It fails because configure-aws-credentials action needs to get a JWT from Github using @actions/core, which in turn requires the environment variables below to be set:
ACTIONS_ID_TOKEN_REQUEST_TOKEN
ACTIONS_ID_TOKEN_REQUEST_URL
It seems these are only set when adding permissions with id-token: write to my workflow, but since I'm using my custom GitHub App token, I was expecting not to be required to add a permissions to my workflow since I want to leverage my GitHub App permissions, and permissions as far as I know is used to configure permissions to the GITHUB_TOKEN auto-generated by workflows (not to my custom app token).
Is it possible for the create-github-app-token to set the ACTIONS_ID_TOKEN_REQUEST_TOKEN and ACTIONS_ID_TOKEN_REQUEST_URL so it can be used seamlessly with the actions/toolkit from GitHub (not only by AWS, but any action that relies on it for OIDC authentication)?
In my workflow, I use aws-actions/configure-aws-credentials for OIDC authentication via GitHub.
This is a sample workflow:
It fails because
configure-aws-credentials
action needs to get a JWT from Github using @actions/core, which in turn requires the environment variables below to be set:It seems these are only set when adding
permissions
withid-token: write
to my workflow, but since I'm using my custom GitHub App token, I was expecting not to be required to add apermissions
to my workflow since I want to leverage my GitHub App permissions, andpermissions
as far as I know is used to configure permissions to the GITHUB_TOKEN auto-generated by workflows (not to my custom app token).Is it possible for the
create-github-app-token
to set the ACTIONS_ID_TOKEN_REQUEST_TOKEN and ACTIONS_ID_TOKEN_REQUEST_URL so it can be used seamlessly with the actions/toolkit from GitHub (not only by AWS, but any action that relies on it for OIDC authentication)?Thanks!!!