From 7f91ae60909d3beab3c378bed7447e0744581e4a Mon Sep 17 00:00:00 2001
From: Mila Page <versusfacit@users.noreply.github.com>
Date: Tue, 25 Jun 2024 02:06:56 -0700
Subject: [PATCH] Start step.

---
 .../workflows/internal-archive-release.yml    | 24 +++++++++++++------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/internal-archive-release.yml b/.github/workflows/internal-archive-release.yml
index 474502a..085663e 100644
--- a/.github/workflows/internal-archive-release.yml
+++ b/.github/workflows/internal-archive-release.yml
@@ -285,15 +285,25 @@ jobs:
           python -m pip install --upgrade setuptools wheel twine check-wheel-contents
           python -m pip --version
 
+      - name: "Authenticate with AWS"
+        uses: aws-actions/configure-aws-credentials@v4
+        id: aws-signin
+        with:
+          role-to-assume: arn:aws:iam:: #TODO
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-session-name: gha-internal-release-secrets-manager-${{ github.run_id }}
+          role-duration-seconds: 900 # 15 minutes
+          output-credentials: true
+
       - name: "Configure AWS profile for upload"
         run: |
-          aws configure set aws_access_key_id ${{ secrets.AWS_ARCHIVE_ACCESS_KEY_ID }} --profile ${{ env.TEMP_PROFILE_NAME }}
-          aws configure set aws_secret_access_key ${{ secrets.AWS_ARCHIVE_SECRET_ACCESS_KEY }} --profile ${{ env.TEMP_PROFILE_NAME }}
+          aws configure set aws_access_key_id ${{ steps.aws-signin.outputs.aws-access-key-id }} --profile ${{ env.TEMP_PROFILE_NAME }}
+          aws configure set aws_secret_access_key ${{ steps.aws-signin.outputs.aws-secret-access-key }} --profile ${{ env.TEMP_PROFILE_NAME }}
           aws configure set region ${{ secrets.AWS_REGION }} --profile ${{ env.TEMP_PROFILE_NAME }}
           aws configure set output text --profile ${{ env.TEMP_PROFILE_NAME }}
           aws codeartifact login --tool twine --repository ${{ secrets.AWS_REPOSITORY }} \
-          --domain ${{ secrets.AWS_DOMAIN }} --domain-owner ${{ secrets.AWS_DOMAIN_OWNER }} \
-          --region ${{ secrets.AWS_REGION }} --profile ${{ env.TEMP_PROFILE_NAME }}
+              --domain ${{ secrets.AWS_DOMAIN }} --domain-owner ${{ secrets.AWS_DOMAIN_OWNER }} \
+              --region ${{ secrets.AWS_REGION }} --profile ${{ env.TEMP_PROFILE_NAME }}
 
       - name: "Get version in package and versions published to internal pypi"
         run: |
@@ -304,10 +314,10 @@ jobs:
           --query 'versions[*].version' | jq -r '.[]' | grep "^${{ inputs.version_number }}" || true )"  # suppress pipefail only here
 
           version_file="dbt/adapters/${{ inputs.dbms_name }}/__version__.py"
-          
+
           version_in_file=$(grep -E 'version(: str)? =' "${version_file}" | cut -d '"' -f2)
           echo "[Debug] version_in_file: ${version_in_file}"
-          
+
           echo "CURRENT_PKG_VERSION=${version_in_file}" >> "$GITHUB_ENV"
           echo "VERSIONS_PUBLISHED=$(echo "${versions_published[*]}"| tr '\n' ',')" >> "$GITHUB_ENV"
           echo "VERSION_FILE=${version_file}" >> "$GITHUB_ENV"
@@ -332,7 +342,7 @@ jobs:
           if [ -f "${setup_file}" ]; then
             sed -i "s/^package_version = .*$/package_version = \"${v}\"/" "${setup_file}"
           fi
-      
+
 
       ################
       # Build package