Fix GHA push to s3 on merge to master

[hannahilea]

No description provided.

[jgallagher59701]

I made a new AWS Key for this this, and just this, repo. I recorded it in the repo's Settings -> Secrets and variables -> Actions table. The key is bound to a new user in our AWS account with very limited permissions.

[jgallagher59701]

Re-running the GHAs.

[jgallagher59701]

I think the "Build on macos-15" action may have failed because I did not complete making the AWS Key. I just checked and the last button click was left undone. The permissions on the Key do allow S3 PutObject, so it should work.

[hannahilea]

Ah, okay! We can rerun that job once the intel job completes, since if the key is now created it should succeed this time.

[hannahilea]

@jgallagher59701 does the token exist now? I made a fail-faster branch here https://github.com/OPENDAP/hyrax-dependencies/actions/runs/21369747269/job/61510919462?pr=103 and

upload failed: ./delete-me-test-file-macos-15-153.txt to s3://opendap.travis.build/delete-me-test-file-macos-15-153.txt An error occurred (AccessDenied) when calling the PutObject operation: User: arn:aws:iam::747931985039:user/GHA-hyrax-dependencies is not authorized to perform: s3:PutObject on resource: "arn:aws:s3:::opendap.travis.build/delete-me-test-file-macos-15-153.txt" because no identity-based policy allows the s3:PutObject action

[jgallagher59701]

@jgallagher59701 does the token exist now? I made a fail-faster branch here https://github.com/OPENDAP/hyrax-dependencies/actions/runs/21369747269/job/61510919462?pr=103 and

upload failed: ./delete-me-test-file-macos-15-153.txt to s3://opendap.travis.build/delete-me-test-file-macos-15-153.txt An error occurred (AccessDenied) when calling the PutObject operation: User: arn:aws:iam::747931985039:user/GHA-hyrax-dependencies is not authorized to perform: s3:PutObject on resource: "arn:aws:s3:::opendap.travis.build/delete-me-test-file-macos-15-153.txt" because no identity-based policy allows the s3:PutObject action

Yes the token does exist. So I'm flummoxed. There's no way I know of to see if the token is being used. How would we know that?

[hannahilea]

Ah, okay. I went and looked at the credentials in the aws console, and it looks like that user has s3 permissions for different buckets than the one I'm pushing to here (s3://opendap.travis.build, for parity with the site the other hyrax-dependencies are being pushed.)

This means we have a choice: should I update this job to push the hyrax-dependencies built for osx to s3::opendap.github.actions.build, or should I update the IAM role to allow write access to s3://opendap.travis.build?

[hannahilea]

(determined via slack that we should update the bucket)