Merge pull request #47 from rrigato/dev

inline environment variable and use oidc role
rrigato · Apr 21, 2024 · c3e1377 · c3e1377
2 parents 284ad2c + 3ac3683
commit c3e1377
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/.github/workflows/homepage_update.yml b/.github/workflows/homepage_update.yml
@@ -47,8 +47,6 @@ jobs:
 
 
   publish-commit-artifact:
-    env:
-      ORCHESTRATION_SCRIPT: './.github/scripts/orchestrate_artifacts.sh'
     needs: deploy-website-source-files
     name: favicon to s3 bucket
     permissions:
@@ -61,16 +59,23 @@ jobs:
         uses: actions/checkout@v3
 
       - name: script-execution-permissions
-        run: chmod +x ${{env.ORCHESTRATION_SCRIPT}}
+        run: chmod +x ./.github/scripts/orchestrate_artifacts.sh
+
+
+      - name: assume-github-actions-role
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          audience: sts.amazonaws.com
+          aws-region: ${{vars.REGION_NAME}}
+          role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID}}:role/${{secrets.PIPELINE_ROLE_NAME}}
+
 
       - name: upload-favicon-artifacts
         shell: bash
         env:
-          AWS_ACCESS_KEY_ID: ${{secrets.PERSISTANT_STORAGE_ID}}
           AWS_DEFAULT_OUTPUT: json
           AWS_DEFAULT_REGION: ${{vars.REGION_NAME}}
           AWS_S3_BUCKET_NAME: 'ryanrigato.com'
-          AWS_SECRET_ACCESS_KEY: ${{secrets.PERSISTANT_STORAGE_KEY}}
-        run: ${{env.ORCHESTRATION_SCRIPT}}
+        run: ./.github/scripts/orchestrate_artifacts.sh