chore: add localstack token#195
Conversation
paolodamico
requested review from
aurel-fr,
murph and
thomas-waite
as code owners
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Autofix Details
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: LocalStack auth token not passed to Docker container
- Added LOCALSTACK_AUTH_TOKEN to docker-compose.yml environment section to pass the token from host to container.
Or push these changes by commenting:
@cursor push 2bc8097729
Preview (2bc8097729)
diff --git a/docker-compose.yml b/docker-compose.yml
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@
environment:
- SERVICES=s3,kms,dynamodb
- DISABLE_EVENTS=1
+ - LOCALSTACK_AUTH_TOKEN
volumes:
- /var/lib/localstack
- /var/run/docker.sock:/var/run/docker.sockThis Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ebf6d4eaa1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
There was a problem hiding this comment.
Pull request overview
This PR updates local development and CI to support authenticated LocalStack usage, while also bumping the Rust toolchain and AWS SDK crate versions.
Changes:
- Wire
LOCALSTACK_AUTH_TOKENintodocker-composeand GitHub Actions jobs that start LocalStack. - Adjust CI LocalStack startup behavior (increased wait + log output) to reduce flaky runs.
- Bump Rust toolchain/base builder image and upgrade AWS SDK crates; add a
cargo-denyadvisory ignore forRUSTSEC-2026-0049.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
rust-toolchain.toml |
Updates the pinned Rust toolchain version. |
Dockerfile |
Bumps the Rust builder base image version. |
docker-compose.yml |
Passes LOCALSTACK_AUTH_TOKEN into the LocalStack container environment. |
.github/workflows/ci.yml |
Provides LOCALSTACK_AUTH_TOKEN to CI LocalStack startup and tweaks startup timing/logging. |
Cargo.toml |
Updates AWS SDK crate versions. |
Cargo.lock |
Lockfile updates from dependency bumps. |
deny.toml |
Adds a cargo-deny ignore entry for RUSTSEC-2026-0049. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -1,5 +1,5 @@ | |||
| [toolchain] | |||
| channel = "1.91.0" | |||
| channel = "1.92" | |||
There was a problem hiding this comment.
rust-toolchain.toml previously pinned a full patch release (e.g. 1.91.0), but is now set to "1.92". This can float to newer patch releases over time and diverge from the Docker builder image (rust:1.92.0-slim), making local/CI/container builds less reproducible. Consider pinning to the full patch version (e.g. 1.92.0) or aligning both files to the same policy (both pinned or both floating).
| channel = "1.92" | |
| channel = "1.92.0" |
Note
Medium Risk
Moderate risk due to Rust toolchain and AWS SDK dependency upgrades that could subtly change build behavior or AWS client/runtime semantics; CI changes mainly affect test environment startup timing and LocalStack authentication.
Overview
Updates CI and Docker Compose to support authenticated LocalStack by wiring
LOCALSTACK_AUTH_TOKENinto the LocalStack container and GitHub Actions jobs, and increases the LocalStack startup wait with log output to reduce flaky runs.Bumps the Rust toolchain/base builder image to
1.92and upgrades AWS SDK crates (plus related lockfile updates), and adds acargo-denyadvisory ignore forRUSTSEC-2026-0049affectingrustls-webpki.Written by Cursor Bugbot for commit e1b16ec. This will update automatically on new commits. Configure here.