Action is always assuming role with user credentials on 2nd call

[ecs-jnguyen]

Describe the bug

Hello, the latest commit 2c168adcae62d67531ba83842723c8f30695116a on the main branch is always trying to do role chaining instead of OIDC when we call configure-aws-credentials the second time.

This was introduced as part of #1338

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

I am expecting the role to be assumed via OIDC with this message Assuming role with OIDC

Current Behavior

I am seeing the message Assuming role with user credentials. It fails because the role to assume does not allow the previous role to assume it.

Reproduction Steps

name: Test Action

on:
  push:
  workflow_dispatch:

permissions:
  id-token: write
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: aws-actions/configure-aws-credentials@2c168adcae62d67531ba83842723c8f30695116a
        with:
          aws-region: us-west-2
          role-to-assume: <role-to-assume-here>

      - uses: aws-actions/configure-aws-credentials@2c168adcae62d67531ba83842723c8f30695116a
        with:
          aws-region: us-west-2
          role-to-assume: <role-to-assume-here>

Possible Solution

No response

Additional Information/Context

No response

[github-actions]

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.

[kellertk]

Thanks for pointing this out. We added the action's inputs as env variables, but we weren't excluding the action's outputs, which broken chaining. The latest changes will exclude the action's outputs.