diff --git a/.github/workflows/main-CI.yml b/.github/workflows/main-CI.yml index 9e051d88..27ad7234 100644 --- a/.github/workflows/main-CI.yml +++ b/.github/workflows/main-CI.yml @@ -13,6 +13,9 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +permissions: + id-token: write + contents: read # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -32,10 +35,9 @@ jobs: run: make build - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }} aws-region: us-east-1 - name: CI diff --git a/.github/workflows/main-deploy-dev.yml b/.github/workflows/main-deploy-dev.yml index 4c291fb7..7ab44cbd 100644 --- a/.github/workflows/main-deploy-dev.yml +++ b/.github/workflows/main-deploy-dev.yml @@ -7,6 +7,9 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +permissions: + id-token: write + contents: read # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -26,10 +29,9 @@ jobs: run: make build - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }} aws-region: us-east-1 - name: Deploy diff --git a/.github/workflows/main-deploy.yml b/.github/workflows/main-deploy.yml index 7b86ae03..cc2d7f07 100644 --- a/.github/workflows/main-deploy.yml +++ b/.github/workflows/main-deploy.yml @@ -7,6 +7,10 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +permissions: + id-token: write + contents: read + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -24,14 +28,13 @@ jobs: - name: Build run: make build - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }} aws-region: us-east-1 + - name: Deploy env: DEV_SECRET: ${{ secrets.DEV_SECRET }}