From f26ef5b5ab17d787cc0cec994e31aab3c804a4c5 Mon Sep 17 00:00:00 2001
From: Blayne Chard <bchard@linz.govt.nz>
Date: Wed, 1 Dec 2021 13:13:00 +1300
Subject: [PATCH 1/3] ci: deploy assets to s3 bucket using ODIC provider

---
 .github/workflows/test.yaml | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 61cc2c67..092aa1c2 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -10,14 +10,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: linz/action-typescript@v1
-
-  build-nix:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2.3.4
-      - uses: cachix/install-nix-action@v16
-      - uses: cachix/cachix-action@v10
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
         with:
-          name: linz
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-      - run: nix-shell --pure --run true
+          aws-region: ap-southeast-2
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+      - name: Deploy docs
+        run: | 
+          aws s3 cp package.json s3://${BUCKET_NAME}/
+        env:
+          BUCKET_NAME: ${{ secrets.BUCKET_NAME }}

From 30a915e38b3593879756aa06967bc6b4567e6b9f Mon Sep 17 00:00:00 2001
From: Blayne Chard <bchard@linz.govt.nz>
Date: Wed, 1 Dec 2021 13:14:18 +1300
Subject: [PATCH 2/3] refactor: fix lint

---
 .github/workflows/test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 092aa1c2..3c0dc93a 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -16,7 +16,7 @@ jobs:
           aws-region: ap-southeast-2
           role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
       - name: Deploy docs
-        run: | 
+        run: |
           aws s3 cp package.json s3://${BUCKET_NAME}/
         env:
           BUCKET_NAME: ${{ secrets.BUCKET_NAME }}

From 73a1075a064b96b6121c343f4284c88fa684b1f7 Mon Sep 17 00:00:00 2001
From: Blayne Chard <bchard@linz.govt.nz>
Date: Wed, 1 Dec 2021 13:20:13 +1300
Subject: [PATCH 3/3] ci: add oidc endpoint

---
 .github/workflows/test.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 3c0dc93a..54d472c6 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -8,6 +8,9 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # needed to interact with GitHub's OIDC Token endpoint.
+      contents: read
     steps:
       - uses: linz/action-typescript@v1
       - name: Configure AWS Credentials