From 07d3dcd98836c3c3d28a6727453ce36a7cb2563e Mon Sep 17 00:00:00 2001
From: core-fe <core-fe@moleculesai.app>
Date: Thu, 21 May 2026 14:42:23 -0700
Subject: [PATCH] Use literal region for AWS secrets janitor

---
 .gitea/workflows/sweep-aws-secrets.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/sweep-aws-secrets.yml b/.gitea/workflows/sweep-aws-secrets.yml
index 5d3801d5a..dcd00bfb6 100644
--- a/.gitea/workflows/sweep-aws-secrets.yml
+++ b/.gitea/workflows/sweep-aws-secrets.yml
@@ -70,7 +70,10 @@ jobs:
     # to leave headroom for any actual API hang.
     timeout-minutes: 30
     env:
-      AWS_REGION: ${{ secrets.AWS_SECRETS_JANITOR_REGION || 'us-east-2' }}
+      # Keep this literal. Gitea/act_runner 1.22.6 can mis-render
+      # secret-backed expressions with `||`, which produced an invalid
+      # Secrets Manager endpoint in the scheduled janitor.
+      AWS_REGION: us-east-2
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_SECRETS_JANITOR_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRETS_JANITOR_SECRET_ACCESS_KEY }}
       CP_ADMIN_API_TOKEN: ${{ secrets.CP_ADMIN_API_TOKEN }}
-- 
2.52.0