[patch] engmt-xx: fix gha

[bredmond5]

Pull Request Template

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• Unit test
• Integration test

JS Budget Check

Please mention the size in kb before abd after this PR

Files	Before	After
dist/build.js.
dist/build.min.js

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have checked my code and corrected any misspellings

Mentions:

List the person or team responsible for reviewing proposed changes.

cc @BranchMetrics/saas-sdk-devs for visibility.

[matter-code-review]

Pull Request Template

Description

Summary By MatterAI

🔄 What Changed

This pull request updates two GitHub Actions workflows: build-push.yml and deploy-release.yml. Both workflows now utilize arc-standard-small-set as their designated runner, replacing the generic ubuntu-latest. Additionally, the deploy-release.yml workflow has upgraded its actions/checkout action from v4 to v5 for both the main repository and the BranchMetrics/branch-github-actions repository. A significant security enhancement involves the removal of explicit aws-access-key-id and aws-secret-access-key parameters from the aws-actions/configure-aws-credentials@v4 action in both workflows, indicating a shift towards a more secure authentication mechanism (e.g., OIDC or IAM roles). The critical bug (stray 'g' character) identified in the previous review is no longer present in this patch.

🔍 Impact of the Change

The transition to arc-standard-small-set runners likely shifts workflow execution to self-hosted runners, which could impact performance, cost, or resource allocation. Upgrading actions/checkout to v5 ensures the use of the latest features, bug fixes, and security patches for repository checkout operations. The removal of explicit AWS credentials is a substantial security improvement, mitigating the risk of sensitive keys being exposed in workflow logs or configuration, and promoting more robust authentication practices. The absence of the previously identified stray 'g' character ensures that the build-push.yml workflow will execute without the syntax error.

📁 Total Files Changed

• .github/workflows/build-push.yml: Updated runs-on runner and removed explicit AWS credentials.
• .github/workflows/deploy-release.yml: Updated runs-on runner, upgraded actions/checkout to v5, and removed explicit AWS credentials.

🧪 Test Added

N/A

🔒Security Vulnerabilities

No new security vulnerabilities were introduced. The removal of explicit AWS access keys from the workflows is a significant security enhancement, improving the overall security posture of the CI/CD pipeline.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

• Unit test
• Integration test

JS Budget Check

Files	Before	After
dist/build.js.	N/A	N/A
dist/build.min.js	N/A	N/A

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have checked my code and corrected any misspellings

Mentions:

List the person or team responsible for reviewing proposed changes.

cc @BranchMetrics/saas-sdk-devs for visibility.

Tanka Poem ♫

Runner changed its path,
Secrets now hidden from view,
Actions updated.
CI/CD flows with new grace,
No stray 'g' to break the build. ✨

Sequence Diagram

sequenceDiagram
    participant G as GitHub
    participant R as GHA_Runner (arc-standard-small-set)
    participant GH_Repo as GitHub Repository
    participant AWS_IAM as AWS IAM Service

    Note over G,R: Workflow Triggered (build-push.yml / deploy-release.yml)
    G->>R: Assign Job
    R->>GH_Repo: actions/checkout@v4 (build-push.yml)
    R->>GH_Repo: actions/checkout@v5 (deploy-release.yml)
    R->>AWS_IAM: Configure AWS Credentials (aws-actions/configure-aws-credentials@v4)
    Note over R,AWS_IAM: Implicit authentication (OIDC/IAM Role)
    AWS_IAM-->>R: Temporary Credentials
    alt deploy-release.yml specific steps
        R->>GH_Repo: git rev-parse ${{ github.ref }}
        R->>GH_Repo: actions/checkout@v5 (BranchMetrics/branch-github-actions)
    end
    alt build-push.yml specific steps
        R->>R: Run tests, build
        R->>AWS_IAM: Deploy updated builds to staging (if main branch)
    end
    R-->>G: Job Completion Status

Loading

[matter-code-review]

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use MatterAI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with MatterAI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3

[github-actions]

Test Results

  1 files  ±0    1 suites  ±0   54s ⏱️ -1s
159 tests ±0  152 ✅ ±0  7 💤 ±0  0 ❌ ±0 
162 runs  ±0  155 ✅ ±0  7 💤 ±0  0 ❌ ±0 

Results for commit 5a0cd14. ± Comparison against base commit 8a10a5c.

[matter-code-review]

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use MatterAI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with MatterAI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3

[matter-code-review]

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use MatterAI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with MatterAI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3

[matter-code-review]

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use MatterAI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with MatterAI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3