From f21f1072d949d445bfbe0a80d306c5b854243fe4 Mon Sep 17 00:00:00 2001
From: atalman <atalman@fb.com>
Date: Fri, 22 Nov 2024 07:48:56 -0800
Subject: [PATCH 1/5] Rewrite aws configure credentials without the using
 actions

---
 .github/actions/binary-upload/action.yml | 40 ++++++++++++++++++------
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/.github/actions/binary-upload/action.yml b/.github/actions/binary-upload/action.yml
index b898c4bba6..44af4b19dd 100644
--- a/.github/actions/binary-upload/action.yml
+++ b/.github/actions/binary-upload/action.yml
@@ -15,19 +15,41 @@ inputs:
 runs:
   using: composite
   steps:
+
     - name: Configure aws credentials (pytorch account)
       if: ${{ inputs.trigger-event == 'schedule' || (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) }}
-      uses: aws-actions/configure-aws-credentials@v3
-      with:
-        role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels
-        aws-region: us-east-1
+      env:
+        AWS_WEB_IDENTITY_TOKEN_FILE: aws.web.identity.token.file
+        AWS_DEFAULT_REGION: us-east-1
+        AWS_ROLE_ARN: arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels
+      shell: bash
+      run: |
+        set -euxo pipefail
+        pip install awscli==1.32.18
+        yum install -y jq
+        sleep 3 # Need to have a delay to acquire this
+        echo "ACTIONS_ID_TOKEN_REQUEST_URL: ${ACTIONS_ID_TOKEN_REQUEST_URL}"
+        curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+          "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" \
+          | jq -r '.value' > "${AWS_WEB_IDENTITY_TOKEN_FILE}"
 
     - name: Configure aws credentials (pytorch account)
       if: ${{ env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/v') }}
-      uses: aws-actions/configure-aws-credentials@v3
-      with:
-        role-to-assume: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels
-        aws-region: us-east-1
+      env:
+        AWS_WEB_IDENTITY_TOKEN_FILE: aws.web.identity.token.file
+        AWS_DEFAULT_REGION: us-east-1
+        AWS_ROLE_ARN: arn:aws:iam::749337293305:role/gha_workflow_test_build_wheels
+      shell: bash
+      run: |
+        set -euxo pipefail
+        pip install awscli==1.32.18
+        yum install -y jq
+        sleep 3 # Need to have a delay to acquire this
+        echo "ACTIONS_ID_TOKEN_REQUEST_URL: ${ACTIONS_ID_TOKEN_REQUEST_URL}"
+        curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+          "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" \
+          | jq -r '.value' > "${AWS_WEB_IDENTITY_TOKEN_FILE}"
+
 
     - name: Nightly or release RC
       if: ${{ inputs.trigger-event == 'schedule' || (inputs.trigger-event == 'push' && startsWith(github.event.ref, 'refs/heads/nightly')) || (env.CHANNEL == 'test' && startsWith(github.event.ref, 'refs/tags/')) }}
@@ -45,8 +67,6 @@ runs:
         # shellcheck disable=SC1090
         source "${BUILD_ENV_FILE}"
 
-        pip install awscli==1.32.18
-
         AWS_CMD="aws s3 cp --dryrun"
         if [[ "${NIGHTLY_OR_TEST:-0}" == "1" ]]; then
           AWS_CMD="aws s3 cp"

From dd87842901c7f4fbd51c062c1b93f2a9504f450b Mon Sep 17 00:00:00 2001
From: atalman <atalman@fb.com>
Date: Fri, 22 Nov 2024 07:50:42 -0800
Subject: [PATCH 2/5] test

---
 .github/actions/binary-upload/action.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/actions/binary-upload/action.yml b/.github/actions/binary-upload/action.yml
index 44af4b19dd..62abf21404 100644
--- a/.github/actions/binary-upload/action.yml
+++ b/.github/actions/binary-upload/action.yml
@@ -28,7 +28,6 @@ runs:
         pip install awscli==1.32.18
         yum install -y jq
         sleep 3 # Need to have a delay to acquire this
-        echo "ACTIONS_ID_TOKEN_REQUEST_URL: ${ACTIONS_ID_TOKEN_REQUEST_URL}"
         curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
           "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" \
           | jq -r '.value' > "${AWS_WEB_IDENTITY_TOKEN_FILE}"
@@ -45,7 +44,6 @@ runs:
         pip install awscli==1.32.18
         yum install -y jq
         sleep 3 # Need to have a delay to acquire this
-        echo "ACTIONS_ID_TOKEN_REQUEST_URL: ${ACTIONS_ID_TOKEN_REQUEST_URL}"
         curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
           "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" \
           | jq -r '.value' > "${AWS_WEB_IDENTITY_TOKEN_FILE}"

From 6d2cdca9b341e5c0c7aed9237dca29c32e8f100e Mon Sep 17 00:00:00 2001
From: atalman <atalman@fb.com>
Date: Fri, 22 Nov 2024 07:54:48 -0800
Subject: [PATCH 3/5] test

---
 .github/workflows/test_build_wheels_linux_with_cuda.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/test_build_wheels_linux_with_cuda.yml b/.github/workflows/test_build_wheels_linux_with_cuda.yml
index 475ea62d73..750ec0e551 100644
--- a/.github/workflows/test_build_wheels_linux_with_cuda.yml
+++ b/.github/workflows/test_build_wheels_linux_with_cuda.yml
@@ -4,6 +4,7 @@ on:
   pull_request:
     paths:
       - .github/actions/setup-binary-builds/action.yml
+      - .github/actions/binary-upload/action.yml
       - .github/workflows/test_build_wheels_linux.yml
       - .github/workflows/build_wheels_linux.yml
       - .github/workflows/generate_binary_build_matrix.yml

From dbb93cad571eda657a285f7eb0df0038a57d4800 Mon Sep 17 00:00:00 2001
From: atalman <atalman@fb.com>
Date: Fri, 22 Nov 2024 08:08:48 -0800
Subject: [PATCH 4/5] test

---
 .github/workflows/build_wheels_linux.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/build_wheels_linux.yml b/.github/workflows/build_wheels_linux.yml
index 8cbaef6a34..8d2e10099f 100644
--- a/.github/workflows/build_wheels_linux.yml
+++ b/.github/workflows/build_wheels_linux.yml
@@ -144,7 +144,16 @@ jobs:
           fi
           echo "::endgroup::"
 
+      - uses: actions/checkout@v4
+        if: ${{ env.IS_MANYLINUX2_28 == 'true' }}
+        with:
+          # Support the use case where we need to checkout someone's fork
+          repository: ${{ inputs.test-infra-repository }}
+          ref: ${{ inputs.test-infra-ref }}
+          path: test-infra
+
       - uses: atalman/checkout-action@main
+        if: ${{ env.IS_MANYLINUX2_28 == 'false' }}
         with:
           repository: ${{ inputs.test-infra-repository }}
           ref: ${{ inputs.test-infra-ref }}

From 54ee27666caaa4a3dacdeab57e6f0923b1dbcba4 Mon Sep 17 00:00:00 2001
From: atalman <atalman@fb.com>
Date: Fri, 22 Nov 2024 08:28:09 -0800
Subject: [PATCH 5/5] test

---
 .github/actions/binary-upload/action.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/actions/binary-upload/action.yml b/.github/actions/binary-upload/action.yml
index 62abf21404..43cf6724d2 100644
--- a/.github/actions/binary-upload/action.yml
+++ b/.github/actions/binary-upload/action.yml
@@ -64,6 +64,7 @@ runs:
 
         # shellcheck disable=SC1090
         source "${BUILD_ENV_FILE}"
+        pip install awscli==1.32.18
 
         AWS_CMD="aws s3 cp --dryrun"
         if [[ "${NIGHTLY_OR_TEST:-0}" == "1" ]]; then