In order to set up OIDC simply swap the AWS Keys with assume role ARN and you are good to go. Here is an example, don’t forget to replace the line starting in ** with your own ARN for the account.
name: Digger Workflow
on:
workflow_dispatch:
inputs:
run_name:
required: false
spec:
required: true
run-name: '${{inputs.run_name}}'
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write # required to merge PRs
id-token: write # required for workload-identity-federation
pull-requests: write # required to post PR comments
issues: read # required to check if PR number is an issue or not
statuses: write # required to validate combined PR status
steps:
- name: digger run
uses: diggerhq/digger@vLatest
with:
digger-spec: ${{ inputs.spec }}
setup-aws: true
**aws-role-to-assume: arn:aws:iam::{AccountID}:role/{RoleName}**
aws-region: us-east-1
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
