From b1232a9e461aaf0f273bbf05075c77ec4ef4cf95 Mon Sep 17 00:00:00 2001
From: Michaela Wheeler <git@michael-wheeler.org>
Date: Wed, 15 Dec 2021 19:19:34 +1100
Subject: [PATCH 1/2] changing to saml auth

---
 .github/workflows/main.yml | 10 +++++++---
 .github/workflows/pr.yml   |  8 +++++++-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 673c5fe..4b817ff 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -7,20 +7,24 @@ env:
   tf_version: 'latest'
   tf_working_dir: '.'
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 jobs:
   terraform:
     environment: main
     name: 'Terraform'
     runs-on: ubuntu-latest
     steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ap-southeast-2
+          role-to-assume: arn:aws:iam::143841941773:role/github
+          role-session-name: Terraform
       - uses: hashicorp/setup-terraform@v1
       - name: 'Checkout'
         uses: actions/checkout@master
       - name: Terraform fmt
         id: fmt
-        run: terraform fmt -check
+        run: terraform fmt
         continue-on-error: true
       - uses: EndBug/add-and-commit@v7
         with:
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index f2edd79..d1358a2 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -13,12 +13,18 @@ jobs:
     name: 'Terraform'
     runs-on: ubuntu-latest
     steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ap-southeast-2
+          role-to-assume: arn:aws:iam::143841941773:role/github
+          role-session-name: Terraform
       - uses: hashicorp/setup-terraform@v1
       - name: 'Checkout'
         uses: actions/checkout@master
       - name: Terraform fmt
         id: fmt
-        run: terraform fmt -check
+        run: terraform fmt
         continue-on-error: true
       - uses: EndBug/add-and-commit@v7
         with:

From 3ddf183fb505f18f503948f08fbaeea590315052 Mon Sep 17 00:00:00 2001
From: Michaela Wheeler <git@michael-wheeler.org>
Date: Wed, 15 Dec 2021 19:48:28 +1100
Subject: [PATCH 2/2] testing gha tokens

---
 .github/workflows/main.yml | 4 ++++
 .github/workflows/pr.yml   | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 4b817ff..2201809 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -12,6 +12,10 @@ jobs:
     environment: main
     name: 'Terraform'
     runs-on: ubuntu-latest
+    # These permissions are needed to interact with GitHub's OIDC Token endpoint.
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index d1358a2..8c70479 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -12,6 +12,10 @@ jobs:
     environment: main
     name: 'Terraform'
     runs-on: ubuntu-latest
+    # These permissions are needed to interact with GitHub's OIDC Token endpoint.
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1