From 728ef6d8a682a8bdfb9115c76d99d55d7daeb4bd Mon Sep 17 00:00:00 2001
From: yike5460 <yike5460@163.com>
Date: Thu, 10 Oct 2024 06:24:04 +0000
Subject: [PATCH] fix: update workflow action to user var instead of secret

---
 .github/workflows/aws-genai-cicd-suite.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/aws-genai-cicd-suite.yml b/.github/workflows/aws-genai-cicd-suite.yml
index 7c80317..7670a39 100644
--- a/.github/workflows/aws-genai-cicd-suite.yml
+++ b/.github/workflows/aws-genai-cicd-suite.yml
@@ -12,6 +12,8 @@ concurrency:
 jobs:
   review:
     runs-on: ubuntu-latest
+    environment: AWS_ROLE_TO_ASSUME
+
     permissions:
       # read repository contents and write pull request comments
       id-token: write
@@ -53,8 +55,8 @@ jobs:
     - name: Configure AWS Credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
-        # using repository secret to get the role arn
-        role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+        # using repository environment variable to get the role arn
+        role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME_VAR }}
         aws-region: us-east-1
 
     - name: Intelligent GitHub Actions