From 48b92b137b376b18163a75c588c3e48ddc0cb3f5 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Thu, 21 Nov 2024 17:53:39 +0000 Subject: [PATCH 01/11] Add Cloud Build for GCP CI env --- .../gcp/cloudbuild/ci/.terraform.lock.hcl | 22 +++ .../live/gcp/cloudbuild/ci/terragrunt.hcl | 17 ++ deployment/live/gcp/cloudbuild/terragrunt.hcl | 22 +++ deployment/modules/gcp/cloudbuild/main.tf | 165 ++++++++++++++++++ .../modules/gcp/cloudbuild/variables.tf | 14 ++ 5 files changed, 240 insertions(+) create mode 100644 deployment/live/gcp/cloudbuild/ci/.terraform.lock.hcl create mode 100644 deployment/live/gcp/cloudbuild/ci/terragrunt.hcl create mode 100644 deployment/live/gcp/cloudbuild/terragrunt.hcl create mode 100644 deployment/modules/gcp/cloudbuild/main.tf create mode 100644 deployment/modules/gcp/cloudbuild/variables.tf diff --git a/deployment/live/gcp/cloudbuild/ci/.terraform.lock.hcl b/deployment/live/gcp/cloudbuild/ci/.terraform.lock.hcl new file mode 100644 index 00000000..d7539bd7 --- /dev/null +++ b/deployment/live/gcp/cloudbuild/ci/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "6.1.0" + constraints = "6.1.0" + hashes = [ + "h1:okppWOAoIPz45VkydzAA74HRLgEKvP4CFXypPU228j8=", + "zh:2463510438c97c59e06ab1fb1ef76221c844abd1bc404c439401fc256e9928ab", + "zh:2afd9b76a81c51632bd54d3cc3bdc2685e8d89b8ace8ca7578b1ae42880228b5", + "zh:51e2fb64c7c8258ac0ec7315d488e5c655b392bf565f9bee2922ee72f6abfb90", + "zh:85aa39bad51132810ee6cd369f426614abff59cb0274fc737d087c17afa9b5ee", + "zh:989669bfed5ca7bf4d960eb9f27a62cbe2578ca2907da7c74fc93edae9a497fa", + "zh:a26665782e90ef3fd322d6a23a1de383c81ae93395e7c2bd9648a1aa85c69876", + "zh:d5e1b785b4c8569b91153eeba89280ffbbe7a0aaabb708833ada67544aeed057", + "zh:d748c69eab6acc4ab7ec369b3bd3ddd5d2e4120d99570743dafde74934959a20", + "zh:eb853ab5c4c0d3e536b8c77abf844b7893ac355967c95b6e0d39b12526e67989", + "zh:f4b50f0ae082412ba189041b6ac540523b7d6463905fed63be67eec03e1539b9", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6e7adcfafe267d9c657a6c087388f7e0c1e3be4dc179a9a823f75c830a499b7", + ] +} \ No newline at end of file diff --git a/deployment/live/gcp/cloudbuild/ci/terragrunt.hcl b/deployment/live/gcp/cloudbuild/ci/terragrunt.hcl new file mode 100644 index 00000000..89fd170d --- /dev/null +++ b/deployment/live/gcp/cloudbuild/ci/terragrunt.hcl @@ -0,0 +1,17 @@ +terraform { + source = "${get_repo_root()}/deployment/modules/gcp//cloudbuild" +} + +locals { + server_docker_image = "${include.root.locals.location}-docker.pkg.dev/${include.root.locals.project_id}/docker-${include.root.locals.env}/conformance-gcp:latest" +} + +include "root" { + path = find_in_parent_folders() + expose = true +} + +inputs = merge( + local, + include.root.locals, +) diff --git a/deployment/live/gcp/cloudbuild/terragrunt.hcl b/deployment/live/gcp/cloudbuild/terragrunt.hcl new file mode 100644 index 00000000..0a6a389c --- /dev/null +++ b/deployment/live/gcp/cloudbuild/terragrunt.hcl @@ -0,0 +1,22 @@ +locals { + env = path_relative_to_include() + project_id = get_env("GOOGLE_PROJECT", "transparency-dev") + location = get_env("GOOGLE_REGION", "us-central1") + base_name = get_env("TESSERA_BASE_NAME", "${local.env}-cloudbuild") +} + +remote_state { + backend = "gcs" + + config = { + project = local.project_id + location = local.location + bucket = "${local.project_id}-${local.base_name}-terraform-state" + prefix = "terraform.tfstate" + + gcs_bucket_labels = { + name = "terraform_state" + env = "${local.env}" + } + } +} diff --git a/deployment/modules/gcp/cloudbuild/main.tf b/deployment/modules/gcp/cloudbuild/main.tf new file mode 100644 index 00000000..3ffdad04 --- /dev/null +++ b/deployment/modules/gcp/cloudbuild/main.tf @@ -0,0 +1,165 @@ +terraform { + backend "gcs" {} + + required_providers { + google = { + source = "registry.terraform.io/hashicorp/google" + version = "6.1.0" + } + } +} + +# Artifact Registry + +resource "google_project_service" "artifact_registry_api" { + service = "artifactregistry.googleapis.com" + disable_on_destroy = false +} + +resource "google_artifact_registry_repository" "docker" { + repository_id = "docker-${var.env}" + location = var.location + description = "Static CT docker images" + format = "DOCKER" + depends_on = [ + google_project_service.artifact_registry_api, + ] +} + +# Cloud Build + +locals { + artifact_repo = "${var.location}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.docker.name}" + conformance_gcp_docker_image = "${local.artifact_repo}/conformance-gcp" +} + +resource "google_project_service" "cloudbuild_api" { + service = "cloudbuild.googleapis.com" + disable_on_destroy = false +} + +resource "google_service_account" "cloudbuild_service_account" { + account_id = "cloudbuild-${var.env}-sa" + display_name = "Service Account for Cloud Build (${var.env})" +} + +resource "google_project_iam_member" "cloudbuild_builds_editor" { + project = var.project_id + role = "roles/cloudbuild.builds.editor" + member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" +} + +resource "google_project_iam_member" "logging_log_writer" { + project = var.project_id + role = "roles/logging.logWriter" + member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" +} + +resource "google_artifact_registry_repository_iam_member" "artifactregistry_writer" { + project = google_artifact_registry_repository.docker.project + location = google_artifact_registry_repository.docker.location + repository = google_artifact_registry_repository.docker.name + role = "roles/artifactregistry.writer" + member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" +} + +# TODO: Use google_cloud_run_service_iam_member to limit the service scope. +resource "google_project_iam_member" "run_developer" { + project = var.project_id + role = "roles/run.developer" + member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" +} + +resource "google_project_iam_member" "iam_service_account_user" { + project = var.project_id + role = "roles/iam.serviceAccountUser" + member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" +} + +resource "google_cloudbuild_trigger" "build_trigger" { + name = "build-docker-${var.env}" + service_account = google_service_account.cloudbuild_service_account.id + location = var.location + + github { + owner = "transparency-dev" + name = "static-ct" + push { + branch = "^main$" + } + } + + build { + ## TODO: Destroy any pre-existing deployment/live/gcp/ci environment. + ## This might happen if a previous cloud build failed for some reason. + + ## Build the SCTFE GCP Docker image. + ## This will be used by the building the conformance Docker image which includes + ## the test data. + step { + id = "docker_build_sctfe_gcp" + name = "gcr.io/cloud-builders/docker" + args = [ + "build", + "-t", "sctfe-gcp:$SHORT_SHA", + "-t", "sctfe-gcp:latest", + "-f", "./cmd/gcp/Dockerfile", + "." + ] + } + + ## Build the SCTFE GCP Conformance Docker container image. + step { + id = "docker_build_conformance_gcp" + name = "gcr.io/cloud-builders/docker" + args = [ + "build", + "-t", "${local.conformance_gcp_docker_image}:$SHORT_SHA", + "-t", "${local.conformance_gcp_docker_image}:latest", + "-f", "./cmd/gcp/ci/Dockerfile", + "." + ] + } + + ## Push the conformance Docker container image to Artifact Registry. + step { + id = "docker_push_conformance_gcp" + name = "gcr.io/cloud-builders/docker" + args = [ + "push", + "--all-tags", + local.conformance_gcp_docker_image + ] + wait_for = ["docker_build_conformance_gcp"] + } + + ## Deploy container image to Cloud Run. + ## TODO: Remove this as the `terragrunt apply` will bring up the Cloud Run. + step { + id = "cloud_run_deploy" + name = "gcr.io/google.com/cloudsdktool/cloud-sdk" + entrypoint = "gcloud" + args = [ + "run", + "deploy", + "${var.env}-static-ct", + "--image", + "${local.conformance_gcp_docker_image}:$SHORT_SHA", + "--region", + var.location + ] + wait_for = ["docker_push_conformance_gcp"] + } + + ## TODO: Apply the terragrunt configuration to create the CI environment. + + options { + logging = "CLOUD_LOGGING_ONLY" + machine_type = "E2_HIGHCPU_8" + } + } + + depends_on = [ + google_artifact_registry_repository.docker + ] +} diff --git a/deployment/modules/gcp/cloudbuild/variables.tf b/deployment/modules/gcp/cloudbuild/variables.tf new file mode 100644 index 00000000..792753bf --- /dev/null +++ b/deployment/modules/gcp/cloudbuild/variables.tf @@ -0,0 +1,14 @@ +variable "project_id" { + description = "GCP project ID where the log is hosted" + type = string +} + +variable "location" { + description = "Location in which to create resources" + type = string +} + +variable "env" { + description = "Unique identifier for the env, e.g. dev or ci or prod" + type = string +} From db78b644357c81c4d03ebb54d8a80ee7aaeb9c57 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Thu, 21 Nov 2024 21:00:07 +0000 Subject: [PATCH 02/11] Add Cloud Build for GCP CI env --- deployment/modules/gcp/cloudrun/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/deployment/modules/gcp/cloudrun/main.tf b/deployment/modules/gcp/cloudrun/main.tf index ecc36c04..9229aa15 100644 --- a/deployment/modules/gcp/cloudrun/main.tf +++ b/deployment/modules/gcp/cloudrun/main.tf @@ -19,6 +19,12 @@ resource "google_service_account" "cloudrun_service_account" { display_name = "Service Account for Cloud Run (${var.env})" } +resource "google_project_iam_member" "run_service_agent" { + project = var.project_id + role = "roles/run.serviceAgent" + member = "serviceAccount:${google_service_account.cloudrun_service_account.email}" +} + resource "google_project_iam_member" "monitoring_metric_writer" { project = var.project_id role = "roles/monitoring.metricWriter" From 2d2fa3707050a3cbe31f16a02c9d69535a232671 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 13:07:56 +0000 Subject: [PATCH 03/11] Switch from ci to prod for cloud build service account --- deployment/live/gcp/cloudbuild/{ci => prod}/.terraform.lock.hcl | 0 deployment/live/gcp/cloudbuild/{ci => prod}/terragrunt.hcl | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename deployment/live/gcp/cloudbuild/{ci => prod}/.terraform.lock.hcl (100%) rename deployment/live/gcp/cloudbuild/{ci => prod}/terragrunt.hcl (100%) diff --git a/deployment/live/gcp/cloudbuild/ci/.terraform.lock.hcl b/deployment/live/gcp/cloudbuild/prod/.terraform.lock.hcl similarity index 100% rename from deployment/live/gcp/cloudbuild/ci/.terraform.lock.hcl rename to deployment/live/gcp/cloudbuild/prod/.terraform.lock.hcl diff --git a/deployment/live/gcp/cloudbuild/ci/terragrunt.hcl b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl similarity index 100% rename from deployment/live/gcp/cloudbuild/ci/terragrunt.hcl rename to deployment/live/gcp/cloudbuild/prod/terragrunt.hcl From b11b9b772968a99ad2e04f93b95e8e576ab0bbb1 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 13:50:37 +0000 Subject: [PATCH 04/11] Add docker_env to cloud build config --- deployment/live/gcp/cloudbuild/prod/terragrunt.hcl | 3 ++- deployment/modules/gcp/cloudbuild/main.tf | 6 +++--- deployment/modules/gcp/cloudbuild/variables.tf | 5 +++++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl index 89fd170d..4e9a60cb 100644 --- a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl +++ b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl @@ -3,7 +3,8 @@ terraform { } locals { - server_docker_image = "${include.root.locals.location}-docker.pkg.dev/${include.root.locals.project_id}/docker-${include.root.locals.env}/conformance-gcp:latest" + docker_env = "ci" + server_docker_image = "${include.root.locals.location}-docker.pkg.dev/${include.root.locals.project_id}/docker-${locals.docker_env}/conformance-gcp:latest" } include "root" { diff --git a/deployment/modules/gcp/cloudbuild/main.tf b/deployment/modules/gcp/cloudbuild/main.tf index 3ffdad04..cd3ded6f 100644 --- a/deployment/modules/gcp/cloudbuild/main.tf +++ b/deployment/modules/gcp/cloudbuild/main.tf @@ -17,7 +17,7 @@ resource "google_project_service" "artifact_registry_api" { } resource "google_artifact_registry_repository" "docker" { - repository_id = "docker-${var.env}" + repository_id = "docker-${var.docker_env}" location = var.location description = "Static CT docker images" format = "DOCKER" @@ -77,7 +77,7 @@ resource "google_project_iam_member" "iam_service_account_user" { } resource "google_cloudbuild_trigger" "build_trigger" { - name = "build-docker-${var.env}" + name = "build-docker-${var.docker_env}" service_account = google_service_account.cloudbuild_service_account.id location = var.location @@ -142,7 +142,7 @@ resource "google_cloudbuild_trigger" "build_trigger" { args = [ "run", "deploy", - "${var.env}-static-ct", + "${var.docker_env}-static-ct", "--image", "${local.conformance_gcp_docker_image}:$SHORT_SHA", "--region", diff --git a/deployment/modules/gcp/cloudbuild/variables.tf b/deployment/modules/gcp/cloudbuild/variables.tf index 792753bf..a550127e 100644 --- a/deployment/modules/gcp/cloudbuild/variables.tf +++ b/deployment/modules/gcp/cloudbuild/variables.tf @@ -12,3 +12,8 @@ variable "env" { description = "Unique identifier for the env, e.g. dev or ci or prod" type = string } + +variable "docker_env" { + description = "Unique identifier for the Docker env, e.g. dev or ci or prod" + type = string +} \ No newline at end of file From c80a695756b339f224ef6028a1de82f45f4c907d Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 13:52:14 +0000 Subject: [PATCH 05/11] Add docker_env to cloud build config --- deployment/live/gcp/cloudbuild/prod/terragrunt.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl index 4e9a60cb..fe7de255 100644 --- a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl +++ b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl @@ -4,7 +4,7 @@ terraform { locals { docker_env = "ci" - server_docker_image = "${include.root.locals.location}-docker.pkg.dev/${include.root.locals.project_id}/docker-${locals.docker_env}/conformance-gcp:latest" + server_docker_image = "${include.root.locals.location}-docker.pkg.dev/${include.root.locals.project_id}/docker-${local.docker_env}/conformance-gcp:latest" } include "root" { From 686c9cec1b9cab6413722824822565680f94c58f Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 14:18:15 +0000 Subject: [PATCH 06/11] Remove roles/cloudbuild.builds.editor from cloud build service account --- deployment/modules/gcp/cloudbuild/main.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/deployment/modules/gcp/cloudbuild/main.tf b/deployment/modules/gcp/cloudbuild/main.tf index cd3ded6f..0835f12c 100644 --- a/deployment/modules/gcp/cloudbuild/main.tf +++ b/deployment/modules/gcp/cloudbuild/main.tf @@ -43,12 +43,6 @@ resource "google_service_account" "cloudbuild_service_account" { display_name = "Service Account for Cloud Build (${var.env})" } -resource "google_project_iam_member" "cloudbuild_builds_editor" { - project = var.project_id - role = "roles/cloudbuild.builds.editor" - member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" -} - resource "google_project_iam_member" "logging_log_writer" { project = var.project_id role = "roles/logging.logWriter" From a21dee7c45b3c8aabb2fe6f539e8f4cee4c2ae4e Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 14:42:02 +0000 Subject: [PATCH 07/11] Add line to EOF --- deployment/modules/gcp/cloudbuild/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/modules/gcp/cloudbuild/variables.tf b/deployment/modules/gcp/cloudbuild/variables.tf index a550127e..2a72349e 100644 --- a/deployment/modules/gcp/cloudbuild/variables.tf +++ b/deployment/modules/gcp/cloudbuild/variables.tf @@ -16,4 +16,4 @@ variable "env" { variable "docker_env" { description = "Unique identifier for the Docker env, e.g. dev or ci or prod" type = string -} \ No newline at end of file +} From 2840debd9edebf4c0cc3d8b0593f79223fb74b63 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 15:56:28 +0000 Subject: [PATCH 08/11] Move terraform source to cloud build root module --- deployment/live/gcp/cloudbuild/prod/terragrunt.hcl | 4 ---- deployment/live/gcp/cloudbuild/terragrunt.hcl | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl index fe7de255..c9a0c5fb 100644 --- a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl +++ b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl @@ -1,7 +1,3 @@ -terraform { - source = "${get_repo_root()}/deployment/modules/gcp//cloudbuild" -} - locals { docker_env = "ci" server_docker_image = "${include.root.locals.location}-docker.pkg.dev/${include.root.locals.project_id}/docker-${local.docker_env}/conformance-gcp:latest" diff --git a/deployment/live/gcp/cloudbuild/terragrunt.hcl b/deployment/live/gcp/cloudbuild/terragrunt.hcl index 0a6a389c..b0a29925 100644 --- a/deployment/live/gcp/cloudbuild/terragrunt.hcl +++ b/deployment/live/gcp/cloudbuild/terragrunt.hcl @@ -1,3 +1,7 @@ +terraform { + source = "${get_repo_root()}/deployment/modules/gcp//cloudbuild" +} + locals { env = path_relative_to_include() project_id = get_env("GOOGLE_PROJECT", "transparency-dev") From 57021eaf2cd723c12276e5247636c448d599a8b5 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 15:59:00 +0000 Subject: [PATCH 09/11] Remove unused terraform local var --- deployment/live/gcp/cloudbuild/prod/terragrunt.hcl | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl index c9a0c5fb..fade2264 100644 --- a/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl +++ b/deployment/live/gcp/cloudbuild/prod/terragrunt.hcl @@ -1,6 +1,5 @@ locals { docker_env = "ci" - server_docker_image = "${include.root.locals.location}-docker.pkg.dev/${include.root.locals.project_id}/docker-${local.docker_env}/conformance-gcp:latest" } include "root" { From c70f8614e6b09de3b245be62a38f3bf87a228ed1 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 16:00:22 +0000 Subject: [PATCH 10/11] Update `GOOGLE_PROJECT` default value to `static-ct` --- deployment/live/gcp/cloudbuild/terragrunt.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/live/gcp/cloudbuild/terragrunt.hcl b/deployment/live/gcp/cloudbuild/terragrunt.hcl index b0a29925..e377468b 100644 --- a/deployment/live/gcp/cloudbuild/terragrunt.hcl +++ b/deployment/live/gcp/cloudbuild/terragrunt.hcl @@ -4,7 +4,7 @@ terraform { locals { env = path_relative_to_include() - project_id = get_env("GOOGLE_PROJECT", "transparency-dev") + project_id = get_env("GOOGLE_PROJECT", "static-ct") location = get_env("GOOGLE_REGION", "us-central1") base_name = get_env("TESSERA_BASE_NAME", "${local.env}-cloudbuild") } From d9f4cbb2d1b199a34f3d4829a3f918f2eb213e66 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Fri, 22 Nov 2024 16:06:28 +0000 Subject: [PATCH 11/11] Allow injecting the GitHub owner for Cloud Build repo mapping --- deployment/live/gcp/cloudbuild/terragrunt.hcl | 9 +++++---- deployment/modules/gcp/cloudbuild/main.tf | 2 +- deployment/modules/gcp/cloudbuild/variables.tf | 5 +++++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/deployment/live/gcp/cloudbuild/terragrunt.hcl b/deployment/live/gcp/cloudbuild/terragrunt.hcl index e377468b..5ba8b01d 100644 --- a/deployment/live/gcp/cloudbuild/terragrunt.hcl +++ b/deployment/live/gcp/cloudbuild/terragrunt.hcl @@ -3,10 +3,11 @@ terraform { } locals { - env = path_relative_to_include() - project_id = get_env("GOOGLE_PROJECT", "static-ct") - location = get_env("GOOGLE_REGION", "us-central1") - base_name = get_env("TESSERA_BASE_NAME", "${local.env}-cloudbuild") + env = path_relative_to_include() + project_id = get_env("GOOGLE_PROJECT", "static-ct") + location = get_env("GOOGLE_REGION", "us-central1") + base_name = get_env("TESSERA_BASE_NAME", "${local.env}-cloudbuild") + github_owner = get_env("GITHUB_OWNER", "transparency-dev") } remote_state { diff --git a/deployment/modules/gcp/cloudbuild/main.tf b/deployment/modules/gcp/cloudbuild/main.tf index 0835f12c..d8e88070 100644 --- a/deployment/modules/gcp/cloudbuild/main.tf +++ b/deployment/modules/gcp/cloudbuild/main.tf @@ -76,7 +76,7 @@ resource "google_cloudbuild_trigger" "build_trigger" { location = var.location github { - owner = "transparency-dev" + owner = var.github_owner name = "static-ct" push { branch = "^main$" diff --git a/deployment/modules/gcp/cloudbuild/variables.tf b/deployment/modules/gcp/cloudbuild/variables.tf index 2a72349e..6e59e4f2 100644 --- a/deployment/modules/gcp/cloudbuild/variables.tf +++ b/deployment/modules/gcp/cloudbuild/variables.tf @@ -17,3 +17,8 @@ variable "docker_env" { description = "Unique identifier for the Docker env, e.g. dev or ci or prod" type = string } + +variable "github_owner" { + description = "GitHub owner used in Cloud Build trigger repository mapping" + type = string +}