UPDATE

mazzasaverio · Feb 5, 2024 · 1808dc9 · 1808dc9
1 parent 98bc9af
commit 1808dc9
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 9 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -39,10 +39,45 @@ resource "google_project_service" "enabled_services" {
 
 
 
+# IAM role assignments for an existing service account
+resource "google_project_iam_member" "existing_service_account_iam_roles" {
+  for_each = toset(var.gcp_existing_service_account_roles)
+  project  = var.gcp_project_id
+  role     = "roles/${each.value}"
+  member   = "serviceAccount:${data.google_service_account.existing_service_account.email}"
+}
+
+# IAM role assignments for Cloud Build service account with specific roles
+resource "google_project_iam_member" "cloud_build_service_account_iam_roles" {
+  for_each = toset(var.gcp_cloud_build_service_account_roles)
+  project  = var.gcp_project_id
+  role     = "roles/${each.value}"
+  member   = "serviceAccount:${var.gcp_project_number}@cloudbuild.gserviceaccount.com"
+}
+
+
+
 
 
 module "secret_manager" {
   source       = "./modules/secret_manager"
   github_token = var.github_token
 }
 
+
+
+module "cloud_build" {
+  source                     = "./modules/cloud_build"
+  gcp_project_id             = var.gcp_project_id
+  gcp_project_number         = var.gcp_project_number
+  repo_name                  = var.repo_name
+  branch                     = var.branch
+  github_gcp_installation_id = var.github_gcp_installation_id
+  gcp_region                 = var.gcp_region
+  github_remote_uri          = var.github_remote_uri
+
+  depends_on = [
+
+    module.secret_manager
+  ]
+}
diff --git a/terraform/modules/cloud_build/variables.tf b/terraform/modules/cloud_build/variables.tf
@@ -12,8 +12,6 @@ variable "gcp_project_number" {
 }
 
 
-
-
 variable "repo_name" {
   description = "The name of the repository to create the trigger for the Cloud Build."
   type        = string
@@ -38,7 +36,3 @@ variable "github_remote_uri" {
   description = "The GitHub remote URI."
   type        = string
 }
-# variable "github_token_secret_version_id" {
-#   description = "ID of the secret version containing the GitHub token"
-#   type        = string
-# }
diff --git a/terraform/modules/secret_manager/main.tf b/terraform/modules/secret_manager/main.tf
@@ -2,7 +2,7 @@
 /* ----------------------------- GITHUB ACCOUNT ----------------------------- */
 
 resource "google_secret_manager_secret" "github_token_secret" {
-  secret_id = "github-token-secret"
+  secret_id = "github-token-secret-2"
   replication {
     auto {}
   }

diff --git a/terraform/variabiles.tf b/terraform/variabiles.tf
@@ -65,8 +65,6 @@ variable "repo_name" {
   type        = string
 }
 
-
-
 variable "branch" {
   description = "The branch of the repository to create the trigger for the Cloud Build."
   type        = string