llamandcoco · llama90 · Dec 30, 2025 · Dec 30, 2025 · Dec 30, 2025 · Dec 30, 2025
diff --git a/applications/chatops/slack-bot/src/shared/secrets.ts b/applications/chatops/slack-bot/src/shared/secrets.ts
@@ -71,3 +71,46 @@ export async function getSlackBotToken(): Promise<string> {
 export async function getSlackSigningSecret(): Promise<string> {
   return getSecret('slack/signing-secret');
 }
+
+export async function getGitHubToken(): Promise<string> {
+  const cacheKey = 'github-pat';
+
+  // Check cache first
+  const cached = secretCache.get(cacheKey);
+  if (cached && cached.expiresAt > Date.now()) {
+    logger.debug('GitHub PAT retrieved from cache');
+    return cached.value;
+  }
+
+  // GitHub PAT is stored in common environment, not environment-specific
+  // Use direct parameter path instead of getSecret() which adds environment prefix
+  const parameterPath = '/laco/cmn/github/pat/cloud-apps';
+
+  try {
+    logger.debug('Fetching GitHub PAT from Parameter Store', { parameterPath });
+
+    const response = await ssmClient.send(
+      new GetParameterCommand({
+        Name: parameterPath,
+        WithDecryption: true
+      })
+    );
+
+    const value = response.Parameter?.Value;
+    if (!value) {
+      throw new Error(`GitHub PAT not found: ${parameterPath}`);
+    }
+
+    // Cache the GitHub PAT
+    secretCache.set(cacheKey, {
+      value,
+      expiresAt: Date.now() + CACHE_TTL
+    });
+
+    logger.info('GitHub PAT retrieved successfully', { parameterPath });
+    return value;
+  } catch (error) {
+    logger.error('Failed to retrieve GitHub PAT', error as Error, { parameterPath });
+    throw error;
+  }
+}
diff --git a/applications/chatops/slack-bot/src/workers/build/index.ts b/applications/chatops/slack-bot/src/workers/build/index.ts
@@ -5,8 +5,7 @@
 import { logger } from '../../shared/logger';
 import { sendSlackResponse } from '../../shared/slack-client';
 import { WorkerMessage } from '../../shared/types';
-// TODO: Re-enable when getParameter is implemented
-// import { getParameter } from '../../shared/secrets';
+import { getGitHubToken } from '../../shared/secrets';
 
 interface BuildCommand {
   component: string;  // router, echo, deploy, status, all
@@ -50,14 +49,8 @@
   response_url: string;
   user: string;
 }): Promise<void> {
-  // TODO: Re-enable when getParameter is implemented
   // Get GitHub token from Parameter Store
-  // const githubToken = await getParameter('/laco/cmn/github/pat/cloud-apps');
-  const githubToken = process.env.GITHUB_TOKEN;
-
-  if (!githubToken) {
-    throw new Error('GITHUB_TOKEN environment variable is required (temporary workaround until getParameter is implemented)');
-  }
+  const githubToken = await getGitHubToken();
 
   const owner = 'llamandcoco';
   const repo = 'cloud-apps';
@@ -101,7 +94,7 @@
    }
  } catch (error) {
    logger.error('Failed to trigger GitHub Actions workflow', error as Error);
    throw new Error(`GitHub API error: ${(error as any).response?.data?.message || (error as Error).message}`);
  }
 }