[IT-4658] Fix GH OIDC for bixarena-infra

zaro0508 · zaro0508 · commit dcb03ee453c3 · 2025-10-20T11:33:32.000-07:00
permission to deploy to bixarena stage/prod account from Sage-Bionetworks-IT/bixarea-infra repo was removed in PR #1480 We need to add it back because we still want to deploy from there.
diff --git a/org-formation/650-identity-providers/_tasks.yaml b/org-formation/650-identity-providers/_tasks.yaml
@@ -945,7 +945,7 @@ GithubOidcBixArenaDevInfra:
 GithubOidcBixArenaInfra:
   Type: update-stacks
   DependsOn: GithubOidcSageBionetworks
-  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.2/templates/IAM/github-oidc-provider.j2
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.4/templates/IAM/github-oidc-provider.j2
   StackName: !Sub ${resourcePrefix}-${appName}-bixarena-infra
   Parameters:
     ProviderArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-ProviderArn' ]
@@ -955,10 +955,13 @@ GithubOidcBixArenaInfra:
       - "arn:aws:iam::aws:policy/AdministratorAccess"
       - "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser"
   TemplatingContext:
-    GitHubOrg: "Sage-Bionetworks"
     Repositories:
-      - name: "sage-monorepo"
+      - owner: "Sage-Bionetworks"
+        name: "sage-monorepo"
         branches: ["infra/bixarena/*"]
+      - owner: "Sage-Bionetworks-IT"
+        name: "bixarena-infra"
+        branches: ["stage"]
   DefaultOrganizationBinding:
     Account:
       - !Ref BixArenaProdAccount
