From 9619cf2bf931fdcfc6ecc42a830035a256fa99fc Mon Sep 17 00:00:00 2001
From: Derek Slenk <derek.slenk@gmail.com>
Date: Sun, 29 Jun 2025 17:52:44 -0400
Subject: [PATCH] Use CC_OIDC_ROLE secret for AWS role ARN

- Replace hardcoded AWS role ARN with CC_OIDC_ROLE secret
- Improves security by not exposing AWS account details in workflow
- Makes the workflow more portable and configurable
---
 .github/workflows/nextjs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/nextjs.yml b/.github/workflows/nextjs.yml
index 3db671a..af2c466 100644
--- a/.github/workflows/nextjs.yml
+++ b/.github/workflows/nextjs.yml
@@ -56,7 +56,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: arn:aws:iam::499518182498:role/cheatingchelsea-github-deployment
+          role-to-assume: ${{ secrets.CC_OIDC_ROLE }}
           aws-region: us-east-2
           
       - name: Deploy to S3