Merge pull request #2806 from manics/aws-curvenote-binder

Activate AWS Curvenote GitHub OIDC credentials
jupyterhub · Nov 1, 2023 · 3451b18 · 3451b18
2 parents 2f569ba + 46895ab
commit 3451b18
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -228,6 +228,13 @@ jobs:
           - federation_member: curvenote
             helm_version: ""
             experimental: false
+            aws_deployment_role: arn:aws:iam::166088433508:role/binderhub-github-oidc-mybinderorgdeploy
+            aws_region: us-east-2
+
+    # These permissions are needed to interact with GitHub's OIDC Token endpoint.
+    permissions:
+      id-token: write
+      contents: read
 
     steps:
       - name: "Stage 0: Update env vars based on job matrix arguments"
@@ -286,6 +293,14 @@ jobs:
         with:
           version: ${{ env.GCLOUD_SDK_VERION }}
 
+      - name: "Stage 1: Configure AWS credentials"
+        if: matrix.federation_member == 'curvenote'
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ matrix.aws_deployment_role }}
+          aws-region: ${{ matrix.aws_region }}
+          role-session-name: mybinder-github-cd
+
       - name: "Stage 1: Install kubectl ${{ env.KUBECTL_VERSION }}"
         uses: azure/setup-kubectl@v3.2
         with: