diff --git a/.github/workflows/reusable_publish_docker.yaml b/.github/workflows/reusable_publish_docker.yaml index 74e2f12bc1e..86f1b29711e 100644 --- a/.github/workflows/reusable_publish_docker.yaml +++ b/.github/workflows/reusable_publish_docker.yaml @@ -45,7 +45,7 @@ jobs: password: ${{ secrets.DOCKERHUB_SECRET }} - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: role-to-assume: "arn:aws:iam::292999226676:role/github_actions-falco-ecr" aws-region: us-east-1 # The region must be set to us-east-1 in order to access ECR Public. diff --git a/.github/workflows/reusable_publish_packages.yaml b/.github/workflows/reusable_publish_packages.yaml index 8e5896234c3..530e5dd8418 100644 --- a/.github/workflows/reusable_publish_packages.yaml +++ b/.github/workflows/reusable_publish_packages.yaml @@ -36,7 +36,7 @@ jobs: # Configure AWS role; see https://github.com/falcosecurity/test-infra/pull/1102 # Note: master CI can only push dev packages as we have 2 different roles for master and release. - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 # TODO needs to be updated + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: role-to-assume: "arn:aws:iam::292999226676:role/github_actions-falco${{ inputs.bucket_suffix }}-s3" aws-region: ${{ env.AWS_S3_REGION }} @@ -109,7 +109,7 @@ jobs: # Configure AWS role; see https://github.com/falcosecurity/test-infra/pull/1102 # Note: master CI can only push dev packages as we have 2 different roles for master and release. - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: role-to-assume: "arn:aws:iam::292999226676:role/github_actions-falco${{ inputs.bucket_suffix }}-s3" aws-region: ${{ env.AWS_S3_REGION }}