From 498250084ccbe68fbbb169070d9c4a942434de5e Mon Sep 17 00:00:00 2001
From: Zhihui Xia <zhvxia@amazon.com>
Date: Mon, 8 Jul 2024 15:54:22 -0700
Subject: [PATCH] test with CI provider id

---
 .github/workflows/ci.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ce534998..d6b7a1ba 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -63,20 +63,22 @@ jobs:
 
   ios-integration-test:
     runs-on: macos-14
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read # This is required for actions/checkout
     env:
       DEVELOPER_DIR: /Applications/Xcode.app
       XCODE_DESTINATION: 'OS X'
       NSUnbufferedIO: YES
       BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.MOBILEPROVISION_BASE64 }}
       KEYCHAIN_PASSWORD: ${{ secrets.TEST_KEYCHAIN_PASSWORD }}
-      CI_TEST_SECRET_MANAGER_ROLE: arn:aws:iam::976188456881:role/CI_TEST_SECRET_MANAGER_ACCESS
+      CI_TEST_SECRET_MANAGER_ROLE: arn:aws:iam::976188456881:role/CI_TEST_PROVIDER_ASSUME_ROLE
     steps:
       - name: Build ${{ env.PACKAGE_NAME }} + consumers
         run: |
           python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
           chmod a+x builder
           ./builder build -p ${{ env.PACKAGE_NAME }}
-
       - name: configure AWS credentials (PubSub)
         uses: aws-actions/configure-aws-credentials@v2
         with: