ci: get role from secrets

WarFox · Jan 1, 2024 · 0184d7c · 0184d7c
1 parent 95477c3
commit 0184d7c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -63,6 +63,8 @@ jobs:
     with:
       environment: staging
       s3-bucket: staging.deepumohan.com
+    secrets:
+      role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
 
   production:
     if: github.ref == 'refs/heads/main'
@@ -71,3 +73,5 @@ jobs:
     with:
       environment: production
       s3-bucket: deepumohan.com
+    secrets:
+      role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml
@@ -10,6 +10,9 @@ on:
       s3-bucket:
         required: true
         type: string
+    secrets:
+      role-to-assume:
+        required: true
 
 permissions:
   id-token: write
@@ -30,7 +33,7 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-            role-to-assume: arn:aws:iam::106172881994:role/GitHubActionsRole
+            role-to-assume: ${{ secrets.role-to-assume }}
             aws-region: eu-west-1
             role-duration-seconds: 1200
             role-session-name: publish-to-s3-action