From 60d311f153a0a5e620aad36a990879aa1a961814 Mon Sep 17 00:00:00 2001 From: Sean Stoves Date: Wed, 13 Nov 2024 15:29:37 -0500 Subject: [PATCH] Update deploy.yml --- .github/workflows/deploy.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9e2f12f..90c3c9e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,6 +5,10 @@ on: types: [ published ] workflow_dispatch: +permissions: + contents: read + id-token: write + jobs: deploy: name: Deploy @@ -22,8 +26,8 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AVRAE_GITHUB_OIDC_ROLE_ARN }} + role-session-name: "avrae-service-deploy-live" aws-region: ${{ env.REGION }} - name: Login to Amazon ECR