fix: correct ECR login credentials step reference typo

[jnewton03]

Summary

• Fix typo in create-release.yml where configure-aws-credentials-prodoutputs was missing a period
• Should be configure-aws-credentials-prod.outputs to properly reference the step outputs
• Affects both ECR login and dry-run ECR login steps

Test plan

• Verify workflow syntax is valid
• CI checks pass

🤖 Generated with Claude Code

[claude]

Claude finished @jnewton03's task in 45s —— View job

---

Review Complete ✅

• Get PR diff and understand changes
• Review workflow syntax and logic
• Check for similar issues in the file
• Provide review feedback

---

LGTM - This fix correctly addresses the typo in both ECR login steps.

Changes reviewed (.github/workflows/create-release.yml:401, 402, 412, 413):

• Line 402: Fixed configure-aws-credentials-prodoutputs → configure-aws-credentials-prod.outputs for public ECR login
• Line 413: Fixed same typo for private ECR dry-run login

The step reference is now correctly formed, matching the step id at line 388. No other instances of this typo exist in the file.

[coderabbitai]

📝 Walkthrough

Walkthrough

Fixed incorrect GitHub Actions expressions in the ECR login workflow steps by correcting the AWS credentials reference path from steps.configure-aws-credentials-prodoutputs.aws_secret_access_key to steps.configure-aws-credentials-prod.outputs.aws_secret_access_key, resolving syntax errors in two locations.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Expression Fixes .github/workflows/create-release.yml	Corrected malformed step output references in two ECR login steps: fixed missing dot separator in steps.configure-aws-credentials-prod.outputs.aws_secret_access_key expressions

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: fixing a typo in the step reference for ECR login credentials, which is the primary change in the changeset.
Description check	✅ Passed	The description is directly related to the changeset, explaining the typo fix, what was corrected, and which steps were affected by the issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/create-release.yml:
- Around line 401-403: The configure-aws-credentials-prod step needs to expose
outputs and use hyphenated output keys: add output-credentials: true to the
configure-aws-credentials-prod step, and update the username/password usages to
reference the hyphenated outputs via bracket syntax (e.g. ${{
steps.configure-aws-credentials-prod.outputs['aws-access-key-id'] }} and ${{
steps.configure-aws-credentials-prod.outputs['aws-secret-access-key'] }}); make
the same output-key changes for the other occurrences that set username/password
from that step.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

aws-actions/configure-aws-credentials action outputs documentation

💡 Result:

aws-actions/configure-aws-credentials only exposes step outputs when you enable the output-credentials input. When output-credentials: true, the action sets these outputs: aws-access-key-id, aws-secret-access-key, aws-session-token, aws-account-id, authenticated-arn, and aws-expiration. [1]

Example usage:

- name: Configure AWS Credentials
  id: creds
  uses: aws-actions/configure-aws-credentials@v5
  with:
    aws-region: us-east-1
    role-to-assume: arn:aws:iam::123456789012:role/MyRole
    output-credentials: true

- run: echo "${{ steps.creds.outputs.aws-account-id }}"

The README also notes that if you set output-env-credentials: false, the aws-account-id won’t be exported as a step output. [1]

Source docs: action README (options table + example showing how to read the outputs). [1]

References:
[1] (github.com)

Citations:

• 1: https://github.com/aws-actions/configure-aws-credentials?utm_source=openai

---

🏁 Script executed:

# Find and examine the workflow file
find . -name "create-release.yml" -type f

Repository: liquibase/docker

Length of output: 98

---

🏁 Script executed:

# Read the file around the specified lines
cat -n ./.github/workflows/create-release.yml | sed -n '390,420p'

Repository: liquibase/docker

Length of output: 1698

---

🏁 Script executed:

# Also check the configure-aws-credentials-prod step definition
rg -A 10 "configure-aws-credentials-prod" ./.github/workflows/create-release.yml

Repository: liquibase/docker

Length of output: 1639

---

Enable output-credentials and use correct configure-aws-credentials output keys (hyphenated).

The configure-aws-credentials-prod step is missing output-credentials: true, so the outputs won't be exposed. Additionally, the output keys use underscores (aws_access_key_id, aws_secret_access_key), but the action exposes them with hyphens (aws-access-key-id, aws-secret-access-key). Both issues must be fixed for ECR login to succeed. Update the step to add output-credentials: true and use hyphenated keys with bracket syntax:

🛠️ Proposed fix

        id: configure-aws-credentials-prod
        uses: aws-actions/configure-aws-credentials@v5
        with:
          role-to-assume: ${{ env.AWS_PROD_GITHUB_OIDC_ROLE_ARN_INFRASTRUCTURE }}
          aws-region: us-east-1
+         output-credentials: true

-          username: ${{ steps.configure-aws-credentials-prod.outputs.aws_access_key_id }}
-          password: ${{ steps.configure-aws-credentials-prod.outputs.aws_secret_access_key }}
+          username: ${{ steps.configure-aws-credentials-prod.outputs['aws-access-key-id'] }}
+          password: ${{ steps.configure-aws-credentials-prod.outputs['aws-secret-access-key'] }}

Apply the same output key changes at lines 412-413.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	username: ${{ steps.configure-aws-credentials-prod.outputs.aws_access_key_id }}
	password: ${{ steps.configure-aws-credentials-prodoutputs.aws_secret_access_key }}
	password: ${{ steps.configure-aws-credentials-prod.outputs.aws_secret_access_key }}
	username: ${{ steps.configure-aws-credentials-prod.outputs['aws-access-key-id'] }}
	password: ${{ steps.configure-aws-credentials-prod.outputs['aws-secret-access-key'] }}

🧰 Tools

🪛 actionlint (1.7.10)

401-401: property "aws_access_key_id" is not defined in object type {aws-access-key-id: string; aws-account-id: string; aws-expiration: string; aws-secret-access-key: string; aws-session-token: string}

(expression)

---

402-402: property "aws_secret_access_key" is not defined in object type {aws-access-key-id: string; aws-account-id: string; aws-expiration: string; aws-secret-access-key: string; aws-session-token: string}

(expression)

🤖 Prompt for AI Agents

In @.github/workflows/create-release.yml around lines 401 - 403, The
configure-aws-credentials-prod step needs to expose outputs and use hyphenated
output keys: add output-credentials: true to the configure-aws-credentials-prod
step, and update the username/password usages to reference the hyphenated
outputs via bracket syntax (e.g. ${{
steps.configure-aws-credentials-prod.outputs['aws-access-key-id'] }} and ${{
steps.configure-aws-credentials-prod.outputs['aws-secret-access-key'] }}); make
the same output-key changes for the other occurrences that set username/password
from that step.