From aed7091a451ec4e3067b418b968768546b7e17fc Mon Sep 17 00:00:00 2001
From: Mike Bland <mbland@acm.org>
Date: Mon, 11 Sep 2023 14:02:02 -0400
Subject: [PATCH] Add "unset-current-credentials: true" to CI/CD

Yesterday, I started creating an AWS SAM CI/CD pipeline using GitHub
Actions, which isn't yet deployed.

Today, the mbland/elistman pipeline started failing while trying to
configure AWS credentials after pushing commit
4841adea7aa6e5d27805a8737a213a638ca18d66:

- https://github.com/mbland/elistman/actions/runs/6149590436/job/16686549484
  Error: The security token included in the request is invalid.

I tried to update the trust policy for the relevant IAM user, which I'd
seen had been updated to trust requests from mbland/ses-forwarder. I
manually edited it back to mbland/elistman. Rerunning the job still
failed.

I then updated the pipeline to aws-actions/configure-aws-credentials@v3
in commit 60463bcbd3162a22f4d03b7aa745ae6e9551e657, but it still failed:

- https://github.com/mbland/elistman/actions/runs/6149930473/job/16686849270

Searching for related issues turned up the possibility of trying
"unset-current-credentials: true":

- https://github.com/aws-actions/configure-aws-credentials#unset-current-credentials
- https://github.com/aws-actions/configure-aws-credentials/issues/383

Trying it to see how it goes.
---
 .github/workflows/pipeline.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
index fb2f7cb..357634a 100644
--- a/.github/workflows/pipeline.yaml
+++ b/.github/workflows/pipeline.yaml
@@ -130,6 +130,7 @@ jobs:
           role-session-name: testing-packaging
           role-duration-seconds: 3600
           role-skip-session-tagging: true
+          unset-current-credentials: true
 
       - name: Validate SAM template
         run: |