From 8c9437ba8d29145aed7d5c039c38f3a462dea9ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabi=C3=A1n=20Vega?= <fabianveal@Fabians-MacBook-Air.local>
Date: Sat, 23 Mar 2024 21:32:37 -0300
Subject: [PATCH] fix(deploy): add oidc

---
 .github/workflows/main.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 074c333..91befba 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -7,6 +7,9 @@ on:
     branches:
       - main
 
+permissions:
+  id-token: write # This is required for requesting the JWT
+
 jobs:
   build_and_deploy:
     runs-on: ubuntu-latest
@@ -15,13 +18,13 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
 
-      - name: Set up Rust 
+      - name: Set up Rust
         uses: actions-rs/toolchain@v1
         with:
           toolchain: nightly
           profile: minimal
           override: true
-      
+
       - name: Install WebAssembly target
         run: rustup target add wasm32-unknown-unknown
 
@@ -32,10 +35,9 @@ jobs:
         run: trunk build --release
 
       - name: Config AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v3
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: arn:aws:iam::471112525273:role/github-oidc
           aws-region: ${{ secrets.AWS_REGION }}
 
       - name: Deploy to EC2