From 37093af00f6949ea1550d5d09551349f4af13676 Mon Sep 17 00:00:00 2001 From: Inian Date: Tue, 17 Jan 2023 19:31:47 +0800 Subject: [PATCH] fix: switch to aws roles --- .github/workflows/mirror.yml | 8 ++++++-- .github/workflows/publish.yml | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml index dafb479..39abf7d 100644 --- a/.github/workflows/mirror.yml +++ b/.github/workflows/mirror.yml @@ -14,12 +14,16 @@ jobs: permissions: contents: read packages: write + id-token: write steps: + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.PROD_AWS_ROLE }} + aws-region: us-east-1 - uses: docker/login-action@v2 with: registry: public.ecr.aws - username: ${{ secrets.PROD_ACCESS_KEY_ID }} - password: ${{ secrets.PROD_SECRET_ACCESS_KEY }} - uses: docker/login-action@v2 with: registry: ghcr.io diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a465ecf..b518096 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,6 +16,7 @@ jobs: permissions: contents: read packages: write + id-token: write steps: - id: meta uses: docker/metadata-action@v4 @@ -36,12 +37,15 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.PROD_AWS_ROLE }} + aws-region: us-east-1 - name: Login to ECR uses: docker/login-action@v2 with: registry: public.ecr.aws - username: ${{ secrets.PROD_ACCESS_KEY_ID }} - password: ${{ secrets.PROD_SECRET_ACCESS_KEY }} - name: Login to GHCR uses: docker/login-action@v2 with: