From 503f011e2d77ee704006b45aac6aa423ab615406 Mon Sep 17 00:00:00 2001
From: Kris Johnson <krisjohnson@mbta.com>
Date: Tue, 7 Nov 2023 15:38:57 -0500
Subject: [PATCH 1/2] Chore: Update action to v2

---
 .github/workflows/build-image.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index b8ac1f7..1e559cd 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -16,10 +16,9 @@ jobs:
       - name: Get pushed tag name
         id: vars
         run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
-      - uses: mbta/actions/build-push-ecr@v1
+      - uses: mbta/actions/build-push-ecr@v2
         id: build-push
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
           docker-repo: ${{ secrets.DOCKER_REPO }}
           docker-additional-tags: ${{ steps.vars.outputs.tag }}

From e6e67eb41afbcd39ddb37955b41d1ae06069678c Mon Sep 17 00:00:00 2001
From: Kris Johnson <krisjohnson@mbta.com>
Date: Tue, 7 Nov 2023 15:41:53 -0500
Subject: [PATCH 2/2] add permissions

---
 .github/workflows/build-image.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 1e559cd..d57a12e 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -10,6 +10,9 @@ jobs:
     name: Build Container Image
     runs-on: ubuntu-latest
     concurrency: build-image
+    permissions:
+      id-token: write
+      contents: read
 
     steps:
       - uses: actions/checkout@v2