diff --git a/.github/workflows/_build_test_upload.yml b/.github/workflows/_build_test_upload.yml index fa19724d0..db1ba55d0 100644 --- a/.github/workflows/_build_test_upload.yml +++ b/.github/workflows/_build_test_upload.yml @@ -17,10 +17,6 @@ on: default: true type: boolean secrets: - PYTORCH_BINARY_AWS_ACCESS_KEY_ID: - required: true - PYTORCH_BINARY_AWS_SECRET_ACCESS_KEY: - required: true PYPI_TOKEN: required: false CONDA_PYTORCHBOT_TOKEN: @@ -30,6 +26,10 @@ on: CONDA_NIGHTLY_PYTORCHBOT_TOKEN: required: false +permissions: + id-token: write + contents: read + jobs: get_release_type: runs-on: ubuntu-latest @@ -158,6 +158,19 @@ jobs: outputs: upload: ${{ steps.trigger_upload.outputs.value }} steps: + - name: Configure aws credentials (pytorch account) + if: ${{ needs.get_release_type.outputs.type == 'nightly' }} + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels + aws-region: us-east-1 + + - name: Configure aws credentials (pytorch account) + if: ${{ needs.get_release_type.outputs.type == 'test' }} + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels + aws-region: us-east-1 - name: Download Artifacts from Github continue-on-error: true uses: actions/download-artifact@v3 @@ -177,9 +190,6 @@ jobs: run: ls -lh torchdata*.whl - name: Upload Wheels to S3 Storage if: steps.trigger_upload.outputs.value == 'true' - env: - AWS_ACCESS_KEY_ID: ${{ secrets.PYTORCH_BINARY_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.PYTORCH_BINARY_AWS_SECRET_ACCESS_KEY }} run: | if [[ ${{ inputs.branch }} == 'main' ]]; then S3_PATH=s3://pytorch/whl/nightly/ diff --git a/.github/workflows/pull_release.yml b/.github/workflows/pull_release.yml index c73b12f04..4e4757539 100644 --- a/.github/workflows/pull_release.yml +++ b/.github/workflows/pull_release.yml @@ -17,6 +17,4 @@ jobs: pytorch_version: "" do-upload: false secrets: - PYTORCH_BINARY_AWS_ACCESS_KEY_ID: "" - PYTORCH_BINARY_AWS_SECRET_ACCESS_KEY: "" CONDA_TEST_PYTORCHBOT_TOKEN: "" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index e3f02fa18..000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Push Official Release - -on: - # [ Note: Manually Trigger the Workflow ] - # 1. Go to Actions under pytorch/data repo - # 2. In the left sidebar, click the workflow you want to run - # 3. Above the list of workflow runs, select Run workflow - # 4. Use the Branch dropdown to select the release/* branch - # 5. Click Run workflow - workflow_dispatch: - -jobs: - build_test_upload: - if: github.repository == 'pytorch/data' && github.ref_type == 'tag' - uses: ./.github/workflows/_build_test_upload.yml - with: - branch: "v0.8.0" - pre_dev_release: false - pytorch_version: "2.4.0" - secrets: - PYTORCH_BINARY_AWS_ACCESS_KEY_ID: ${{ secrets.PYTORCH_BINARY_AWS_ACCESS_KEY_ID }} - PYTORCH_BINARY_AWS_SECRET_ACCESS_KEY: ${{ secrets.PYTORCH_BINARY_AWS_SECRET_ACCESS_KEY }} - PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} - CONDA_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_PYTORCHBOT_TOKEN }} diff --git a/.github/workflows/test_release.yml b/.github/workflows/test_release.yml index 3b8c811a5..f9868ddb9 100644 --- a/.github/workflows/test_release.yml +++ b/.github/workflows/test_release.yml @@ -22,6 +22,10 @@ on: # env: # RELEASE_BRANCH: "" +permissions: + id-token: write + contents: read + jobs: build_test_upload: if: github.repository == 'pytorch/data' && startsWith(github.ref_name, 'release/') @@ -31,6 +35,4 @@ jobs: pre_dev_release: true pytorch_version: "2.4.0" secrets: - PYTORCH_BINARY_AWS_ACCESS_KEY_ID: ${{ secrets.PYTORCH_BINARY_AWS_ACCESS_KEY_ID }} - PYTORCH_BINARY_AWS_SECRET_ACCESS_KEY: ${{ secrets.PYTORCH_BINARY_AWS_SECRET_ACCESS_KEY }} CONDA_TEST_PYTORCHBOT_TOKEN: ${{ secrets.CONDA_TEST_PYTORCHBOT_TOKEN }}