From 0daaccfdf95263fbc5971e56463eee27cbe31466 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 16 May 2023 14:55:51 +0200
Subject: [PATCH 1/5] feat(docs): Move docs to S3

Signed-off-by: Simon Thulbourn <sthulb@users.noreply.github.com>
---
 .github/workflows/reusable_publish_docs.yml | 26 +++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.github/workflows/reusable_publish_docs.yml b/.github/workflows/reusable_publish_docs.yml
index eb0d8f8598a..dd7a41c62d0 100644
--- a/.github/workflows/reusable_publish_docs.yml
+++ b/.github/workflows/reusable_publish_docs.yml
@@ -26,6 +26,7 @@ on:
         default: develop
 
 permissions:
+  id-token: write
   contents: write
   pages: write
 
@@ -36,6 +37,7 @@ jobs:
     concurrency:
       group: on-docs-rebuild
     runs-on: ubuntu-latest
+    environment: Docs
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab  # v3.5.2
         with:
@@ -88,3 +90,27 @@ jobs:
           publish_dir: ./api
           keep_files: true
           destination_dir: latest/api
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}
+      - name: Copy API Docs
+        run: |
+          cp -r api site/
+      - name: Deploy Docs (Version)
+        env:
+          VERSION: ${{ inputs.version }}
+          ALIAS: ${{ inputs.alias }}
+        run: |
+          aws s3 sync \
+            site/ \
+            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-test/${{ env.VERSION }}/
+      - name: Deploy Docs (Alias)
+        env:
+          VERSION: ${{ inputs.version }}
+          ALIAS: ${{ inputs.alias }}
+        run: |
+          aws s3 sync \
+            site/ \
+            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-test/${{ env.ALIAS }}/

From 3e971175082fb6c81aa93e19c1e37d65fea33777 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 16 May 2023 16:50:31 +0200
Subject: [PATCH 2/5] Update publish_v2_layer.yml

update permissions to use id-token: write to support OIDC

Signed-off-by: Simon Thulbourn <sthulb@users.noreply.github.com>
---
 .github/workflows/publish_v2_layer.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml
index dcdc43a6e2c..5447d0a51e5 100644
--- a/.github/workflows/publish_v2_layer.yml
+++ b/.github/workflows/publish_v2_layer.yml
@@ -28,7 +28,7 @@ jobs:
     permissions:
       # lower privilege propagated from parent workflow (release.yml)
       contents: read
-      id-token: none
+      id-token: write
       pages: none
       pull-requests: none
     runs-on: aws-lambda-powertools_ubuntu-latest_8-core
@@ -223,7 +223,7 @@ jobs:
       contents: write
       pages: write
       pull-requests: none
-      id-token: none
+      id-token: write
     uses: ./.github/workflows/reusable_publish_docs.yml
     with:
       version: ${{ inputs.latest_published_version }}

From cd232eb0e1cdfaa51c3ec573f61e1efb6478b957 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 16 May 2023 17:02:13 +0200
Subject: [PATCH 3/5] Update on_push_docs.yml

add `id-token: write`

Signed-off-by: Simon Thulbourn <sthulb@users.noreply.github.com>
---
 .github/workflows/on_push_docs.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/on_push_docs.yml b/.github/workflows/on_push_docs.yml
index 340f669b0f7..e257f49e808 100644
--- a/.github/workflows/on_push_docs.yml
+++ b/.github/workflows/on_push_docs.yml
@@ -10,11 +10,15 @@ on:
       - "examples/**"
       - "CHANGELOG.md"
 
+permissions:
+  id-token: write
+
 jobs:
   release-docs:
     permissions:
       contents: write
       pages: write
+      id-token: write
     uses: ./.github/workflows/reusable_publish_docs.yml
     with:
       version: develop

From 0979dda301be2475e88eb43232c9f6f7194694a6 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 16 May 2023 17:02:39 +0200
Subject: [PATCH 4/5] Update rebuild_latest_docs.yml

add `id-token: write`

Signed-off-by: Simon Thulbourn <sthulb@users.noreply.github.com>
---
 .github/workflows/rebuild_latest_docs.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/rebuild_latest_docs.yml b/.github/workflows/rebuild_latest_docs.yml
index 3e481860992..deac728ac25 100644
--- a/.github/workflows/rebuild_latest_docs.yml
+++ b/.github/workflows/rebuild_latest_docs.yml
@@ -14,11 +14,15 @@ on:
         default: "2.0.0"
         required: true
 
+permissions:
+  id-token: write
+
 jobs:
   release-docs:
     permissions:
       contents: write
       pages: write
+      id-token: write
     uses: ./.github/workflows/reusable_publish_docs.yml
     with:
       version: ${{ inputs.latest_published_version }}

From 6b98e7ade3857f27ff18708d1ec114c49910804c Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Wed, 17 May 2023 21:28:07 +0200
Subject: [PATCH 5/5] fix docs upload path

---
 .github/workflows/reusable_publish_docs.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/reusable_publish_docs.yml b/.github/workflows/reusable_publish_docs.yml
index dd7a41c62d0..f624d327ee5 100644
--- a/.github/workflows/reusable_publish_docs.yml
+++ b/.github/workflows/reusable_publish_docs.yml
@@ -105,7 +105,7 @@ jobs:
         run: |
           aws s3 sync \
             site/ \
-            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-test/${{ env.VERSION }}/
+            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-python/${{ env.VERSION }}/
       - name: Deploy Docs (Alias)
         env:
           VERSION: ${{ inputs.version }}
@@ -113,4 +113,4 @@ jobs:
         run: |
           aws s3 sync \
             site/ \
-            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-test/${{ env.ALIAS }}/
+            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-python/${{ env.ALIAS }}/