revert: restore build-tests-mac.yml to match main

Stop modifying the macOS build workflow — leave it identical to main.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.github/workflows/build-tests-windows.yml

@@ -39,7 +39,7 @@ jobs:
           - unityVersion: 6000.0.36f1
             targetPlatform: StandaloneWindows64
             buildProfile: 'Assets/Settings/Build Profiles/Sample Windows Build Profile.asset'
-
+  
     steps:
       ###########################
       #         Checkout        #
@@ -66,34 +66,6 @@ jobs:
         run: |
           Move-Item -Path "./test-project/ProjectSettings/ProjectSettingsIl2cpp.asset" -Destination "./test-project/ProjectSettings/ProjectSettings.asset" -Force
 
-      ###########################
-      #    Docker Readiness     #
-      ###########################
-      - name: Ensure Docker daemon is ready
-        timeout-minutes: 2
-        shell: powershell
-        run: |
-          $maxRetries = 10
-          $retryDelay = 6
-          for ($i = 0; $i -lt $maxRetries; $i++) {
-            $svc = Get-Service docker -ErrorAction SilentlyContinue
-            if ($svc -and $svc.Status -eq 'Running') {
-              docker version 2>$null
-              if ($LASTEXITCODE -eq 0) {
-                Write-Host "Docker is ready."
-                exit 0
-              }
-            }
-            if ($svc -and $svc.Status -eq 'Stopped') {
-              Write-Host "Docker service stopped, attempting to start..."
-              Start-Service docker -ErrorAction SilentlyContinue
-            }
-            Write-Host "Waiting for Docker daemon (attempt $($i+1)/$maxRetries)..."
-            Start-Sleep -Seconds $retryDelay
-          }
-          Write-Error "Docker daemon did not start within $($maxRetries * $retryDelay) seconds"
-          exit 1
-
       ###########################
       #          Build          #
       ###########################
@@ -174,8 +146,6 @@ jobs:
       ###########################
       - uses: actions/upload-artifact@v4
         with:
-          name:
-            Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With
-            GPU' || '' }}${{ matrix.buildProfile && '  With Build Profile' || '' }}
+          name: Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With GPU' || '' }}${{ matrix.buildProfile && '  With Build Profile' || '' }}
           path: build
           retention-days: 14

.github/workflows/orchestrator-integrity.yml

@@ -91,7 +91,7 @@ jobs:
             -e SERVICES=s3,cloudformation,ecs,kinesis,cloudwatch,logs,efs,ec2,iam,elasticfilesystem,secretsmanager,lambda,events,sts \
             -e DEBUG=0 \
             -e HOSTNAME_EXTERNAL=localstack-main \
-            localstack/localstack:4.4.0 || true
+            localstack/localstack:latest || true
           # Wait for LocalStack to be ready - check both health endpoint and S3 service
           echo "Waiting for LocalStack to be ready..."
           MAX_ATTEMPTS=60

.github/workflows/sync-secrets.yml

@@ -1,81 +0,0 @@
-name: Sync Secrets to Repositories
-
-on:
-  workflow_dispatch:
-    inputs:
-      target_repo:
-        description: 'Target repository (org/repo format)'
-        required: true
-        default: 'game-ci/orchestrator'
-        type: choice
-        options:
-          - game-ci/orchestrator
-          - game-ci/cli
-      dry_run:
-        description: 'Dry run (list secrets to sync without writing)'
-        required: false
-        default: false
-        type: boolean
-
-jobs:
-  sync-secrets:
-    name: Sync secrets to ${{ inputs.target_repo }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Sync secrets
-        env:
-          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
-          TARGET_REPO: ${{ inputs.target_repo }}
-          DRY_RUN: ${{ inputs.dry_run }}
-          # Secrets to sync — values come from repo + org secrets available here
-          SECRET_UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
-          SECRET_UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
-          SECRET_UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
-          SECRET_GIT_PRIVATE_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
-          SECRET_LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }}
-          SECRET_GOOGLE_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
-          SECRET_GOOGLE_SERVICE_ACCOUNT_KEY: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }}
-          SECRET_CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        run: |
-          SECRETS=(
-            "UNITY_EMAIL:SECRET_UNITY_EMAIL"
-            "UNITY_PASSWORD:SECRET_UNITY_PASSWORD"
-            "UNITY_SERIAL:SECRET_UNITY_SERIAL"
-            "GIT_PRIVATE_TOKEN:SECRET_GIT_PRIVATE_TOKEN"
-            "LOCALSTACK_AUTH_TOKEN:SECRET_LOCALSTACK_AUTH_TOKEN"
-            "GOOGLE_SERVICE_ACCOUNT_EMAIL:SECRET_GOOGLE_SERVICE_ACCOUNT_EMAIL"
-            "GOOGLE_SERVICE_ACCOUNT_KEY:SECRET_GOOGLE_SERVICE_ACCOUNT_KEY"
-            "CODECOV_TOKEN:SECRET_CODECOV_TOKEN"
-          )
-
-          synced=0
-          skipped=0
-
-          for entry in "${SECRETS[@]}"; do
-            name="${entry%%:*}"
-            env_var="${entry##*:}"
-            value="${!env_var}"
-
-            if [ -z "$value" ]; then
-              echo "⏭ SKIP: $name (not available in this repo's context)"
-              skipped=$((skipped + 1))
-              continue
-            fi
-
-            if [ "$DRY_RUN" = "true" ]; then
-              echo "🔍 DRY RUN: would sync $name → $TARGET_REPO"
-            else
-              echo "$value" | gh secret set "$name" -R "$TARGET_REPO" --body -
-              echo "✅ SYNCED: $name → $TARGET_REPO"
-            fi
-            synced=$((synced + 1))
-          done
-
-          echo ""
-          echo "=== Summary ==="
-          echo "Synced: $synced"
-          echo "Skipped (not available): $skipped"
-          echo "Target: $TARGET_REPO"
-          if [ "$DRY_RUN" = "true" ]; then
-            echo "Mode: DRY RUN (no secrets were written)"
-          fi

dist/index.js

@@ -3398,7 +3398,7 @@ class AWSTaskRunner {
             return { name: x.name, value };
         });
     }
-    static async runTask(taskDef, environment, secrets, commands) {
+    static async runTask(taskDef, environment, commands) {
         const cluster = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ECSCluster')?.PhysicalResourceId || '';
         const taskDefinition = taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'TaskDefinition')?.PhysicalResourceId || '';
         const SubnetOne = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'PublicSubnetOne')?.PhysicalResourceId || '';
@@ -3407,11 +3407,6 @@ class AWSTaskRunner {
         const streamName = taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'KinesisStream')?.PhysicalResourceId || '';
         // Transform localhost endpoints for container environment
         const transformedEnvironment = AWSTaskRunner.transformEndpointsForContainer(environment);
-        // Merge secrets into environment as plain env vars, matching docker and k8s provider behavior.
-        // This ensures UNITY_EMAIL, UNITY_PASSWORD, UNITY_SERIAL reach the container reliably
-        // without depending on CloudFormation Secrets Manager resolution.
-        const secretsAsEnvironment = secrets.map((s) => ({ name: s.EnvironmentVariable, value: s.ParameterValue }));
-        const mergedEnvironment = [...transformedEnvironment, ...secretsAsEnvironment];
         const runParameters = {
             cluster,
             taskDefinition,
@@ -3420,7 +3415,7 @@ class AWSTaskRunner {
                 containerOverrides: [
                     {
                         name: taskDef.taskDefStackName,
-                        environment: mergedEnvironment,
+                        environment: transformedEnvironment,
                         command: ['-c', command_hook_service_1.CommandHookService.ApplyHooksToCommands(commands, orchestrator_1.default.buildParameters)],
                     },
                 ],
@@ -4454,7 +4449,7 @@ class AWSBuildEnvironment {
         try {
             const postSetupStacksTimeMs = Date.now();
             orchestrator_logger_1.default.log(`Setup job time: ${Math.floor((postSetupStacksTimeMs - startTimeMs) / 1000)}s`);
-            const { output, shouldCleanup } = await aws_task_runner_1.default.runTask(taskDef, environment, secrets, commands);
+            const { output, shouldCleanup } = await aws_task_runner_1.default.runTask(taskDef, environment, commands);
             postRunTaskTimeMs = Date.now();
             orchestrator_logger_1.default.log(`Run job time: ${Math.floor((postRunTaskTimeMs - postSetupStacksTimeMs) / 1000)}s`);
             if (shouldCleanup) {

src/model/orchestrator/providers/aws/aws-task-runner.ts

@@ -1,7 +1,6 @@
 import { DescribeTasksCommand, RunTaskCommand, waitUntilTasksRunning } from '@aws-sdk/client-ecs';
 import { DescribeStreamCommand, GetRecordsCommand, GetShardIteratorCommand } from '@aws-sdk/client-kinesis';
 import OrchestratorEnvironmentVariable from '../../options/orchestrator-environment-variable';
-import OrchestratorSecret from '../../options/orchestrator-secret';
 import * as core from '@actions/core';
 import OrchestratorAWSTaskDef from './orchestrator-aws-task-def';
 import * as zlib from 'node:zlib';
@@ -57,7 +56,6 @@ class AWSTaskRunner {
   static async runTask(
     taskDef: OrchestratorAWSTaskDef,
     environment: OrchestratorEnvironmentVariable[],
-    secrets: OrchestratorSecret[],
     commands: string,
   ): Promise<{ output: string; shouldCleanup: boolean }> {
     const cluster = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ECSCluster')?.PhysicalResourceId || '';
@@ -75,12 +73,6 @@ class AWSTaskRunner {
     // Transform localhost endpoints for container environment
     const transformedEnvironment = AWSTaskRunner.transformEndpointsForContainer(environment);
 
-    // Merge secrets into environment as plain env vars, matching docker and k8s provider behavior.
-    // This ensures UNITY_EMAIL, UNITY_PASSWORD, UNITY_SERIAL reach the container reliably
-    // without depending on CloudFormation Secrets Manager resolution.
-    const secretsAsEnvironment = secrets.map((s) => ({ name: s.EnvironmentVariable, value: s.ParameterValue }));
-    const mergedEnvironment = [...transformedEnvironment, ...secretsAsEnvironment];
-
     const runParameters = {
       cluster,
       taskDefinition,
@@ -89,7 +81,7 @@ class AWSTaskRunner {
         containerOverrides: [
           {
             name: taskDef.taskDefStackName,
-            environment: mergedEnvironment,
+            environment: transformedEnvironment,
             command: ['-c', CommandHookService.ApplyHooksToCommands(commands, Orchestrator.buildParameters)],
           },
         ],

src/model/orchestrator/providers/aws/index.ts

@@ -125,7 +125,7 @@ class AWSBuildEnvironment implements ProviderInterface {
     try {
       const postSetupStacksTimeMs = Date.now();
       OrchestratorLogger.log(`Setup job time: ${Math.floor((postSetupStacksTimeMs - startTimeMs) / 1000)}s`);
-      const { output, shouldCleanup } = await AwsTaskRunner.runTask(taskDef, environment, secrets, commands);
+      const { output, shouldCleanup } = await AwsTaskRunner.runTask(taskDef, environment, commands);
       postRunTaskTimeMs = Date.now();
       OrchestratorLogger.log(`Run job time: ${Math.floor((postRunTaskTimeMs - postSetupStacksTimeMs) / 1000)}s`);
       if (shouldCleanup) {