@@ -30,20 +30,20 @@ jobs:
3030 with :
3131 role-to-assume : ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_ROLE_ARN }}
3232 aws-region : us-west-2
33- # Retrieve the Access Token from Secrets Manager
34- - name : Retrieve secret from AWS Secrets Manager
33+ # Retrieve the per-repo deploy key + FG PAT from Secrets Manager
34+ - name : Retrieve secrets from AWS Secrets Manager
3535 uses : aws-actions/aws-secretsmanager-get-secrets@3a411b6ec5cace3d626412dd917e7bfeac242cfa # v3.0.0
3636 with :
3737 secret-ids : |
38- AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}
39- parse-json-secrets : true
40- # Checkout a full clone of the repo
38+ DEPLOY_KEY, prod/devops/aws-lambda-dotnet-deploy-key
39+ FG_PAT, prod/devops/aws-lambda-dotnet-fg-pat
40+ # Checkout a full clone of the repo using the deploy key (push runs over SSH)
4141 - name : Checkout code
4242 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4343 with :
4444 ref : dev
4545 fetch-depth : 0
46- token : ${{ env.AWS_SECRET_TOKEN }}
46+ ssh-key : ${{ env.DEPLOY_KEY }}
4747 # Install .NET9 which is needed for AutoVer
4848 - name : Setup .NET 9.0
4949 uses : actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
9595# Create the GitHub Release
9696 - name : Create GitHub Release
9797 env :
98- GITHUB_TOKEN : ${{ env.AWS_SECRET_TOKEN }}
98+ GITHUB_TOKEN : ${{ env.FG_PAT }}
9999 run : |
100100 gh release create "${{ steps.read-tag-name.outputs.TAG }}" --title "${{ steps.read-release-name.outputs.VERSION }}" --notes "${{ steps.read-changelog.outputs.CHANGELOG }}"
101101# Delete the `releases/next-release` branch
@@ -119,7 +119,7 @@ jobs:
119119 github.event.pull_request.base.ref == 'dev'
120120runs-on : ubuntu-latest
121121 steps :
122- # Checkout a full clone of the repo
122+ # Checkout a full clone of the repo using the deploy key (push runs over SSH)
123123 - name : Checkout code
124124 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
125125 with :
0 commit comments