diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 39c389d..0476d49 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -1,28 +1,35 @@ on: + workflow_dispatch: push: branches: - main paths-ignore: - - "**.md" + - ".github/workflows/*" + - "**.md" + +permissions: + id-token: write + contents: read + jobs: build-and-deploy: runs-on: ubuntu-latest environment: production steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install jq uses: dcarbone/install-jq-action@v1.0.1 - name: Setup Python - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 - name: Setup AWS SAM CLI uses: aws-actions/setup-sam@v2 - - name: Setup AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 + - name: Setup AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.1 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }} aws-region: ${{ secrets.AWS_REGION }} + mask-aws-account-id: true - name: Require Variables run: | SASHA_TABLE_NAME=` \