chore: commit callnotes updates and whitespace alignment in examples

callnotes.md

@@ -120,3 +120,41 @@ Action Plan from Matt Sync
    - STEP 4: Wire CodeBuild project to terraform-eks-deployment workspace
      - CodeBuild buildspec: tf init → tf apply (with env var → tfvar mapping)
    - STATUS: 🔄 PENDING — commit current state first, then begin refactor
+6. CodeBuild e2e Debugging (2026-04-07) — Chain of fixes to get first green test
+   - STATUS: ✅ ALL FIXED — e2e test sc-e2e-test-20260407-1402 PASSED (207s) on 2026-04-07
+   - Fix 1: packer YAML_FILE_ERROR in csvd_config_packer.hcl
+     - `additional_post_build_commands` had `"- docker push ..."` — the template already wraps with `- `
+     - Fixed: removed the `- ` prefix. Commit eb18463 on lambda-template-repo-generator.
+   - Fix 2: `terraform_1.9.0_linux_amd64.zip` not in S3; releases.hashicorp.com blocked
+     - Uploaded `terraform_1.9.1_linux_amd64.zip` from local tfenv cache to s3://csvd-packer-pipeline-assets/terraform/
+     - Updated TF_VERSION=1.9.1 in buildspec.yml. Commit 5e50d7b.
+   - Fix 3: `registry.terraform.io` blocked by Census network
+     - Added `HTTPS_PROXY=http://proxy.tco.census.gov:3128` + `HTTP_PROXY` to buildspec env vars. Commit 0ada33a.
+   - Fix 4: GitHub provider version conflict — workspace `>= 6.6.0, < 6.7.0` vs CSVD module `~> 6.11`
+     - Changed providers.tf to `>= 6.11.0`, deleted stale .terraform.lock.hcl. Commit 05d6103.
+   - Fix 5: x509 cert error on github.e.it.census.gov — Census CA not in CodeBuild Amazon Linux 2 trust store
+     - Extracted Census CA (`US Census Bureau CA 1`) and uploaded to s3://csvd-packer-pipeline-assets/certs/census-ca.pem
+     - Added INSTALL phase to buildspec: downloads cert, runs update-ca-trust
+     - Added github.e.it.census.gov to NO_PROXY (bypass proxy for direct connection)
+     - Added `provider "github" { insecure = true }` as belt-and-suspenders in providers.tf
+     - Commits d490e1f, 20f9681.
+   - Fix 6: GitHub App token (ghs_) cannot call /api/v3/user — required by CSVD module's data.github_user.current
+     - Root cause: /eks-cluster-deployment/github_token is a GitHub App installation token (ghs_)
+     - Solution: use ghe-runner/github-token (a ghp_ PAT, login: arnol377) for Terraform / CodeBuild
+     - Lambda app.py: reads TF_GITHUB_TOKEN_SECRET_NAME first, falls back to GITHUB_TOKEN_SECRET_NAME
+     - deploy/main.tf: added TF_GITHUB_TOKEN_SECRET_NAME=ghe-runner/github-token env var + IAM policy
+     - Lambda rebuilt via packer (build #10 SUCCEEDED). Commits 5d3ff19 on lambda-template-repo-generator.
+   - Fix 7: DELETE /vulnerability-alerts: 404 on GHE 3.13
+     - CSVD module had `vulnerability_alerts = false` (default) → GitHub provider calls DELETE → GHE 3.13 returns 404
+     - Fixed CSVD/terraform-github-repo directly (admin access):
+       - variables.tf: changed `default = false` → `default = null, nullable = true`
+       - github_repo.tf: added `vulnerability_alerts` to lifecycle `ignore_changes`
+       - Pushed commits d7d39cb + 7e088f3 to CSVD/terraform-github-repo main branch
+   - Fix 8: CFN Outputs require pull_request_url + branch_name but Lambda EKS path wasn't returning them
+     - Root error: `Vendor response doesn't contain pull_request_url attribute`
+     - Fixed app.py: after CodeBuild SUCCEEDED, query GitHub API /repos/{org}/{repo}/pulls?state=open
+       to fetch real PR URL and branch name, include in cfn-response Data. Commit 26c6fe9.
+   - FINAL RESULT: sc-e2e-test-20260407-1402 → ✔ PASS (207s)
+     - Repo created: https://github.e.it.census.gov/SCT-Engineering/sc-e2e-test-20260407-1402
+     - GitHub Verification: public, default_branch=main
+     - All CFN outputs populated correctly

examples/adsd-tools-dev/main.tf

@@ -19,15 +19,15 @@ module "eks_deployment" {
 
   # Cluster configuration - simplified interface
   cluster_config = {
-    account_name         = "adsd-tools-nonprod-gov"
-    aws_account_id       = "533109815932"
-    cluster_mailing_list = "adsd.enterprise.tools.support.branch.list@census.gov"
-    environment_abbr     = "prod"
+    account_name          = "adsd-tools-nonprod-gov"
+    aws_account_id        = "533109815932"
+    cluster_mailing_list  = "adsd.enterprise.tools.support.branch.list@census.gov"
+    environment_abbr      = "prod"
     finops_project_name   = "adsd_etdsb_tools_migration"
-    finops_project_number  = "fs0000000069"
-    finops_project_role    = "adsd_tools_mgrn_eks"
-    vpc_domain_name      = "dev.adsd.csp1.census.gov"
-    vpc_name             = "vpc3-inf-dev"
+    finops_project_number = "fs0000000069"
+    finops_project_role   = "adsd_tools_mgrn_eks"
+    vpc_domain_name       = "dev.adsd.csp1.census.gov"
+    vpc_name              = "vpc3-inf-dev"
     tags = {
       Owner       = "adsd.enterprise.tools.support.branch.list@census.gov"
       Environment = "development"

examples/basic/main.tf

@@ -16,15 +16,15 @@ module "eks_deployment" {
 
   # Cluster configuration - simplified interface
   cluster_config = {
-    account_name         = "ma6-gov"
-    aws_account_id       = "252960665057"
-    cluster_mailing_list = "adep.mojo.development.list@census.gov"
-    environment_abbr     = "dev"
+    account_name          = "ma6-gov"
+    aws_account_id        = "252960665057"
+    cluster_mailing_list  = "adep.mojo.development.list@census.gov"
+    environment_abbr      = "dev"
     finops_project_name   = "PPSI_DICE"
-    finops_project_number  = "fs0000000015"
-    finops_project_role    = "dice:dev:mojo"
-    vpc_domain_name      = "dev.dice.census.gov"
-    vpc_name             = "vpc2-dice-dev"
+    finops_project_number = "fs0000000015"
+    finops_project_role   = "dice:dev:mojo"
+    vpc_domain_name       = "dev.dice.census.gov"
+    vpc_name              = "vpc2-dice-dev"
     tags = {
       Owner       = "PETeam"
       Environment = "Development"