Merge pull request #796 from fluxcd/cleanup-workflow-permission

workflows: add id-token permission for cleanup job
fluxcd · Aug 5, 2024 · 81d7ac6 · 81d7ac6
2 parents 94e75b7 + 12f2918
commit 81d7ac6
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/integration-cleanup.yaml b/.github/workflows/integration-cleanup.yaml
@@ -5,7 +5,8 @@ on:
   schedule:
     - cron: "0 * * * *"
 
-permissions: {}
+permissions:
+  id-token: write # Required for obtaining AWS OIDC federated credential.
 
 env:
   GCRGC_VERSION: 0.4.8
@@ -100,7 +101,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.CLEANUP_E2E_AWS_ASSUME_ROLE_NAME }}
-          role-session-name: OCI_GH_Actions
+          role-session-name: cleanup_GH_Actions
           aws-region: ${{ vars.AWS_REGION }}
       - name: Run reaper
         run: go run ./ -provider azure -retention-period 1h -tags 'ci=true' -delete