Update permissions on action for credentials

Signed-off-by: Kyle Squizzato <[email protected]>
Mirantis · Aug 30, 2024 · 4cff550 · 4cff550
1 parent 6c9961b
commit 4cff550
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -4,6 +4,10 @@ concurrency:
   group: test-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  id-token: write
+  contents: read
+
 on:
   push:
     branches:
@@ -70,7 +74,10 @@ jobs:
         with:
           aws-access-key-id: ${{ secrets.CI_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.CI_AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2 
+          aws-region: us-west-2
+          role-duration-seconds: 7200 
+          role-to-assume: arn:aws:iam::688567266071:user/ci-hmc-controller
+          audience: sts.amazonaws.com
       - name: Run E2E tests
         run: |
           make test-e2e