simply calls an API endpoint to swap GITHUB_TOKEN for minted STS token. You'll need to provide the backend to validate the token.
name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: netlibs/iam-mint-action@v3
with:
endpoint: https://my.endpoint/token_issuer
role: arn:aws:iam::<account>:role/<something>
token: ${{ secrets.GITHUB_TOKEN }}
# you can now use AWS-SDK based apps with ambient credentials, for exmaple:
- name: AWS Login
run: |
endpoint=$(aws ecr get-authorization-token --region us-west-2 --output text --query 'authorizationData[].proxyEndpoint')
aws ecr get-authorization-token --region us-west-2 --output text --query 'authorizationData[].authorizationToken' | base64 --decode | cut -d: -f2 | docker login -u AWS --password-stdin $endpoint
- token
- endpoint
- actor
- project
- region
- profile
npm run build
git commit -a -m 'new version'
git tag -a -m "intial release" v1
git push --follow-tags