Use GitHub OIDC for AWS

.github/workflows/actions.yml

@@ -52,7 +52,7 @@ jobs:
           rustup component add clippy
           cargo clippy --workspace --all-targets --all-features -- -D warnings
           cargo fmt -- --check
-      
+
       - name: Compile icon/resources.res
         if: ${{ matrix.platform == 'windows-latest' }}
         run: |
@@ -61,7 +61,7 @@ jobs:
           cmd /c "vcvarsall.bat x64 & set" |
           foreach {
             if ($_ -match "=") {
-              $v = $_.split("=", 2); set-item -force -path "ENV:\$($v[0])" -value "$($v[1])" 
+              $v = $_.split("=", 2); set-item -force -path "ENV:\$($v[0])" -value "$($v[1])"
             }
           }
           popd
@@ -261,17 +261,38 @@ jobs:
           path: windows-wix/build/fend-windows-x64.msi
           if-no-files-found: error
 
+  deploy_telegram:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ github.ref == 'refs/heads/main' }}
+
+    permissions:
+      actions: read
+      id-token: write
+
+    environment:
+      name: telegram-bot
+      url: https://t.me/fend_calc_bot
+
+    steps:
+      - name: Get AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.ROLE_TO_ASSUME_ARN }}
+          role-duration-seconds: 900
+          mask-aws-account-id: true
+
       - name: Deploy Telegram Bot
-        if: ${{ github.ref == 'refs/heads/main' && matrix.platform == 'ubuntu-latest' }}
         run: |
+          pwd
+          ls
           ./telegram-bot/build.sh
 
           TELEGRAM_BOT_API_TOKEN=${{ secrets.TELEGRAM_BOT_API_TOKEN }} \
-            AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \
-            AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \
             ./telegram-bot/deploy.sh
 
-  deploy:
+  deploy_website:
     runs-on: ubuntu-latest
     needs: [build]
     if: ${{ github.ref == 'refs/heads/main' }}