fix: Updated token retrieval to use new API #270
Conversation
richardhboyd
changed the title
| @@ -571,7 +570,6 @@ describe('Configure AWS Credentials', () => { | |||
| test('only role arn and region provided to use GH OIDC Token', async () => { | |||
| process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN = 'test-token'; | |||
There was a problem hiding this comment.
Do we need these environment variables anymore?
There was a problem hiding this comment.
Yes. These being set is how we determine whether or not we are in a self-hosted runner or in a "proper" GitHub Action. If we remove them, the test will behave as if it were in a self-hosted runner (where OIDC isn't supported)
There was a problem hiding this comment.
Then where are we using it's test-token value in the test?
There was a problem hiding this comment.
We don't use it in the test, we use it in the action.
https://github.com/aws-actions/configure-aws-credentials/blob/master/index.js#L284
There was a problem hiding this comment.
We're less concerned with the actual value of the ENV variable, we just need it set to something so that the action sees that it has been set and behaves as if the test were running in a 'real' GitHub Action.
Issue #, if available:
Description of changes:
sigstorewithsts.amazon.awsas the audience to reflect OIDC best practices for the audience to reflect the party that will be receiving the JWT.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.