feat: add workflow to sync secrets to sibling repositories

Adds a manually-triggered workflow that copies secrets from
unity-builder (repo + org level) to target repos like orchestrator
and cli. Uses GIT_PRIVATE_TOKEN for cross-repo API access.

Secrets synced: UNITY_EMAIL, UNITY_PASSWORD, UNITY_SERIAL,
GIT_PRIVATE_TOKEN, LOCALSTACK_AUTH_TOKEN, GOOGLE_SERVICE_ACCOUNT_EMAIL,
GOOGLE_SERVICE_ACCOUNT_KEY, CODECOV_TOKEN.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.github/workflows/build-tests-mac.yml

@@ -12,7 +12,6 @@ jobs:
   buildForAllPlatformsMacOS:
     name: ${{ matrix.targetPlatform }} on ${{ matrix.unityVersion }}
     runs-on: macos-latest
-    continue-on-error: true
     strategy:
       fail-fast: false
       matrix:

.github/workflows/build-tests-windows.yml

@@ -39,7 +39,7 @@ jobs:
           - unityVersion: 6000.0.36f1
             targetPlatform: StandaloneWindows64
             buildProfile: 'Assets/Settings/Build Profiles/Sample Windows Build Profile.asset'
-  
+
     steps:
       ###########################
       #         Checkout        #
@@ -66,6 +66,34 @@ jobs:
         run: |
           Move-Item -Path "./test-project/ProjectSettings/ProjectSettingsIl2cpp.asset" -Destination "./test-project/ProjectSettings/ProjectSettings.asset" -Force
 
+      ###########################
+      #    Docker Readiness     #
+      ###########################
+      - name: Ensure Docker daemon is ready
+        timeout-minutes: 2
+        shell: powershell
+        run: |
+          $maxRetries = 10
+          $retryDelay = 6
+          for ($i = 0; $i -lt $maxRetries; $i++) {
+            $svc = Get-Service docker -ErrorAction SilentlyContinue
+            if ($svc -and $svc.Status -eq 'Running') {
+              docker version 2>$null
+              if ($LASTEXITCODE -eq 0) {
+                Write-Host "Docker is ready."
+                exit 0
+              }
+            }
+            if ($svc -and $svc.Status -eq 'Stopped') {
+              Write-Host "Docker service stopped, attempting to start..."
+              Start-Service docker -ErrorAction SilentlyContinue
+            }
+            Write-Host "Waiting for Docker daemon (attempt $($i+1)/$maxRetries)..."
+            Start-Sleep -Seconds $retryDelay
+          }
+          Write-Error "Docker daemon did not start within $($maxRetries * $retryDelay) seconds"
+          exit 1
+
       ###########################
       #          Build          #
       ###########################
@@ -146,6 +174,8 @@ jobs:
       ###########################
       - uses: actions/upload-artifact@v4
         with:
-          name: Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With GPU' || '' }}${{ matrix.buildProfile && '  With Build Profile' || '' }}
+          name:
+            Build ${{ matrix.targetPlatform }} on Windows (${{ matrix.unityVersion }})${{ matrix.enableGpu && ' With
+            GPU' || '' }}${{ matrix.buildProfile && '  With Build Profile' || '' }}
           path: build
           retention-days: 14

.github/workflows/orchestrator-async-checks.yml

@@ -54,7 +54,7 @@ jobs:
           # AWS_STACK_NAME: game-ci-github-pipelines
           CHECKS_UPDATE: ${{ github.event.inputs.checksObject }}
         run: |
-          git clone -b main https://github.com/game-ci/unity-builder
+          git clone -b orchestrator-develop https://github.com/game-ci/unity-builder
           cd unity-builder
           yarn
           ls

.github/workflows/orchestrator-integrity.yml

@@ -91,7 +91,7 @@ jobs:
             -e SERVICES=s3,cloudformation,ecs,kinesis,cloudwatch,logs,efs,ec2,iam,elasticfilesystem,secretsmanager,lambda,events,sts \
             -e DEBUG=0 \
             -e HOSTNAME_EXTERNAL=localstack-main \
-            localstack/localstack:latest || true
+            localstack/localstack:4.4.0 || true
           # Wait for LocalStack to be ready - check both health endpoint and S3 service
           echo "Waiting for LocalStack to be ready..."
           MAX_ATTEMPTS=60

.github/workflows/sync-secrets.yml

@@ -0,0 +1,81 @@
+name: Sync Secrets to Repositories
+
+on:
+  workflow_dispatch:
+    inputs:
+      target_repo:
+        description: 'Target repository (org/repo format)'
+        required: true
+        default: 'game-ci/orchestrator'
+        type: choice
+        options:
+          - game-ci/orchestrator
+          - game-ci/cli
+      dry_run:
+        description: 'Dry run (list secrets to sync without writing)'
+        required: false
+        default: false
+        type: boolean
+
+jobs:
+  sync-secrets:
+    name: Sync secrets to ${{ inputs.target_repo }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Sync secrets
+        env:
+          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          TARGET_REPO: ${{ inputs.target_repo }}
+          DRY_RUN: ${{ inputs.dry_run }}
+          # Secrets to sync — values come from repo + org secrets available here
+          SECRET_UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+          SECRET_UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+          SECRET_UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+          SECRET_GIT_PRIVATE_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          SECRET_LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }}
+          SECRET_GOOGLE_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+          SECRET_GOOGLE_SERVICE_ACCOUNT_KEY: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }}
+          SECRET_CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        run: |
+          SECRETS=(
+            "UNITY_EMAIL:SECRET_UNITY_EMAIL"
+            "UNITY_PASSWORD:SECRET_UNITY_PASSWORD"
+            "UNITY_SERIAL:SECRET_UNITY_SERIAL"
+            "GIT_PRIVATE_TOKEN:SECRET_GIT_PRIVATE_TOKEN"
+            "LOCALSTACK_AUTH_TOKEN:SECRET_LOCALSTACK_AUTH_TOKEN"
+            "GOOGLE_SERVICE_ACCOUNT_EMAIL:SECRET_GOOGLE_SERVICE_ACCOUNT_EMAIL"
+            "GOOGLE_SERVICE_ACCOUNT_KEY:SECRET_GOOGLE_SERVICE_ACCOUNT_KEY"
+            "CODECOV_TOKEN:SECRET_CODECOV_TOKEN"
+          )
+
+          synced=0
+          skipped=0
+
+          for entry in "${SECRETS[@]}"; do
+            name="${entry%%:*}"
+            env_var="${entry##*:}"
+            value="${!env_var}"
+
+            if [ -z "$value" ]; then
+              echo "⏭ SKIP: $name (not available in this repo's context)"
+              skipped=$((skipped + 1))
+              continue
+            fi
+
+            if [ "$DRY_RUN" = "true" ]; then
+              echo "🔍 DRY RUN: would sync $name → $TARGET_REPO"
+            else
+              echo "$value" | gh secret set "$name" -R "$TARGET_REPO" --body -
+              echo "✅ SYNCED: $name → $TARGET_REPO"
+            fi
+            synced=$((synced + 1))
+          done
+
+          echo ""
+          echo "=== Summary ==="
+          echo "Synced: $synced"
+          echo "Skipped (not available): $skipped"
+          echo "Target: $TARGET_REPO"
+          if [ "$DRY_RUN" = "true" ]; then
+            echo "Mode: DRY RUN (no secrets were written)"
+          fi

.github/workflows/validate-community-plugins.yml

@@ -1,203 +0,0 @@
-name: Validate Community Plugins
-
-on:
-  schedule:
-    # Run weekly on Sunday at 02:00 UTC
-    - cron: '0 2 * * 0'
-  workflow_dispatch:
-    inputs:
-      plugin_filter:
-        description: 'Filter plugins by name (regex pattern, empty = all)'
-        required: false
-        default: ''
-      unity_version:
-        description: 'Override Unity version (empty = use plugin default)'
-        required: false
-        default: ''
-
-permissions:
-  contents: read
-  issues: write
-
-jobs:
-  load-plugins:
-    name: Load Plugin Registry
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.parse.outputs.matrix }}
-      plugin_count: ${{ steps.parse.outputs.count }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Parse plugin registry
-        id: parse
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const fs = require('fs');
-            const yaml = require('js-yaml');
-
-            const registry = yaml.load(fs.readFileSync('community-plugins.yml', 'utf8'));
-            let plugins = registry.plugins || [];
-
-            // Apply name filter if provided
-            const filter = '${{ github.event.inputs.plugin_filter }}';
-            if (filter) {
-              const regex = new RegExp(filter, 'i');
-              plugins = plugins.filter(p => regex.test(p.name));
-            }
-
-            // Expand platform matrix
-            const matrix = [];
-            for (const plugin of plugins) {
-              const platforms = plugin.platforms || ['StandaloneLinux64'];
-              for (const platform of platforms) {
-                matrix.push({
-                  name: plugin.name,
-                  package: plugin.package,
-                  source: plugin.source || 'git',
-                  unity: '${{ github.event.inputs.unity_version }}' || plugin.unity || '2021.3',
-                  platform: platform,
-                  timeout: plugin.timeout || 30
-                });
-              }
-            }
-
-            core.setOutput('matrix', JSON.stringify({ include: matrix }));
-            core.setOutput('count', matrix.length);
-            console.log(`Found ${matrix.length} plugin-platform combinations to validate`);
-
-  validate:
-    name: '${{ matrix.name }} (${{ matrix.platform }})'
-    needs: load-plugins
-    if: needs.load-plugins.outputs.plugin_count > 0
-    runs-on: ubuntu-latest
-    timeout-minutes: ${{ fromJson(matrix.timeout) }}
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.load-plugins.outputs.matrix) }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Create test project
-        run: |
-          mkdir -p test-project/Assets
-          mkdir -p test-project/Packages
-          mkdir -p test-project/ProjectSettings
-
-          # Create minimal manifest.json
-          if [ "${{ matrix.source }}" = "git" ]; then
-            cat > test-project/Packages/manifest.json << 'MANIFEST'
-          {
-            "dependencies": {
-              "com.unity.modules.imgui": "1.0.0",
-              "com.unity.modules.jsonserialize": "1.0.0"
-            }
-          }
-          MANIFEST
-
-            # Add git package via manifest
-            cd test-project
-            cat Packages/manifest.json | python3 -c "
-          import sys, json
-          manifest = json.load(sys.stdin)
-          manifest['dependencies']['${{ matrix.name }}'] = '${{ matrix.package }}'
-          json.dump(manifest, sys.stdout, indent=2)
-          " > Packages/manifest.tmp && mv Packages/manifest.tmp Packages/manifest.json
-            cd ..
-          fi
-
-          # Create minimal ProjectSettings
-          cat > test-project/ProjectSettings/ProjectVersion.txt << EOF
-          m_EditorVersion: ${{ matrix.unity }}
-          EOF
-
-      - name: Build with unity-builder
-        uses: ./
-        id: build
-        with:
-          projectPath: test-project
-          targetPlatform: ${{ matrix.platform }}
-          unityVersion: ${{ matrix.unity }}
-        continue-on-error: true
-
-      - name: Record result
-        if: always()
-        run: |
-          STATUS="${{ steps.build.outcome }}"
-          echo "## ${{ matrix.name }} — ${{ matrix.platform }}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          if [ "$STATUS" = "success" ]; then
-            echo "✅ **PASSED** — Compiled and built successfully" >> $GITHUB_STEP_SUMMARY
-          else
-            echo "❌ **FAILED** — Build or compilation failed" >> $GITHUB_STEP_SUMMARY
-          fi
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "- Unity: ${{ matrix.unity }}" >> $GITHUB_STEP_SUMMARY
-          echo "- Platform: ${{ matrix.platform }}" >> $GITHUB_STEP_SUMMARY
-          echo "- Source: ${{ matrix.source }}" >> $GITHUB_STEP_SUMMARY
-          echo "- Package: \`${{ matrix.package }}\`" >> $GITHUB_STEP_SUMMARY
-
-  report:
-    name: Validation Report
-    needs: [load-plugins, validate]
-    if: always()
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Generate summary
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const { data: run } = await github.rest.actions.listJobsForWorkflowRun({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              run_id: context.runId
-            });
-
-            const validateJobs = run.jobs.filter(j => j.name.startsWith('validate'));
-            const passed = validateJobs.filter(j => j.conclusion === 'success').length;
-            const failed = validateJobs.filter(j => j.conclusion === 'failure').length;
-            const total = validateJobs.length;
-
-            let summary = `# Community Plugin Validation Report\n\n`;
-            summary += `**${passed}/${total} passed** | ${failed} failed\n\n`;
-            summary += `| Plugin | Platform | Status |\n|--------|----------|--------|\n`;
-
-            for (const job of validateJobs) {
-              const icon = job.conclusion === 'success' ? '✅' : '❌';
-              summary += `| ${job.name} | | ${icon} ${job.conclusion} |\n`;
-            }
-
-            await core.summary.addRaw(summary).write();
-
-            // Create or update issue if there are failures
-            if (failed > 0) {
-              const title = `Community Plugin Validation: ${failed} failure(s) — ${new Date().toISOString().split('T')[0]}`;
-              const body = summary + `\n\n[Workflow Run](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})`;
-
-              const { data: issues } = await github.rest.issues.listForRepo({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                state: 'open',
-                labels: 'community-plugin-validation'
-              });
-
-              if (issues.length > 0) {
-                await github.rest.issues.createComment({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  issue_number: issues[0].number,
-                  body: body
-                });
-              } else {
-                await github.rest.issues.create({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  title: title,
-                  body: body,
-                  labels: ['community-plugin-validation']
-                });
-              }
-            }

community-plugins.yml

@@ -1,27 +0,0 @@
-# Community Plugin Validation Registry
-# Packages listed here are automatically tested on a schedule
-# to ensure compatibility with unity-builder.
-#
-# Format:
-#   - name: Human-readable name
-#     package: UPM package name or git URL
-#     source: upm | git | asset-store
-#     unity: Minimum Unity version (optional, defaults to 2021.3)
-#     platforms: List of platforms to test (optional, defaults to [StandaloneLinux64])
-#     timeout: Build timeout in minutes (optional, defaults to 30)
-
-plugins:
-  # Example entries — community members can submit PRs to add their packages
-  - name: UniTask
-    package: https://github.com/Cysharp/UniTask.git?path=src/UniTask/Assets/Plugins/UniTask
-    source: git
-    platforms: [StandaloneLinux64, StandaloneWindows64]
-
-  - name: NaughtyAttributes
-    package: https://github.com/dbrizov/NaughtyAttributes.git?path=Assets/NaughtyAttributes
-    source: git
-
-  - name: Unity Atoms
-    package: https://github.com/unity-atoms/unity-atoms.git
-    source: git
-    platforms: [StandaloneLinux64]

dist/index.js

@@ -3398,7 +3398,7 @@ class AWSTaskRunner {
             return { name: x.name, value };
         });
     }
-    static async runTask(taskDef, environment, commands) {
+    static async runTask(taskDef, environment, secrets, commands) {
         const cluster = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ECSCluster')?.PhysicalResourceId || '';
         const taskDefinition = taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'TaskDefinition')?.PhysicalResourceId || '';
         const SubnetOne = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'PublicSubnetOne')?.PhysicalResourceId || '';
@@ -3407,6 +3407,11 @@ class AWSTaskRunner {
         const streamName = taskDef.taskDefResources?.find((x) => x.LogicalResourceId === 'KinesisStream')?.PhysicalResourceId || '';
         // Transform localhost endpoints for container environment
         const transformedEnvironment = AWSTaskRunner.transformEndpointsForContainer(environment);
+        // Merge secrets into environment as plain env vars, matching docker and k8s provider behavior.
+        // This ensures UNITY_EMAIL, UNITY_PASSWORD, UNITY_SERIAL reach the container reliably
+        // without depending on CloudFormation Secrets Manager resolution.
+        const secretsAsEnvironment = secrets.map((s) => ({ name: s.EnvironmentVariable, value: s.ParameterValue }));
+        const mergedEnvironment = [...transformedEnvironment, ...secretsAsEnvironment];
         const runParameters = {
             cluster,
             taskDefinition,
@@ -3415,7 +3420,7 @@ class AWSTaskRunner {
                 containerOverrides: [
                     {
                         name: taskDef.taskDefStackName,
-                        environment: transformedEnvironment,
+                        environment: mergedEnvironment,
                         command: ['-c', command_hook_service_1.CommandHookService.ApplyHooksToCommands(commands, orchestrator_1.default.buildParameters)],
                     },
                 ],
@@ -4449,7 +4454,7 @@ class AWSBuildEnvironment {
         try {
             const postSetupStacksTimeMs = Date.now();
             orchestrator_logger_1.default.log(`Setup job time: ${Math.floor((postSetupStacksTimeMs - startTimeMs) / 1000)}s`);
-            const { output, shouldCleanup } = await aws_task_runner_1.default.runTask(taskDef, environment, commands);
+            const { output, shouldCleanup } = await aws_task_runner_1.default.runTask(taskDef, environment, secrets, commands);
             postRunTaskTimeMs = Date.now();
             orchestrator_logger_1.default.log(`Run job time: ${Math.floor((postRunTaskTimeMs - postSetupStacksTimeMs) / 1000)}s`);
             if (shouldCleanup) {
@@ -9731,7 +9736,8 @@ if [ -n "$(git ls-remote --heads "$REPO" "$BRANCH" 2>/dev/null)" ]; then
   git clone -q -b "$BRANCH" "$REPO" /builder
 else
   echo "Remote branch $BRANCH not found in $REPO; falling back to a known branch"
-  git clone -q -b main "$REPO" /builder \
+  git clone -q -b orchestrator-develop "$REPO" /builder \
+    || git clone -q -b main "$REPO" /builder \
     || git clone -q "$REPO" /builder
 fi
 git clone -q -b ${orchestrator_1.default.buildParameters.branch} ${orchestrator_folders_1.OrchestratorFolders.targetBuildRepoUrl} /repo
@@ -9848,7 +9854,8 @@ if [ -n "$(git ls-remote --heads "$REPO" "$BRANCH" 2>/dev/null)" ]; then
   git clone -q -b "$BRANCH" "$REPO" "$DEST"
 else
   echo "Remote branch $BRANCH not found in $REPO; falling back to a known branch"
-  git clone -q -b main "$REPO" "$DEST" \
+  git clone -q -b orchestrator-develop "$REPO" "$DEST" \
+    || git clone -q -b main "$REPO" "$DEST" \
     || git clone -q "$REPO" "$DEST"
 fi
 chmod +x ${builderPath}`;

src/model/orchestrator/providers/aws/aws-task-runner.ts

@@ -1,6 +1,7 @@
 import { DescribeTasksCommand, RunTaskCommand, waitUntilTasksRunning } from '@aws-sdk/client-ecs';
 import { DescribeStreamCommand, GetRecordsCommand, GetShardIteratorCommand } from '@aws-sdk/client-kinesis';
 import OrchestratorEnvironmentVariable from '../../options/orchestrator-environment-variable';
+import OrchestratorSecret from '../../options/orchestrator-secret';
 import * as core from '@actions/core';
 import OrchestratorAWSTaskDef from './orchestrator-aws-task-def';
 import * as zlib from 'node:zlib';
@@ -56,6 +57,7 @@ class AWSTaskRunner {
   static async runTask(
     taskDef: OrchestratorAWSTaskDef,
     environment: OrchestratorEnvironmentVariable[],
+    secrets: OrchestratorSecret[],
     commands: string,
   ): Promise<{ output: string; shouldCleanup: boolean }> {
     const cluster = taskDef.baseResources?.find((x) => x.LogicalResourceId === 'ECSCluster')?.PhysicalResourceId || '';
@@ -73,6 +75,12 @@ class AWSTaskRunner {
     // Transform localhost endpoints for container environment
     const transformedEnvironment = AWSTaskRunner.transformEndpointsForContainer(environment);
 
+    // Merge secrets into environment as plain env vars, matching docker and k8s provider behavior.
+    // This ensures UNITY_EMAIL, UNITY_PASSWORD, UNITY_SERIAL reach the container reliably
+    // without depending on CloudFormation Secrets Manager resolution.
+    const secretsAsEnvironment = secrets.map((s) => ({ name: s.EnvironmentVariable, value: s.ParameterValue }));
+    const mergedEnvironment = [...transformedEnvironment, ...secretsAsEnvironment];
+
     const runParameters = {
       cluster,
       taskDefinition,
@@ -81,7 +89,7 @@ class AWSTaskRunner {
         containerOverrides: [
           {
             name: taskDef.taskDefStackName,
-            environment: transformedEnvironment,
+            environment: mergedEnvironment,
             command: ['-c', CommandHookService.ApplyHooksToCommands(commands, Orchestrator.buildParameters)],
           },
         ],

src/model/orchestrator/providers/aws/index.ts

@@ -125,7 +125,7 @@ class AWSBuildEnvironment implements ProviderInterface {
     try {
       const postSetupStacksTimeMs = Date.now();
       OrchestratorLogger.log(`Setup job time: ${Math.floor((postSetupStacksTimeMs - startTimeMs) / 1000)}s`);
-      const { output, shouldCleanup } = await AwsTaskRunner.runTask(taskDef, environment, commands);
+      const { output, shouldCleanup } = await AwsTaskRunner.runTask(taskDef, environment, secrets, commands);
       postRunTaskTimeMs = Date.now();
       OrchestratorLogger.log(`Run job time: ${Math.floor((postRunTaskTimeMs - postSetupStacksTimeMs) / 1000)}s`);
       if (shouldCleanup) {

src/model/orchestrator/tests/e2e/orchestrator-end2end-caching.test.ts

@@ -30,7 +30,7 @@ describe('Orchestrator Caching', () => {
         targetPlatform: 'StandaloneLinux64',
         cacheKey: `test-case-${uuidv4()}`,
         containerHookFiles: `debug-cache`,
-        orchestratorBranch: `main`,
+        orchestratorBranch: `orchestrator-develop`,
         orchestratorDebug: true,
       };
 

src/model/orchestrator/workflows/async-workflow.ts

@@ -33,7 +33,8 @@ if [ -n "$(git ls-remote --heads "$REPO" "$BRANCH" 2>/dev/null)" ]; then
   git clone -q -b "$BRANCH" "$REPO" /builder
 else
   echo "Remote branch $BRANCH not found in $REPO; falling back to a known branch"
-  git clone -q -b main "$REPO" /builder \
+  git clone -q -b orchestrator-develop "$REPO" /builder \
+    || git clone -q -b main "$REPO" /builder \
     || git clone -q "$REPO" /builder
 fi
 git clone -q -b ${Orchestrator.buildParameters.branch} ${OrchestratorFolders.targetBuildRepoUrl} /repo

src/model/orchestrator/workflows/build-automation-workflow.ts

@@ -99,7 +99,8 @@ if [ -n "$(git ls-remote --heads "$REPO" "$BRANCH" 2>/dev/null)" ]; then
   git clone -q -b "$BRANCH" "$REPO" "$DEST"
 else
   echo "Remote branch $BRANCH not found in $REPO; falling back to a known branch"
-  git clone -q -b main "$REPO" "$DEST" \
+  git clone -q -b orchestrator-develop "$REPO" "$DEST" \
+    || git clone -q -b main "$REPO" "$DEST" \
     || git clone -q "$REPO" "$DEST"
 fi
 chmod +x ${builderPath}`;