From 8fd9dc139b396b872efb4cac0a8aea755065a10d Mon Sep 17 00:00:00 2001 From: Kris Johnson Date: Mon, 16 Oct 2023 11:41:45 -0400 Subject: [PATCH] Chore: Update GitHub action with assumed role --- .github/workflows/deploy-ecs.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-ecs.yml b/.github/workflows/deploy-ecs.yml index 7dd6ff81..9f84dc37 100644 --- a/.github/workflows/deploy-ecs.yml +++ b/.github/workflows/deploy-ecs.yml @@ -1,5 +1,9 @@ name: Deploy to ECS +permissions: + id-token: write + contents: read + on: schedule: - cron: '0 5 * * *' @@ -14,12 +18,11 @@ on: jobs: call-workflow: - uses: mbta/workflows/.github/workflows/deploy-ecs.yml@main + uses: mbta/actions/deploy-ecs@v2 with: app-name: arrow environment: ${{ github.event.inputs.environment || 'dev' }} secrets: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} docker-repo: ${{ secrets.DOCKER_REPO }} slack-webhook: ${{ secrets.SLACK_WEBHOOK }}