feat(a2a): add A2AAgent class as an implementation of the agent interface for remote A2A protocol based agents #1658
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Secure Integration test | |
| on: | |
| pull_request_target: | |
| branches: main | |
| jobs: | |
| authorization-check: | |
| permissions: read-all | |
| runs-on: ubuntu-latest | |
| outputs: | |
| approval-env: ${{ steps.collab-check.outputs.result }} | |
| steps: | |
| - name: Collaborator Check | |
| uses: actions/github-script@v8 | |
| id: collab-check | |
| with: | |
| result-encoding: string | |
| script: | | |
| try { | |
| const permissionResponse = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| username: context.payload.pull_request.user.login, | |
| }); | |
| const permission = permissionResponse.data.permission; | |
| const hasWriteAccess = ['write', 'admin'].includes(permission); | |
| if (!hasWriteAccess) { | |
| console.log(`User ${context.payload.pull_request.user.login} does not have write access to the repository (permission: ${permission})`); | |
| return "manual-approval" | |
| } else { | |
| console.log(`Verifed ${context.payload.pull_request.user.login} has write access. Auto Approving PR Checks.`) | |
| return "auto-approve" | |
| } | |
| } catch (error) { | |
| console.log(`${context.payload.pull_request.user.login} does not have write access. Requiring Manual Approval to run PR Checks.`) | |
| return "manual-approval" | |
| } | |
| check-access-and-checkout: | |
| runs-on: ubuntu-latest | |
| needs: authorization-check | |
| environment: ${{ needs.authorization-check.outputs.approval-env }} | |
| permissions: | |
| id-token: write | |
| pull-requests: read | |
| contents: read | |
| steps: | |
| - name: Configure Credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| role-to-assume: ${{ secrets.STRANDS_INTEG_TEST_ROLE }} | |
| aws-region: us-east-1 | |
| mask-aws-account-id: true | |
| - name: Checkout head commit | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} # Pull the commit from the forked repo | |
| persist-credentials: false # Don't persist credentials for subsequent actions | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.10' | |
| - name: Install dependencies | |
| run: | | |
| pip install --no-cache-dir hatch | |
| - name: Run integration tests | |
| env: | |
| AWS_REGION: us-east-1 | |
| AWS_REGION_NAME: us-east-1 # Needed for LiteLLM | |
| STRANDS_TEST_API_KEYS_SECRET_NAME: ${{ secrets.STRANDS_TEST_API_KEYS_SECRET_NAME }} | |
| id: tests | |
| run: | | |
| hatch test tests_integ |