From ee14ea6d986fa39df430c7fd0c2c34abdbc7e185 Mon Sep 17 00:00:00 2001
From: Inian <inian1234@gmail.com>
Date: Tue, 17 Jan 2023 19:17:49 +0800
Subject: [PATCH] fix: switch to aws roles in github action

---
 .github/workflows/mirror.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml
index 29543b592..a8d5f9eeb 100644
--- a/.github/workflows/mirror.yml
+++ b/.github/workflows/mirror.yml
@@ -28,16 +28,20 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
     steps:
       - id: strip
         run: |
           TAG=${{ matrix.src }}
           echo "dst=${TAG##*/}" >> $GITHUB_OUTPUT
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
+          aws-region: us-east-1
       - uses: docker/login-action@v2
         with:
           registry: public.ecr.aws
-          username: ${{ secrets.PROD_ACCESS_KEY_ID }}
-          password: ${{ secrets.PROD_SECRET_ACCESS_KEY }}
       - uses: docker/login-action@v2
         with:
           registry: ghcr.io