From f37c7113cb494e2d08dca548169dc4f5ab3c97e0 Mon Sep 17 00:00:00 2001 From: Kevin Pagtakhan Date: Wed, 6 Apr 2022 14:03:06 -0700 Subject: [PATCH] build: fix s3 deployment to use iam role --- .github/workflows/release.yml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3d7c4059..66542a52 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,6 +12,9 @@ jobs: authorize: name: Authorize runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - name: ${{ github.actor }} permission check to do a release uses: octokit/request-action@v2.0.0 @@ -38,9 +41,8 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: arn:aws:iam::358203115967:role/github-actions-role + aws-region: us-west-2 - name: node_modules cache uses: actions/cache@v2 @@ -71,9 +73,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_REGION }} S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} run: npx semantic-release --dry-run @@ -82,8 +81,5 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.AWS_REGION }} S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} run: npx semantic-release