chore: update deployment workflow to support pull requests and configure AWS credentials

- Added support for pull request triggers in the deployment workflow for specific paths.
- Configured AWS credentials using a role to assume, enhancing security.
- Updated the AWS region to 'us-west-2' and removed hardcoded access keys.

Author: alukach

Diff for: .github/workflows/deploy.yaml

@@ -2,18 +2,31 @@ name: Deployment
 
 on:
   workflow_dispatch:
+  pull_request:
+    paths:
+      - "lib/**"
+      - "integration_tests/**"
+      - "package.json"
+      - "package-lock.json"
 
 jobs:
   build_package_and_deploy:
     name: Build, package and deploy
     runs-on: ubuntu-latest
     timeout-minutes: 90
+    permissions:
+      id-token: write
+      contents: read
     env:
-      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION_DEPLOY }}
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_DEPLOY }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEPLOY }}
-      AWS_DEFAULT_ACCOUNT: ${{ secrets.AWS_ACCOUNT_ID }}
+      AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
+      AWS_DEFAULT_REGION: 'us-west-2'
     steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.AWS_ROLE_ARN }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+
       - uses: actions/checkout@v4
 
       - uses: actions/setup-node@v4
@@ -30,7 +43,6 @@ jobs:
       - name: Generate distribution packages
         run: npm run package
 
-
       - name: Install deployment environment
         id: install_deploy_env
         run: |
@@ -56,12 +68,6 @@ jobs:
           PROJECT_ID: ${{ steps.short-sha.outputs.sha }}
         run: |
           source .deployment_venv/bin/activate
-
-          # synthesize the stack
-          cd integration_tests/cdk
-          npx cdk synth --debug --all --require-approval never
-
-          # deploy the stack
           npx cdk deploy --ci --all --require-approval never
           deactivate
           cd -