configure AWS credentials

tgvashworth · tgvashworth · commit 684c1953d3a8 · 2022-09-20T21:39:08.000+01:00
diff --git a/.github/workflows/docker-cloud-publish.yml b/.github/workflows/docker-cloud-publish.yml
@@ -2,12 +2,19 @@ name: docker-cloud go publish
 on: push
 jobs:
   publish:
+    permissions:
+      id-token: write
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: docker-cloud
     steps:
       - uses: actions/checkout@v3
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: arn:aws:iam::464590638146:role/GitHubActionECRPublicPushImage
+          aws-region: us-east-1
       - name: Login to Amazon ECR Public
         id: login-ecr-public
         uses: aws-actions/amazon-ecr-login@v1
diff --git a/docker-cloud/IMPLEMENTATION.md b/docker-cloud/IMPLEMENTATION.md
@@ -118,3 +118,14 @@ And:
     cache-dependency-path: "docker-cloud/go.sum"
     cache: true
 ```
+
+### Action to publish image
+
+This is complex.
+
+[Guide here](https://benoitboure.com/securely-access-your-aws-resources-from-github-actions) was very helpful.
+
+Actions used:
+
+- https://github.com/aws-actions/configure-aws-credentials
+- https://github.com/aws-actions/amazon-ecr-login
