Commit 9934c79
authored
## Summary
- Restores OIDC-based AWS auth in the `ci-release-publish` job,
reverting #23192.
- Re-adds the `permissions: id-token: write / contents: read` block and
the `aws-actions/configure-aws-credentials` step using
`secrets.AWS_OIDC_ROLE_ARN`.
- Removes the static `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` env
vars that #23192 reintroduced as a workaround.
## Context
#23192 forward-ported #23167 to `next` (v5) as a temporary measure to
unblock nightlies. This PR moves v5 back onto OIDC now that the
underlying issue should be resolved.
## Test plan
- [ ] Confirm a tagged release publish run on this branch authenticates
to AWS successfully via OIDC before merging.
1 file changed
Lines changed: 11 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
499 | 499 | | |
500 | 500 | | |
501 | 501 | | |
| 502 | + | |
| 503 | + | |
| 504 | + | |
502 | 505 | | |
503 | 506 | | |
504 | 507 | | |
| |||
514 | 517 | | |
515 | 518 | | |
516 | 519 | | |
| 520 | + | |
| 521 | + | |
| 522 | + | |
| 523 | + | |
| 524 | + | |
| 525 | + | |
| 526 | + | |
| 527 | + | |
517 | 528 | | |
518 | 529 | | |
519 | | - | |
520 | | - | |
521 | 530 | | |
522 | 531 | | |
523 | 532 | | |
| |||
0 commit comments