-updates-to-sam-cli.yml b/.github/workflows/automated-updates-to-sam-cli.yml
@@ -36,7 +36,8 @@ jobs:
           git reset --hard develop
           cat <<< "$(jq --arg commit_hash "$APP_TEMPLATES_COMMIT_HASH" --indent 4 '.app_template_repo_commit =  $commit_hash' samcli/runtime_config.json)" > samcli/runtime_config.json
           git status
-          git diff --quiet && exit 0 # exit if there is no change
+          # Ignore reproducible requirements when checking for changes (they are updated separately)
+          git diff --quiet -- . ':!requirements/reproducible-*.txt' && exit 0 # exit if there is no change
           echo "is_hash_changed=1" >> $GITHUB_ENV # set env variable for next step run decision
           git add -u
           git commit -m "feat: updating app templates repo hash with ($APP_TEMPLATES_COMMIT_HASH)"
@@ -87,7 +88,8 @@ jobs:
           sed -i "s/$SAM_T_PRE_VERSION/aws-sam-translator==$SAM_T_CUR_VERSION/g" requirements/base.txt
           cp -r ../serverless-application-model/tests/translator/input ./tests/functional/commands/validate/lib/models
           git status
-          git diff --quiet && exit 0 # exit if there is no change
+          # Ignore reproducible requirements when checking for changes (they are updated separately)
+          git diff --quiet -- . ':!requirements/reproducible-*.txt' && exit 0 # exit if there is no change
           echo "is_new_sam_t=1" >> $GITHUB_ENV # set env variable for next step run decision
           git add -u
           git commit -m "chore: update aws-sam-translator to $SAM_T_CUR_VERSION"
@@ -137,7 +139,8 @@ jobs:
           git reset --hard develop
           sed -i "s/$BUILDERS_PRE_VERSION/aws_lambda_builders==$BUILDERS_CUR_VERSION/g" requirements/base.txt
           git status
-          git diff --quiet && exit 0 # exit if there is no change
+          # Ignore reproducible requirements when checking for changes (they are updated separately)
+          git diff --quiet -- . ':!requirements/reproducible-*.txt' && exit 0 # exit if there is no change
           echo "is_new_lambda_builders=1" >> $GITHUB_ENV # set env variable for next step run decision
           git add -u
           git commit -m "chore: update aws_lambda_builders to $BUILDERS_CUR_VERSION"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -19,6 +19,20 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  # Update reproducible requirements before unit test for automated dependency update branches
+  update-reproducibles:
+    name: Update Reproducible Requirements
+    if: >
+      github.repository_owner == 'aws' &&
+      (github.head_ref == 'update_app_templates_hash' ||
+       github.head_ref == 'update_sam_transform_version' ||
+       github.head_ref == 'update_lambda_builders_version')
+    permissions:
+      pull-requests: write
+      contents: write
+    uses: ./.github/workflows/update-reproducibles.yml
+    secrets: inherit
+
   run-workflow:
     name: PR Workflow
     # If any dependent jobs fails, this WF skips which won't block merging PRs
@@ -45,7 +59,8 @@ jobs:
 
   make-pr:
     name: make pr / ${{ matrix.os }} / ${{ matrix.python }}
-    if: github.repository_owner == 'aws'
+    needs: update-reproducibles
+    if: github.repository_owner == 'aws' && always()
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
@@ -73,7 +88,8 @@ jobs:
 
   validate-schema:
     name: Validate JSON schema
-    if: github.repository_owner == 'aws'
+    needs: update-reproducibles
+    if: github.repository_owner == 'aws' && always()
     permissions:
       pull-requests: write
       contents: write
@@ -96,7 +112,8 @@ jobs:
 
   integration-tests:
     name: Integ / ${{ matrix.os }} / ${{ matrix.python }} / ${{ matrix.tests_config.name }}
-    if: github.repository_owner == 'aws'
+    needs: update-reproducibles
+    if: github.repository_owner == 'aws' && always()
     runs-on: ${{ matrix.os }}
     env:
       AWS_DEFAULT_REGION: us-east-1
@@ -200,7 +217,8 @@ jobs:
 
   smoke-and-functional-tests:
     name: ${{ matrix.tests_config.name }} / ${{ matrix.tests_config.os }} / ${{ matrix.python }}
-    if: github.repository_owner == 'aws'
+    needs: update-reproducibles
+    if: github.repository_owner == 'aws' && always()
     runs-on: ${{ matrix.tests_config.os }}
     env:
       AWS_DEFAULT_REGION: us-east-1
@@ -252,7 +270,8 @@ jobs:
 
   docker-disabled:
     name: Docker-disabled Tests / ${{ matrix.os }}
-    if: github.repository_owner == 'aws'
+    needs: update-reproducibles
+    if: github.repository_owner == 'aws' && always()
     runs-on: ${{ matrix.os }}
     env:
       SAM_CLI_DEV: "1"
diff --git a/.github/workflows/update-reproducibles.yml b/.github/workflows/update-reproducibles.yml
@@ -8,13 +8,21 @@ on:
       - requirements/reproducible-linux.txt
       - requirements/reproducible-mac.txt
       - requirements/reproducible-win.txt
+  workflow_call:
+    # Allow this workflow to be called from other workflows (e.g., build.yml)
 
 jobs:
   update-reqs:
     permissions:
       pull-requests: write
       contents: write
-    if: github.repository_owner == 'aws'
+    # Skip for automated dependency update branches - build.yml handles those via workflow_call
+    if: >
+      github.repository_owner == 'aws' &&
+      (github.event_name == 'workflow_call' ||
+       (github.head_ref != 'update_app_templates_hash' &&
+        github.head_ref != 'update_sam_transform_version' &&
+        github.head_ref != 'update_lambda_builders_version'))
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
