From 2d5ca3d2cf1f9203b71aa3ba5f0b9ff823f2840d Mon Sep 17 00:00:00 2001
From: nourshoreibah <nour17372@icloud.com>
Date: Thu, 12 Feb 2026 18:35:45 -0500
Subject: [PATCH 1/3] fix ci

---
 .github/workflows/lambda-tests.yml   | 7 +++++++
 apps/backend/lambdas/auth/handler.ts | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/lambda-tests.yml b/.github/workflows/lambda-tests.yml
index 58ab977..fdb7c4b 100644
--- a/.github/workflows/lambda-tests.yml
+++ b/.github/workflows/lambda-tests.yml
@@ -49,6 +49,13 @@ jobs:
       - name: Install dependencies
         working-directory: ${{ matrix.lambda }}
         run: npm ci --legacy-peer-deps
+      - name: Create .env file
+        working-directory: ${{ matrix.lambda }}
+        run: |
+          echo "DATABASE_URL=postgres://branch_dev:password@localhost:5432/branch_db?options=-csearch_path%3Dbranch" >> .env
+          echo "COGNITO_USER_POOL_ID=${{ secrets.COGNITO_USER_POOL_ID }}" >> .env
+          echo "COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }}" >> .env
+          echo "AWS_REGION=us-east-2" >> .env
       - name: Run tests
         working-directory: ${{ matrix.lambda }}
         run: |
diff --git a/apps/backend/lambdas/auth/handler.ts b/apps/backend/lambdas/auth/handler.ts
index b81da6c..08afb76 100644
--- a/apps/backend/lambdas/auth/handler.ts
+++ b/apps/backend/lambdas/auth/handler.ts
@@ -7,7 +7,7 @@ import {
 } from '@aws-sdk/client-cognito-identity-provider';
 import db from './db';
 
-// Initialize Cognito client
+// Initialize Cognito client (region defaults to us-east-2)
 const cognitoClient = new CognitoIdentityProviderClient({
   region: process.env.AWS_REGION || 'us-east-2',
 });

From ec1a79753688f73214b78b613b42dfcfd4bac0c7 Mon Sep 17 00:00:00 2001
From: nourshoreibah <nour17372@icloud.com>
Date: Thu, 12 Feb 2026 18:40:54 -0500
Subject: [PATCH 2/3] oops

---
 .github/workflows/lambda-tests.yml |  7 -------
 infrastructure/github/secrets.tf   | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/lambda-tests.yml b/.github/workflows/lambda-tests.yml
index fdb7c4b..58ab977 100644
--- a/.github/workflows/lambda-tests.yml
+++ b/.github/workflows/lambda-tests.yml
@@ -49,13 +49,6 @@ jobs:
       - name: Install dependencies
         working-directory: ${{ matrix.lambda }}
         run: npm ci --legacy-peer-deps
-      - name: Create .env file
-        working-directory: ${{ matrix.lambda }}
-        run: |
-          echo "DATABASE_URL=postgres://branch_dev:password@localhost:5432/branch_db?options=-csearch_path%3Dbranch" >> .env
-          echo "COGNITO_USER_POOL_ID=${{ secrets.COGNITO_USER_POOL_ID }}" >> .env
-          echo "COGNITO_CLIENT_ID=${{ secrets.COGNITO_CLIENT_ID }}" >> .env
-          echo "AWS_REGION=us-east-2" >> .env
       - name: Run tests
         working-directory: ${{ matrix.lambda }}
         run: |
diff --git a/infrastructure/github/secrets.tf b/infrastructure/github/secrets.tf
index d0ec554..be493f3 100644
--- a/infrastructure/github/secrets.tf
+++ b/infrastructure/github/secrets.tf
@@ -41,6 +41,26 @@ resource "github_actions_secret" "infisical_client_secret" {
   plaintext_value = data.infisical_secrets.infisical_folder.secrets["infisical-tf-client-secret"].value
 }
 
+# ── Cognito (for lambda CI tests) ────────────────────────────
+
+data "infisical_secrets" "cognito_folder" {
+  env_slug     = "dev"
+  workspace_id = var.infisical_workspace_id
+  folder_path  = "/aws/cognito"
+}
+
+resource "github_actions_secret" "cognito_user_pool_id" {
+  repository      = github_repository.branch.name
+  secret_name     = "COGNITO_USER_POOL_ID"
+  plaintext_value = data.infisical_secrets.cognito_folder.secrets["user_pool_id"].value
+}
+
+resource "github_actions_secret" "cognito_client_id" {
+  repository      = github_repository.branch.name
+  secret_name     = "COGNITO_CLIENT_ID"
+  plaintext_value = data.infisical_secrets.cognito_folder.secrets["client_id"].value
+}
+
 # ── PR Review Bot ────────────────────────────────────────────
 
 data "infisical_secrets" "slack_folder" {

From 6232dc19f24dce63fb2f4afca3e62f435d3b7152 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 12 Feb 2026 23:41:17 +0000
Subject: [PATCH 3/3] chore: auto-format terraform and update documentation

  - Auto-formatted .tf files with terraform fmt
  - Updated README.md with terraform-docs

  Co-authored-by: nourshoreibah <nourshoreibah@users.noreply.github.com>
---
 infrastructure/github/README.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/infrastructure/github/README.md b/infrastructure/github/README.md
index 745fea1..0943ce3 100644
--- a/infrastructure/github/README.md
+++ b/infrastructure/github/README.md
@@ -24,6 +24,8 @@ No modules.
 |------|------|
 | [github_actions_secret.aws_access_key_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_secret.aws_secret_access_key](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
+| [github_actions_secret.cognito_client_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
+| [github_actions_secret.cognito_user_pool_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_secret.infisical_client_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_secret.infisical_client_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_secret.slack_bot_token](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
@@ -33,8 +35,10 @@ No modules.
 | [github_branch_protection.main](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection) | resource |
 | [github_repository.branch](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
 | [github_repository_collaborator.collaborators](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborator) | resource |
-| [github_repository_file.rotation_json](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
+| [github_repository_file.bot_config_json](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
+| [github_repository_file.bot_state_json](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
 | [infisical_secrets.aws_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source |
+| [infisical_secrets.cognito_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source |
 | [infisical_secrets.github_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source |
 | [infisical_secrets.infisical_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source |
 | [infisical_secrets.slack_folder](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source |
@@ -50,7 +54,7 @@ No modules.
 | <a name="input_review_bot_always_reviewer_slack"></a> [review\_bot\_always\_reviewer\_slack](#input\_review\_bot\_always\_reviewer\_slack) | Slack member ID of the person who reviews every PR | `string` | `"U07NGFM1QKE"` | no |
 | <a name="input_review_bot_github_to_slack"></a> [review\_bot\_github\_to\_slack](#input\_review\_bot\_github\_to\_slack) | Map of GitHub username → Slack member ID (U0…) | `map(string)` | <pre>{<br>  "Rayna-Yu": "U083UGSCU7P",<br>  "bhuvanh66": "U084JKT1GG2",<br>  "denniwang": "U07F8LM2X61",<br>  "mehanana": "U084AMND8FK",<br>  "nourshoreibah": "U07NGFM1QKE",<br>  "saumyapalk23": "U09EYETUEGP",<br>  "tsudhakar87": "U08NFFSJEG1"<br>}</pre> | no |
 | <a name="input_review_bot_roster"></a> [review\_bot\_roster](#input\_review\_bot\_roster) | Ordered list of GitHub usernames for round-robin review assignment | `list(string)` | <pre>[<br>  "denniwang",<br>  "bhuvanh66",<br>  "Rayna-Yu",<br>  "mehanana",<br>  "tsudhakar87",<br>  "saumyapalk23"<br>]</pre> | no |
-| <a name="input_review_bot_slack_channel_id"></a> [review\_bot\_slack\_channel\_id](#input\_review\_bot\_slack\_channel\_id) | Slack channel ID where review notifications are posted | `string` | `"C09DGFG5JR4"` | no |
+| <a name="input_review_bot_slack_channel_id"></a> [review\_bot\_slack\_channel\_id](#input\_review\_bot\_slack\_channel\_id) | Slack channel ID where review notifications are posted | `string` | `"C0ADQN0B6F8"` | no |
 
 ## Outputs