configure AWS credentials

tgvashworth · tgvashworth · commit 28aa11b32b9b · 2022-09-20T22:19:03.000+01:00
diff --git a/.github/workflows/docker-cloud-publish.yml b/.github/workflows/docker-cloud-publish.yml
@@ -1,13 +1,20 @@
 name: docker-cloud go publish
-on: push
+on: workflow_dispatch
 jobs:
   publish:
+    permissions:
+      id-token: write
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: docker-cloud
     steps:
       - uses: actions/checkout@v3
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::464590638146:role/GitHubActionECRPublicPushImage
+          aws-region: us-east-1
       - name: Login to Amazon ECR Public
         id: login-ecr-public
         uses: aws-actions/amazon-ecr-login@v1
diff --git a/docker-cloud/IMPLEMENTATION.md b/docker-cloud/IMPLEMENTATION.md
@@ -118,3 +118,16 @@ And:
     cache-dependency-path: "docker-cloud/go.sum"
     cache: true
 ```
+
+### Action to publish image
+
+This is complex.
+
+[Guide here](https://benoitboure.com/securely-access-your-aws-resources-from-github-actions) was very helpful.
+
+Actions used:
+
+- https://github.com/aws-actions/configure-aws-credentials
+- https://github.com/aws-actions/amazon-ecr-login
+
+Consider: setting up a CYF public ECR repository with the right permissions.
