zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/source-repository/README.md

4.4 KiB
Raw Permalink Blame History

Google Cloud Source Repository Module

This module allows managing a single Cloud Source Repository, including IAM bindings and basic Cloud Build triggers.

Examples

Repository with IAM

module "repo" {
  source     = "./fabric/modules/source-repository"
  project_id = "my-project"
  name       = "my-repo"
  iam = {
    "roles/source.reader" = ["user:foo@example.com"]
  }
  iam_bindings_additive = {
    am1-reader = {
      member = "user:am1@example.com"
      role   = "roles/source.reader"
    }
  }
}
# tftest modules=1 resources=3 inventory=simple.yaml

Repository with Cloud Build trigger

module "repo" {
  source     = "./fabric/modules/source-repository"
  project_id = "my-project"
  name       = "my-repo"
  triggers = {
    foo = {
      filename        = "ci/workflow-foo.yaml"
      included_files  = ["**/*tf"]
      service_account = null
      substitutions = {
        BAR = 1
      }
      template = {
        branch_name = "main"
        project_id  = null
        tag_name    = null
      }
    }
  }
}
# tftest modules=1 resources=2 inventory=trigger.yaml

Files

name description resources
iam.tf IAM bindings. google_sourcerepo_repository_iam_binding · google_sourcerepo_repository_iam_member
main.tf Module-level locals and resources. google_cloudbuild_trigger · google_sourcerepo_repository
outputs.tf Module outputs.
variables-iam.tf None
variables.tf Module variables.
versions.tf Version pins.

Variables

name description type required default
name Repository name. string
project_id Project used for resources. string
iam IAM bindings in {ROLE => [MEMBERS]} format. map(list(string)) {}
iam_bindings Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. map(object({…})) {}
iam_bindings_additive Individual additive IAM bindings. Keys are arbitrary. map(object({…})) {}
iam_by_principals Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the iam variable. map(list(string)) {}
triggers Cloud Build triggers. map(object({…})) {}

Outputs

name description sensitive
id Fully qualified repository id.
name Repository name.
url Repository URL.