This repository has been archived by the owner on Aug 19, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gh-devstarops-demos.tf
118 lines (106 loc) · 5.12 KB
/
gh-devstarops-demos.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
data "github_repository" "devstarops-demos" {
full_name = "DevStarOps/devstarops-demos"
}
resource "github_repository_environment" "local-demos" {
environment = "local"
repository = data.github_repository.devstarops-demos.id
}
resource "azuread_application_federated_identity_credential" "eco-local-demos" {
application_object_id = azuread_application.eco-local.object_id
display_name = "devstarops-demos"
description = "Deployments for devstarops-demos"
audiences = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
subject = "repo:DevStarOps/devstarops-demos:environment:local"
}
resource "github_repository_environment" "test-demos" {
environment = "test"
repository = data.github_repository.devstarops-demos.id
}
resource "azuread_application_federated_identity_credential" "eco-test-demos" {
application_object_id = azuread_application.eco-test.object_id
display_name = "devstarops-demos"
description = "Deployments for devstarops-demos"
audiences = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
subject = "repo:DevStarOps/devstarops-demos:environment:test"
}
resource "github_repository_environment" "production-demos" {
environment = "production"
repository = data.github_repository.devstarops-demos.id
reviewers {
users = [data.github_user.current.id]
}
}
resource "github_branch_protection" "devstarops-demos-main" {
repository_id = data.github_repository.devstarops-demos.id
pattern = "main"
enforce_admins = true
require_signed_commits = true
}
resource "azuread_application_federated_identity_credential" "eco-production-demos" {
application_object_id = azuread_application.eco-production.object_id
display_name = "devstarops-demos"
description = "Deployments for devstarops-demos"
audiences = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
subject = "repo:DevStarOps/devstarops-demos:environment:production"
}
## Secrets
# ARM_CLIENT_ID
resource "github_actions_environment_secret" "local-demos-ARM_CLIENT_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.local-demos.environment
secret_name = "ARM_CLIENT_ID"
plaintext_value = azuread_application.eco-local.application_id
}
resource "github_actions_environment_secret" "test-demos-ARM_CLIENT_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.test-demos.environment
secret_name = "ARM_CLIENT_ID"
plaintext_value = azuread_application.eco-test.application_id
}
resource "github_actions_environment_secret" "production-demos-ARM_CLIENT_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.production-demos.environment
secret_name = "ARM_CLIENT_ID"
plaintext_value = azuread_application.eco-production.application_id
}
# ARM_TENANT_ID
resource "github_actions_environment_secret" "local-demos-ARM_TENANT_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.local-demos.environment
secret_name = "ARM_TENANT_ID"
plaintext_value = data.azurerm_client_config.current.tenant_id
}
resource "github_actions_environment_secret" "test-demos-ARM_TENANT_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.test-demos.environment
secret_name = "ARM_TENANT_ID"
plaintext_value = data.azurerm_client_config.current.tenant_id
}
resource "github_actions_environment_secret" "production-demos-ARM_TENANT_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.production-demos.environment
secret_name = "ARM_TENANT_ID"
plaintext_value = data.azurerm_client_config.current.tenant_id
}
# ARM_SUBSCRIPTION_ID
resource "github_actions_environment_secret" "local-demos-ARM_SUBSCRIPTION_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.local-demos.environment
secret_name = "ARM_SUBSCRIPTION_ID"
plaintext_value = data.azurerm_client_config.current.subscription_id
}
resource "github_actions_environment_secret" "test-demos-ARM_SUBSCRIPTION_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.test-demos.environment
secret_name = "ARM_SUBSCRIPTION_ID"
plaintext_value = data.azurerm_client_config.current.subscription_id
}
resource "github_actions_environment_secret" "production-demos-ARM_SUBSCRIPTION_ID" {
repository = data.github_repository.devstarops-demos.id
environment = github_repository_environment.production-demos.environment
secret_name = "ARM_SUBSCRIPTION_ID"
plaintext_value = data.azurerm_client_config.current.subscription_id
}