tacit/nanochat
1
0
Fork 0
mirror of https://github.com/karpathy/nanochat.git synced 2026-05-09 01:10:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(ci): grant id-token write so EC2 deploy can assume the OIDC role (#40)

Browse Source 
aws-actions/configure-aws-credentials needs id-token: write to mint the
OIDC JWT and assume AWS_ROLE_ARN. Without it the deploy-ec2 workflow
fails at the credentials step. Add the permission at workflow scope.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Manmohan 2026-04-16 19:59:14 -04:00 committed by GitHub
parent 1d2a76eec4
commit 9a45f0924d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/deploy-ec2.yml vendored
View File

@ -11,6 +11,10 @@ concurrency:
group: deploy-ec2
cancel-in-progress: false
permissions:
id-token: write
contents: read
jobs:
deploy:
if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success'