From 67612dc543f7fdab1e2df925c0ad3d6db7b28218 Mon Sep 17 00:00:00 2001 From: Kris Johnson Date: Wed, 8 Nov 2023 10:04:22 -0500 Subject: [PATCH] Chore: Update action to v2 (#20) * Chore: Update action to v2 * add permissions --- .github/workflows/build-image.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index b8ac1f7..d57a12e 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -10,16 +10,18 @@ jobs: name: Build Container Image runs-on: ubuntu-latest concurrency: build-image + permissions: + id-token: write + contents: read steps: - uses: actions/checkout@v2 - name: Get pushed tag name id: vars run: echo ::set-output name=tag::${GITHUB_REF#refs/*/} - - uses: mbta/actions/build-push-ecr@v1 + - uses: mbta/actions/build-push-ecr@v2 id: build-push with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} docker-repo: ${{ secrets.DOCKER_REPO }} docker-additional-tags: ${{ steps.vars.outputs.tag }}