From 2681b235d6d27e9ae66f45486125d25a78b45b5b Mon Sep 17 00:00:00 2001
From: benesjan <janbenes1234@gmail.com>
Date: Tue, 12 May 2026 13:19:29 +0000
Subject: [PATCH] chore(ci): revert ci-release-publish to AWS access keys

Forward-ports #23167 from the v4 backport line onto next.
Reverts OIDC-based AWS auth in the ci-release-publish job back
to access key credentials to unblock nightlies.
---
 .github/workflows/ci3.yml | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ci3.yml b/.github/workflows/ci3.yml
index 4a613fbd202c..43e46c89477f 100644
--- a/.github/workflows/ci3.yml
+++ b/.github/workflows/ci3.yml
@@ -508,9 +508,6 @@ jobs:
   ci-release-publish:
     runs-on: ubuntu-latest
     environment: master
-    permissions:
-      id-token: write
-      contents: read
     needs: [ci, ci-compat-e2e]
     if: |
       startsWith(github.ref, 'refs/tags/v')
@@ -526,16 +523,10 @@ jobs:
         with:
           ref: ${{ github.sha }}
 
-      - name: Configure AWS credentials (OIDC)
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
-          aws-region: us-east-2
-          role-session-name: ci3-release-publish-${{ github.run_id }}
-          role-duration-seconds: 21600
-
       - name: Run Release Publish
         env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
           BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }}
           GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}