From d4e88ac48b8e0c68d40bc0936fd146a1122f186f Mon Sep 17 00:00:00 2001
From: Philippe Ballandras <pballandras@coveo.com>
Date: Tue, 25 Oct 2022 12:10:51 -0400
Subject: [PATCH] Better creds for full tests (#453)

Adds OIDC setup for credentials
---
 .github/workflows/tag.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
index 7ec86d84d..724019c09 100644
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@@ -6,6 +6,8 @@ on:
 jobs:
   build:
     name: Build
+    permissions:
+      id-token: write # required for AWS assume role
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -27,10 +29,14 @@ jobs:
           wget https://releases.hashicorp.com/terraform/${{ matrix.terraform }}/terraform_${{ matrix.terraform }}_linux_amd64.zip -O /tmp/terraform.zip
           sudo unzip -o -d /usr/local/bin/ /tmp/terraform.zip
 
+      - uses: coveooss/configure-aws-credentials-action@v1.7.0
+        with:
+          aws-region: us-east-1
+          role-to-assume: arn:aws:iam::043612128888:role/nrd-oss-terragrunt-github-actions-ci
+
       - name: Run full tests on releases
         env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: us-east-1
         run: |
           make full-test