fix: switch to aws roles (#12)

Author: inian

.github/workflows/release.yml

@@ -35,6 +35,7 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
     steps:
       - uses: actions/checkout@v3
 
@@ -54,26 +55,32 @@ jobs:
           platforms: amd64,arm64
       - uses: docker/setup-buildx-action@v2
 
-      - name: Login to ECR
-        uses: docker/login-action@v2
+      - name: configure aws credentials - staging
+        uses: aws-actions/configure-aws-credentials@v1
         with:
-          registry: public.ecr.aws
-          username: ${{ secrets.PROD_ACCESS_KEY_ID }}
-          password: ${{ secrets.PROD_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
+          aws-region: "us-east-1"
 
       - name: Login to ECR account - staging
         uses: docker/login-action@v2
         with:
           registry: 436098097459.dkr.ecr.us-east-1.amazonaws.com
-          username: ${{ secrets.DEV_ACCESS_KEY_ID }}
-          password: ${{ secrets.DEV_SECRET_ACCESS_KEY }}
+
+      - name: configure aws credentials - prod
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
+          aws-region: "us-east-1"
+
+      - name: Login to ECR
+        uses: docker/login-action@v2
+        with:
+          registry: public.ecr.aws
 
       - name: Login to ECR account - prod
         uses: docker/login-action@v2
         with:
           registry: 646182064048.dkr.ecr.us-east-1.amazonaws.com
-          username: ${{ secrets.PROD_ACCESS_KEY_ID }}
-          password: ${{ secrets.PROD_SECRET_ACCESS_KEY }}
 
       - name: Login to GHCR
         uses: docker/login-action@v2