From ea601f6bf2e7caa40b211dcc759ffee51a363ee2 Mon Sep 17 00:00:00 2001
From: cristidas <cristi.dascalu@gmail.com>
Date: Wed, 12 Jun 2024 15:45:36 +0200
Subject: [PATCH] using oidc authentication and bumping actions versions

---
 .github/workflows/aws-prod.yaml    | 10 +++++-----
 .github/workflows/aws-staging.yaml | 15 ++++++++++-----
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/aws-prod.yaml b/.github/workflows/aws-prod.yaml
index d9c0cf4..2fc2457 100644
--- a/.github/workflows/aws-prod.yaml
+++ b/.github/workflows/aws-prod.yaml
@@ -16,13 +16,13 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
-        aws-access-key-id: ${{ secrets.EKS_AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.EKS_AWS_SECRET_ACCESS_KEY }}
+        role-to-assume: ${{ secrets.GA_OIDC_LAMBDA_PROD }}
+        role-session-name: chainlog-prod
         aws-region: ${{ env.AWS_REGION }}
 
     - name: Login to Amazon ECR
@@ -96,7 +96,7 @@ jobs:
         atomic: true
 
     - name: Deploying Chainlog Logger to Kubernetes with Helm
-      uses: bitovi/github-actions-deploy-eks-helm@v1.2.4
+      uses: bitovi/github-actions-deploy-eks-helm@v1.2.9
       with:
         values: image.repository=${{ steps.login-ecr.outputs.registry }}/chainlog-logger-prod,image.tag=${{ steps.vars.outputs.sha_short }}
         cluster-name: ${{ env.CLUSTER_NAME }}
diff --git a/.github/workflows/aws-staging.yaml b/.github/workflows/aws-staging.yaml
index 7d38e32..1b316b0 100644
--- a/.github/workflows/aws-staging.yaml
+++ b/.github/workflows/aws-staging.yaml
@@ -2,9 +2,14 @@ on:
   push:
     branches:
       - dev
+      - TECH-3252-update-iam
 
 name: Deploy to AWS Staging (K8s)
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   deploy:
     name: Deploy
@@ -16,13 +21,13 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
-        aws-access-key-id: ${{ secrets.EKS_AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.EKS_AWS_SECRET_ACCESS_KEY }}
+        role-to-assume: ${{ secrets.GA_OIDC_LAMBDA_PROD }}
+        role-session-name: chainlog-staging
         aws-region: ${{ env.AWS_REGION }}
 
     - name: Login to Amazon ECR
@@ -96,7 +101,7 @@ jobs:
         atomic: true
 
     - name: Deploying Chainlog Logger to Kubernetes with Helm
-      uses: bitovi/github-actions-deploy-eks-helm@v1.2.4
+      uses: bitovi/github-actions-deploy-eks-helm@v1.2.9
       with:
         values: image.repository=${{ steps.login-ecr.outputs.registry }}/chainlog-logger-staging,image.tag=${{ steps.vars.outputs.sha_short }}
         cluster-name: ${{ env.CLUSTER_NAME }}