From faaefab57014b15fc5cb38fa8fde7c99a0570a9c Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Wed, 17 May 2023 15:21:31 +0200
Subject: [PATCH 1/4] add required steps and permissions

---
 .github/workflows/reusable-publish-docs.yml | 30 +++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/.github/workflows/reusable-publish-docs.yml b/.github/workflows/reusable-publish-docs.yml
index e24fd49a14..220a7fd323 100644
--- a/.github/workflows/reusable-publish-docs.yml
+++ b/.github/workflows/reusable-publish-docs.yml
@@ -22,6 +22,11 @@ on:
         default: false
         type: boolean
 
+permissions:
+  contents: write
+  id-token: write
+  pages: write
+
 jobs:
   publish-docs:
     runs-on: ubuntu-latest
@@ -87,3 +92,28 @@ jobs:
           publish_dir: ./api
           keep_files: true
           destination_dir: latest/api
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}
+      - name: Copy API Docs
+        run: |
+          cp -r api site/
+      - name: Deploy Docs (Version)
+        env:
+          VERSION: ${{ inputs.version }}
+          ALIAS: ${{ inputs.alias }}
+        run: |
+          aws s3 sync \
+            site/ \
+            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-typescript/${{ env.VERSION }}/
+      - name: Deploy Docs (Alias)
+        env:
+          VERSION: ${{ inputs.version }}
+          ALIAS: ${{ inputs.alias }}
+        run: |
+          aws s3 sync \
+            site/ \
+            s3://${{ secrets.AWS_DOCS_BUCKET }}/lambda-typescript/${{ env.ALIAS }}/
\ No newline at end of file

From bdf80f4d2ac052401d102f5270ee61d3bfc171bb Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Wed, 17 May 2023 21:07:05 +0200
Subject: [PATCH 2/4] update permissions for doc launching

---
 .github/workflows/on_doc_merge.yml        | 1 +
 .github/workflows/publish_layer.yml       | 4 ++++
 .github/workflows/rebuild-latest-docs.yml | 1 +
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/on_doc_merge.yml b/.github/workflows/on_doc_merge.yml
index f4d38607a5..4ebbd4605b 100644
--- a/.github/workflows/on_doc_merge.yml
+++ b/.github/workflows/on_doc_merge.yml
@@ -13,6 +13,7 @@ jobs:
     permissions:
       contents: write
       pages: write
+      id-token: write
     uses: ./.github/workflows/reusable-publish-docs.yml
     with:
       version: main
diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
index bf5f03cd7e..894ce48715 100644
--- a/.github/workflows/publish_layer.yml
+++ b/.github/workflows/publish_layer.yml
@@ -104,6 +104,10 @@ jobs:
 
   release-docs:
     needs: [ deploy-prod, prepare_docs_alias ]
+    permissions:
+      contents: write
+      pages: write
+      id-token: write
     uses: ./.github/workflows/reusable-publish-docs.yml
     with:
       version: ${{ inputs.latest_published_version }}
diff --git a/.github/workflows/rebuild-latest-docs.yml b/.github/workflows/rebuild-latest-docs.yml
index e2a559e94b..e251a71551 100644
--- a/.github/workflows/rebuild-latest-docs.yml
+++ b/.github/workflows/rebuild-latest-docs.yml
@@ -18,6 +18,7 @@ jobs:
     permissions:
       contents: write
       pages: write
+      id-token: write
     uses: ./.github/workflows/reusable-publish-docs.yml
     with:
       version: ${{ inputs.latest_published_version }}

From 1dc84d76884541d7f08073d1231518204ac29914 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Wed, 17 May 2023 21:15:18 +0200
Subject: [PATCH 3/4] adds environment to the workflow file

---
 .github/workflows/reusable-publish-docs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/reusable-publish-docs.yml b/.github/workflows/reusable-publish-docs.yml
index 220a7fd323..111bfae4aa 100644
--- a/.github/workflows/reusable-publish-docs.yml
+++ b/.github/workflows/reusable-publish-docs.yml
@@ -30,6 +30,7 @@ permissions:
 jobs:
   publish-docs:
     runs-on: ubuntu-latest
+    environment: Docs
     steps:
       - name: Checkout code
         uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab  # v3.5.2

From 474742101a522f20f35409c6c697193f3453baca Mon Sep 17 00:00:00 2001
From: Andrea Amorosi <dreamorosi@gmail.com>
Date: Thu, 18 May 2023 11:56:49 +0200
Subject: [PATCH 4/4] Update .github/workflows/reusable-publish-docs.yml

---
 .github/workflows/reusable-publish-docs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/reusable-publish-docs.yml b/.github/workflows/reusable-publish-docs.yml
index 111bfae4aa..ccf4cd049f 100644
--- a/.github/workflows/reusable-publish-docs.yml
+++ b/.github/workflows/reusable-publish-docs.yml
@@ -95,7 +95,7 @@ jobs:
           destination_dir: latest/api
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
+        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}