Merge pull request #1445 from damvinod/master

Using GHA OIDC IAM role to sync the artifacts with S3 bucket.

Author: chadlwilson

.github/workflows/build_and_publish.yml

@@ -9,6 +9,10 @@ on:
       # Push events to branches matching refs/heads/release-*
       - 'release-*'
 
+permissions:
+  id-token: write
+  contents: write
+
 env:
   RUN_EXTERNAL_CHECKS: true
 
@@ -54,12 +58,15 @@ jobs:
     runs-on: ubuntu-latest
     env:
       S3_BUCKET: "${{ secrets.S3_BUCKET }}"
-      AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
-      AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: "${{ secrets.AWS_ROLE_TO_ASSUME }}"
+          aws-region: "${{ secrets.AWS_REGION }}"
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with: