Rewrite aws configure credentials without the using aws-actions/configure-aws-credentials. Use actions/checkout@v4 for manylinx 2.28 builds (#5968)

Test PR: #5961

Should resolve issue with torchao:
https://github.com/pytorch/ao/actions/runs/11964124387

Author: atalman

.github/actions/binary-upload/action.yml

@@ -15,19 +15,39 @@ inputs:
 runs:
   using: composite
   steps:
+
     - name: Configure aws credentials (pytorch account)
       if: ${{ inputs.trigger-event == 'schedule' || (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) }}
-      uses: aws-actions/configure-aws-credentials@v3
-      with:
-        role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels
-        aws-region: us-east-1
+      env:
+        AWS_WEB_IDENTITY_TOKEN_FILE: aws.web.identity.token.file
+        AWS_DEFAULT_REGION: us-east-1
+        AWS_ROLE_ARN: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels
+      shell: bash
+      run: |
+        set -euxo pipefail
+        pip install awscli==1.32.18
+        yum install -y jq
+        sleep 3 # Need to have a delay to acquire this
+        curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+          "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" \
+          | jq -r '.value' > "${AWS_WEB_IDENTITY_TOKEN_FILE}"
 
     - name: Configure aws credentials (pytorch account)
       if: ${{ env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/v') }}
-      uses: aws-actions/configure-aws-credentials@v3
-      with:
-        role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels
-        aws-region: us-east-1
+      env:
+        AWS_WEB_IDENTITY_TOKEN_FILE: aws.web.identity.token.file
+        AWS_DEFAULT_REGION: us-east-1
+        AWS_ROLE_ARN: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels
+      shell: bash
+      run: |
+        set -euxo pipefail
+        pip install awscli==1.32.18
+        yum install -y jq
+        sleep 3 # Need to have a delay to acquire this
+        curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+          "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" \
+          | jq -r '.value' > "${AWS_WEB_IDENTITY_TOKEN_FILE}"
+
 
     - name: Nightly or release RC
       if: ${{ inputs.trigger-event == 'schedule' || (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }}
@@ -44,7 +64,6 @@ runs:
 
         # shellcheck disable=SC1090
         source "${BUILD_ENV_FILE}"
-
         pip install awscli==1.32.18
 
         AWS_CMD="aws s3 cp --dryrun"

.github/workflows/build_wheels_linux.yml

@@ -144,7 +144,16 @@ jobs:
           fi
           echo "::endgroup::"
 
+      - uses: actions/checkout@v4
+        if: ${{ env.IS_MANYLINUX2_28 == 'true' }}
+        with:
+          # Support the use case where we need to checkout someone's fork
+          repository: ${{ inputs.test-infra-repository }}
+          ref: ${{ inputs.test-infra-ref }}
+          path: test-infra
+
       - uses: atalman/checkout-action@main
+        if: ${{ env.IS_MANYLINUX2_28 == 'false' }}
         with:
           repository: ${{ inputs.test-infra-repository }}
           ref: ${{ inputs.test-infra-ref }}

.github/workflows/test_build_wheels_linux_with_cuda.yml

@@ -4,6 +4,7 @@ on:
   pull_request:
     paths:
       - .github/actions/setup-binary-builds/action.yml
+      - .github/actions/binary-upload/action.yml
       - .github/workflows/test_build_wheels_linux.yml
       - .github/workflows/build_wheels_linux.yml
       - .github/workflows/generate_binary_build_matrix.yml