@@ -311,36 +311,36 @@ jobs:
311311 set -euo pipefail
312312
313313 if command -v aws >/dev/null 2>&1; then
314- echo "aws already available: $(command -v aws)"
315314 aws --version
316315 exit 0
317316 fi
318317
319318 if ! command -v curl >/dev/null 2>&1; then
320- echo "ERROR: curl is not available on this runner."
319+ echo "ERROR: ' curl' is not available on this runner."
321320 exit 1
322321 fi
323322 if ! command -v unzip >/dev/null 2>&1; then
324- echo "ERROR: unzip is not available on this runner."
323+ echo "ERROR: ' unzip' is not available on this runner."
325324 exit 1
326325 fi
327326
327+ echo "aws not found. Installing AWS CLI v2 locally..."
328328 AWS_ROOT="${RUNNER_TEMP}/awscli"
329- AWS_ZIP ="${RUNNER_TEMP}/awscliv2.zip"
329+ ZIP_PATH ="${RUNNER_TEMP}/awscliv2.zip"
330330
331- rm -rf "${AWS_ROOT}" "${AWS_ZIP} "
331+ rm -rf "${AWS_ROOT}" "${ZIP_PATH}" "${RUNNER_TEMP}/aws "
332332 mkdir -p "${AWS_ROOT}"
333333
334- curl -fsSL -o "${AWS_ZIP }" "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
335- unzip -q "${AWS_ZIP }" -d "${RUNNER_TEMP}"
336- rm -f "${AWS_ZIP }"
334+ curl -fsSL -o "${ZIP_PATH }" "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
335+ unzip -oq "${ZIP_PATH }" -d "${RUNNER_TEMP}"
336+ rm -f "${ZIP_PATH }"
337337
338- # Install without sudo into RUNNER_TEMP
339- "${RUNNER_TEMP}/aws/install" -i "${AWS_ROOT}/install " -b "${AWS_ROOT}/bin"
338+ # Install without sudo
339+ "${RUNNER_TEMP}/aws/install" -i "${AWS_ROOT}" -b "${AWS_ROOT}/bin"
340340
341- # Make it available in THIS step and future steps
342- export PATH="${AWS_ROOT}/bin:${PATH}"
341+ # Make it available for subsequent steps + also this step
343342 echo "${AWS_ROOT}/bin" >> "${GITHUB_PATH}"
343+ export PATH="${AWS_ROOT}/bin:${PATH}"
344344
345345 aws --version
346346
@@ -367,11 +367,19 @@ jobs:
367367 exit 1
368368 fi
369369
370+ if ! command -v aws >/dev/null 2>&1; then
371+ echo "ERROR: aws CLI not found (should have been installed earlier)."
372+ exit 1
373+ fi
374+
370375 if ! command -v python3 >/dev/null 2>&1; then
371376 echo "ERROR: python3 not found on this runner (needed for version selection)."
372377 exit 1
373378 fi
374379
380+ # Verify AWS creds are valid (does NOT print secrets)
381+ aws sts get-caller-identity --output json >/dev/null
382+
375383 : "${S3_FOLDER:?S3_FOLDER is missing}"
376384 echo "Listing APKs in s3://${S3_BUCKET}/${S3_FOLDER} ..."
377385
@@ -489,8 +497,16 @@ jobs:
489497 print(f"OLD_BUILD_NUMBER={build_label(old_name) if old_name else ''}")
490498 PY
491499
500+ # ===== CRITICAL FIX =====
501+ # Make vars available in THIS step (GITHUB_ENV only applies to NEXT steps)
502+ set -a
503+ source "${RUNNER_TEMP}/apk_env.txt"
504+ set +a
505+ # Persist for later steps too
492506 cat "${RUNNER_TEMP}/apk_env.txt" >> "$GITHUB_ENV"
493507 cat "${RUNNER_TEMP}/apk_env.txt" >> "$GITHUB_OUTPUT"
508+ : "${NEW_S3_KEY:?NEW_S3_KEY missing after resolve}"
509+ # ========================
494510
495511 NEW_APK_PATH="${RUNNER_TEMP}/Wire.apk"
496512 echo "NEW_APK_PATH=${NEW_APK_PATH}" >> "$GITHUB_ENV"
@@ -500,6 +516,7 @@ jobs:
500516 test -s "${NEW_APK_PATH}"
501517
502518 if [[ "${IS_UPGRADE}" == "true" ]]; then
519+ : "${OLD_S3_KEY:?OLD_S3_KEY missing for upgrade}"
503520 OLD_APK_PATH="${RUNNER_TEMP}/Wire.old.apk"
504521 echo "OLD_APK_PATH=${OLD_APK_PATH}" >> "$GITHUB_ENV"
505522
@@ -578,4 +595,4 @@ jobs:
578595 rm -f secrets.json
579596 rm -f "${RUNNER_TEMP}/secrets.json"
580597 rm -f "${RUNNER_TEMP}/Wire.apk" "${RUNNER_TEMP}/Wire.old.apk" || true
581- git clean -ffdx || true
598+ git clean -ffdx
0 commit comments