From ccff831fb5148de7c3fc27737fbcd40a98d939ca Mon Sep 17 00:00:00 2001
From: Raunak Bhagat <rabhagat31@gmail.com>
Date: Fri, 15 Nov 2024 17:12:34 -0800
Subject: [PATCH] Remove secret from composite action and pass it as an input
 instead

---
 .github/actions/build-commit/action.yaml | 5 ++++-
 .github/workflows/benchmark-local.yaml   | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/actions/build-commit/action.yaml b/.github/actions/build-commit/action.yaml
index 14bc4a0974..27275ed0e9 100644
--- a/.github/actions/build-commit/action.yaml
+++ b/.github/actions/build-commit/action.yaml
@@ -2,6 +2,9 @@ name: Build a specific daft commit and store it in AWS S3
 description: Build a specific daft commit and store the output wheel in AWS S3
 
 inputs:
+  aws_role_arn:
+    description: The ARN of the AWS role to assume
+    required: true
   commit:
     description: The commit hash to build
     required: true
@@ -18,7 +21,7 @@ runs:
     uses: aws-actions/configure-aws-credentials@v4
     with:
       aws-region: us-west-2
-      role-to-assume: ${{ secrets.ACTIONS_AWS_ROLE_ARN }}
+      role-to-assume: ${{ inputs.aws_role_arn }}
       role-session-name: daft-performance-comparisons-build
   - name: Checkout commit ${{ inputs.commit }}
     uses: actions/checkout@v4
diff --git a/.github/workflows/benchmark-local.yaml b/.github/workflows/benchmark-local.yaml
index 85bde13027..91321b0a0e 100644
--- a/.github/workflows/benchmark-local.yaml
+++ b/.github/workflows/benchmark-local.yaml
@@ -32,6 +32,7 @@ jobs:
         ref: ${{ matrix.commit }}
     - uses: ./.github/actions/build-commit
       with:
+        aws_role_arn: ${{ secrets.ACTIONS_AWS_ROLE_ARN }}
         commit: ${{ matrix.commit }}
 
       # - name: Assume AWS credentials