Restrict auto-mount of service account token in service account (#7606) #1022

	name: DryRunGen
	on:
	push:
	branches:
	- 'main'
	- 'release-v*'
	- 'staging/*'
	jobs:
	dryrun-gen:
	permissions:
	id-token: write # aws-actions/[email protected]
	if: github.repository == 'aws/karpenter-provider-aws'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
	- uses: ./.github/actions/install-deps
	- uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
	with:
	role-to-assume: 'arn:aws:iam::${{ vars.READONLY_ACCOUNT_ID }}:role/${{ vars.READONLY_ROLE_NAME }}'
	aws-region: ${{ vars.READONLY_REGION }}
	- run: make docgen
	- run: make codegen
	env:
	ENABLE_GIT_PUSH: false
	- run: make prepare-website
	env:
	GIT_TAG: v0.10000.0 # Mock version for testing website generation

Provide feedback