fixes as per aws-actions/configure-aws-credentials#271

Author: askulkarni2

.github/workflows/build-and-publish-to-ecr.yml

@@ -5,6 +5,9 @@ on:
   push:
     branches:
       - main
+permissions:
+  id-token: write
+  contents: write
 jobs:
   deploy:
     name: Publish to ECR
@@ -15,7 +18,7 @@ jobs:
       uses: actions/checkout@v2
 
     - name: Configure AWS credentials from Test account
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@b8c74de
       with:
         role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
         aws-region: us-west-2

src/index.ts

@@ -35,7 +35,8 @@ export class GitHubActionsAwsOidcConnect extends cdk.Construct {
     // Create an OIDC Provider for GitHub Actions
     const githubOidcProvider = new iam.OpenIdConnectProvider(scope, 'github-oidc-provider', {
       url: 'https://vstoken.actions.githubusercontent.com',
-      clientIds: repos.map((repo) => { return `https://github.com/${repo}`; }),
+      //clientIds: repos.map((repo) => { return `https://github.com/${repo}`; }),
+      clientIds: ['sigstore'],
     });
 
     // Create an IAM role with policies provided.