chore: change AMI builds to manual-trigger only

[MicBun]

chore: change AMI builds to manual-trigger only

Switch AMI build workflow from automatic (on every release) to manual dispatch
only, preventing unnecessary AMI rebuilds for routine software updates.

Rationale:
The AMI uses Docker :latest tag, so users automatically receive node software
updates without needing new AMI deployments. Rebuilding the AMI on every
release was wasteful (30 min/release) and would create confusing AWS
Marketplace versions.

Changes:

• Remove automatic release trigger from AMI build workflow
• Change to manual workflow_dispatch only
• Add 'reason' parameter for audit trail and documentation
• Log build reason in GitHub Actions output
• Tag AMI with build_reason and build_date for tracking
• Remove dead code that updated release descriptions
• Add inline documentation explaining when to rebuild AMI

Build Reason Parameter:
The optional 'reason' input allows operators to document why an AMI was
rebuilt (e.g., "Q1 2025 Marketplace submission", "infrastructure update").
This reason is:

• Displayed in GitHub Actions logs
• Stored as AMI tag (build_reason)
• Useful for audit trails and team communication

When to Rebuild AMI:
✅ Infrastructure changes (scripts, services, docker-compose)
✅ Base OS security updates
✅ AWS Marketplace submissions (quarterly)
✅ Docker/tooling version updates

When NOT to Rebuild:
❌ Node software updates (handled by Docker :latest)
❌ Bug fixes (handled by Docker image workflow)
❌ Regular releases (handled by Docker image workflow)

Impact:

• Saves ~30 minutes of CI time per release
• Prevents Marketplace version confusion
• Cleaner deployment strategy

resolves: https://github.com/trufnetwork/truf-network/issues/1246

Summary by CodeRabbit

• New Features

  • Manual runs accept an optional "reason" input.
  • AMIs are tagged with version, stage, build date, and optional reason.
  • Release page is auto-updated with a structured AMI build summary and Launch link.

• Improvements

  • Automatically detects latest release version for builds.
  • Clearer console output and success messaging with pipeline/stage/reason context.
  • Dynamic release body updates replace static text.

• Chores

  • Clarified permissions notes and workflow formatting.

[coderabbitai]

Walkthrough

Reworks the AMI build GitHub Actions workflow: replaces force_build/release inputs with a reason input, fetches the latest release version (defaulting to "manual"), tags built AMIs with dynamic metadata including optional build_reason, and updates the latest release body with a structured AMI build summary and Launch URL.

Changes

Cohort / File(s)

Summary

AMI build workflow .github/workflows/ami-build.yml

- Removed force_build and release workflow inputs; added reason input. - Added step to fetch latest release version (output version, default "manual"). - Constructed tags array and applied dynamic AMI tagging: version, stage, build_date, optional build_reason. - Added steps to update latest GitHub release body with a structured AMI build summary (version, AMI ID, region, stage, reason, date, Launch URL). - Clarified IAM/OIDC comments, improved console logs and messaging, removed old release-triggered flow.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant GH as GitHub Actions
    participant GHCLI as gh (GitHub CLI)
    participant AWS as AWS (AMI Build)

    Dev->>GH: workflow_dispatch(reason?)
    GH->>GHCLI: fetch latest release (get version or "manual")
    GHCLI-->>GH: version
    Note right of GH: Build metadata constructed

    GH->>AWS: Assume role via OIDC & start AMI build
    AWS-->>GH: AMI ID, Region

    GH->>AWS: Tag AMI with {version, stage, build_date, build_reason?}
    Note over GH,AWS: Dynamic tagging applied

    GH->>GHCLI: Update latest release body with AMI summary + Launch URL
    GH-->>Dev: Log: AMI available and ready for deployment

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore: configure GH Action to build AMI #1184 — Modifies the same .github/workflows/ami-build.yml; related changes to AMI build steps, release notes, and tagging/availability behavior.

Suggested reviewers

• outerlook

Poem

I hopped a commit beneath the moon,
Gave builds a reason, tags in tune.
AMIs stamped, a launch URL bright,
Release notes bloom in morning light.
Ready to run — hop on, take flight 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately describes the primary change of switching the AMI build workflow to manual triggers, matching the core intent and modifications in the pull request.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch test/ami-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[holdex]

Time Submission Status

Member	Status	Time	Action	Last Update
MicBun	✅ Submitted	2h	Update time	Oct 2, 2025, 12:17 PM
@outerlook	❌ Missing	-	⚠️ Submit time	-

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12405f9 and 662891e.

📒 Files selected for processing (1)

• .github/workflows/ami-build.yml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: acceptance-test
• GitHub Check: lint

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 662891e and de540f1.

📒 Files selected for processing (1)

• .github/workflows/ami-build.yml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: acceptance-test

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de540f1 and a72c471.

📒 Files selected for processing (1)

• .github/workflows/ami-build.yml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: acceptance-test