rm secrets.AWS_ROLE reference, update inputs.descriptions

ryan-williams · ryan-williams · commit b6c38f87b4df · 2025-07-24T15:35:26.000-04:00
diff --git a/.github/workflows/test-gpu.yml b/.github/workflows/test-gpu.yml
@@ -13,28 +13,27 @@ on:
         type: number
         default: 60
       ssh_pubkey:
-        description: "SSH public key to add to authorized_keys (optional input)"
+        description: "SSH public key to add to authorized_keys (optional, for debugging)"
         required: false
         type: string
       aws_key_name:
-        description: "Name of the EC2 key pair to use for SSH access"
+        description: "Name of an EC2 key pair to use for SSH access (optional, for debugging)"
         required: false
         type: string
       aws_security_group_id:
-        description: "AWS security group ID (for SSH access)"
+        description: "AWS security group ID (for SSH access; optional, for debugging)"
         required: false
         type: string
 permissions:
   id-token: write  # Required for AWS OIDC authentication
   contents: read   # Required for actions/checkout
 jobs:
-  # EC2 runner automatically terminates itself
   ec2:
     uses: Open-Athena/ec2/.github/workflows/runner.yml@dev
     secrets:
-      AWS_ROLE: ${{ secrets.AWS_ROLE }}  # Role to assume for provisioning
       GH_SA_TOKEN: ${{ secrets.GH_SA_TOKEN }}  # GitHub "Service Account" token for runner registration
     with:
+      # aws_role: ${{ vars.AWS_ROLE }}  # Pass an explicit value here, or Open-Athena/ec2 will fall back to `vars.AWS_ROLE`
       ssh_pubkey: ${{ inputs.ssh_pubkey }}  # Optional SSH key to install on node, for debugging
       aws_key_name: ${{ inputs.aws_key_name }}  # Name of the EC2 key pair to use for SSH access
       aws_security_group_id: ${{ inputs.aws_security_group_id }}  # Security group for SSH access
