From 3be85cddab66f140bd1ad5dd01711768ca2782d5 Mon Sep 17 00:00:00 2001
From: George Fu <kuhe@users.noreply.github.com>
Date: Tue, 7 Jan 2025 08:37:44 -0800
Subject: [PATCH 1/5] test read token

---
 .github/workflows/test-read-token.yml | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .github/workflows/test-read-token.yml

diff --git a/.github/workflows/test-read-token.yml b/.github/workflows/test-read-token.yml
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/.github/workflows/test-read-token.yml
@@ -0,0 +1 @@
+

From a84e0f19d39f10d482a2462144c225729b5cb767 Mon Sep 17 00:00:00 2001
From: George Fu <kuhe@users.noreply.github.com>
Date: Tue, 7 Jan 2025 08:50:24 -0800
Subject: [PATCH 2/5] Update test-read-token.yml

---
 .github/workflows/test-read-token.yml | 40 +++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/.github/workflows/test-read-token.yml b/.github/workflows/test-read-token.yml
index 8b137891791..f3aceb49168 100644
--- a/.github/workflows/test-read-token.yml
+++ b/.github/workflows/test-read-token.yml
@@ -1 +1,41 @@
+name: test-read-token
 
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  release:
+    name: Test reading NPM token
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{secrets.PUSH_TOKEN}}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 18
+          cache: "yarn"
+      - name: Configure AWS Credentials
+        id: credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: ${{ secrets.JS_TEAM_ROLE_TO_ASSUME }}
+          role-session-name: SmithyTypeScriptGitHubRelease
+          audience: sts.amazonaws.com
+      - name: Fetch NPM token
+        id: token
+        if: steps.commit.outcome == 'success'
+        run: |
+          aws configure --profile token set role_arn ${{ secrets.JS_TEAM_TOKEN_ROLE }}
+          aws configure --profile token set credential_source Environment
+          npm_token=$(aws secretsmanager get-secret-value --region us-west-2 --secret-id=smithy-typescript-npm-token --query SecretString --output text --profile token)
+          echo "::add-mask::$npm_token"
+          echo "NPM_TOKEN=$npm_token" >> $GITHUB_ENV

From 358d2abbf0bf00f5f20df41089a7615330a856d0 Mon Sep 17 00:00:00 2001
From: George Fu <kuhe@users.noreply.github.com>
Date: Tue, 7 Jan 2025 09:00:20 -0800
Subject: [PATCH 3/5] Update test-read-token.yml

---
 .github/workflows/test-read-token.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/test-read-token.yml b/.github/workflows/test-read-token.yml
index f3aceb49168..e5791ed8327 100644
--- a/.github/workflows/test-read-token.yml
+++ b/.github/workflows/test-read-token.yml
@@ -32,7 +32,6 @@ jobs:
           audience: sts.amazonaws.com
       - name: Fetch NPM token
         id: token
-        if: steps.commit.outcome == 'success'
         run: |
           aws configure --profile token set role_arn ${{ secrets.JS_TEAM_TOKEN_ROLE }}
           aws configure --profile token set credential_source Environment

From 530e71ea313035941cef9e9f2898bb6e156a3ff3 Mon Sep 17 00:00:00 2001
From: George Fu <kuhe@users.noreply.github.com>
Date: Tue, 7 Jan 2025 09:04:08 -0800
Subject: [PATCH 4/5] Update test-read-token.yml

---
 .github/workflows/test-read-token.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/test-read-token.yml b/.github/workflows/test-read-token.yml
index e5791ed8327..b6d65d1e45f 100644
--- a/.github/workflows/test-read-token.yml
+++ b/.github/workflows/test-read-token.yml
@@ -33,7 +33,6 @@ jobs:
       - name: Fetch NPM token
         id: token
         run: |
-          aws configure --profile token set role_arn ${{ secrets.JS_TEAM_TOKEN_ROLE }}
           aws configure --profile token set credential_source Environment
           npm_token=$(aws secretsmanager get-secret-value --region us-west-2 --secret-id=smithy-typescript-npm-token --query SecretString --output text --profile token)
           echo "::add-mask::$npm_token"

From 32cff5d29f0dfa61435bfbb310d024c4078f0e7a Mon Sep 17 00:00:00 2001
From: George Fu <kuhe@users.noreply.github.com>
Date: Tue, 7 Jan 2025 09:06:49 -0800
Subject: [PATCH 5/5] Update test-read-token.yml

---
 .github/workflows/test-read-token.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/test-read-token.yml b/.github/workflows/test-read-token.yml
index b6d65d1e45f..e5791ed8327 100644
--- a/.github/workflows/test-read-token.yml
+++ b/.github/workflows/test-read-token.yml
@@ -33,6 +33,7 @@ jobs:
       - name: Fetch NPM token
         id: token
         run: |
+          aws configure --profile token set role_arn ${{ secrets.JS_TEAM_TOKEN_ROLE }}
           aws configure --profile token set credential_source Environment
           npm_token=$(aws secretsmanager get-secret-value --region us-west-2 --secret-id=smithy-typescript-npm-token --query SecretString --output text --profile token)
           echo "::add-mask::$npm_token"