deploy report

Print or publish CloudFormation stack outputs after deployment.

Overview

carlin deploy report [--channel <channel>]

Without --channel, outputs are printed to stdout. With --channel=github-pr, a single consolidated comment is posted (or updated) on the open pull request with all deploy outputs found in the workspace.

Channels

stdout (default)

Prints the outputs of the current package's CloudFormation stack:

carlin deploy report

github-pr

Scans all .carlin/*.json files across the workspace, builds a markdown table, and posts or updates a single PR comment:

carlin deploy report --channel=github-pr

Run this once after all packages have deployed — typically as the last step in your CI workflow:

# .cicd/commands/pr.sh
pnpm turbo run deploy --filter=[main]
pnpm carlin deploy report --channel=github-pr

Required environment variables:

Variable	Description
`GH_TOKEN`	Must be `secrets.GITHUB_TOKEN` (auto-provisioned by GitHub Actions). PATs are not supported.
`GITHUB_REPOSITORY`	Repository in `owner/repo` format (set automatically by GitHub Actions)
`CARLIN_BRANCH`	The PR branch name (set automatically in `pr.yml`)

The comment is identified by a hidden marker so it is updated in place on every push — the PR never accumulates duplicate comments.

Example PR comment:

Package	Stack	Output Key	Output Value
`@my/api`	`MyApi-PR-42`	`ApiUrl`	https://api.example.com
`@my/app`	`MyApp-PR-42`	`Alias0URL`	https://app.example.com
`@my/app`	`MyApp-PR-42`	`CloudFrontURL`	https://d1234.cloudfront.net

GitHub Actions Setup

The workflow job must grant pull-requests: write permission so that GITHUB_TOKEN can post comments on PRs. Use secrets.GITHUB_TOKEN — not a Personal Access Token (PAT). PATs are user-scoped and are blocked by GitHub org policies, resulting in a 403 Forbidden - Resource not accessible by personal access token error.

.github/workflows/pr.yml
jobs:
  pr:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write # required for GITHUB_TOKEN to post PR comments
    steps:
      - name: Deploy
        run: pnpm turbo run deploy --filter=[main]

      - name: Report deploy outputs on PR
        run: pnpm carlin deploy report --channel=github-pr
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # use GITHUB_TOKEN, NOT a PAT
          GITHUB_REPOSITORY: ${{ github.repository }}
          CARLIN_BRANCH: ${{ github.event.pull_request.head.ref }}

warning

GH_TOKEN must be set to secrets.GITHUB_TOKEN (automatically provided by GitHub Actions and always scoped to the repository). Using a Personal Access Token (PAT) instead results in a 403 Forbidden error because PATs are user-scoped and may be blocked by organization security policies.

note

permissions: pull-requests: write is mandatory at the job level. Without it, the built-in GITHUB_TOKEN does not have the rights to create or update PR comments.

Options

--channel

Where to publish the report.

Value	Description
(none)	Print to stdout
`github-pr`	Post/update a PR comment with all workspace deploy outputs

Overview​

Channels​

stdout (default)​

github-pr​

GitHub Actions Setup​

Options​

--channel​