(@aws-cdk/aws-codepipeline-actions): Github Access Token / Secrets Manager not updating

Recently we’ve had to update our personal access tokens for Github and we’ve had some CodePipelines setup through the CDK to use this through @aws-cdk/aws-codepipeline-actions.GitHubSourceAction.

After updating the secret in Secrets Manager through the console, all pipelines fail to build from Github as the previous token has been revoked. Re-deploying the CDK doesn’t do anything as technically nothings changed in there.

Reproduction Steps

• Create a Personal Access token in Github
• Save that PAT in Secrets Manager under /github/pipeline-token
• Create a CodePipeline using CDK with the following source

    const sourceOutput = new Artifact();
    const sourceAction = new GitHubSourceAction({
        actionName: 'GithubSource',
        owner: 'repo-owner',
        repo: 'repo-name',
        branch,
        oauthToken: SecretValue.secretsManager('/github/pipeline-token'),
        output: sourceOutput,
    });

• Run it once, it should run as expected
• Re-generate the PAT in Github and update the value in Secrets Manager
• Now do a release in the Pipeline and it will fail as the token no longer works

What did you expect to happen?

It should automatically get the latest version from SecretsManager

What actually happened?

It does not get the latest token version from SecretsManager

Environment

• CDK CLI Version : 1.97.0
• Framework Version:
• Node.js Version: 12.20.1
• OS : Ubuntu 20
• Language (Version): TypeScript (4.2.3)

Other

This is 🐛 Bug Report