-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathmain.tf
63 lines (53 loc) · 2.21 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
data "archive_file" "github_hook_zip" {
type = "zip"
source_dir = "${path.module}/function/"
output_path = "${path.module}/github_hook.zip"
excludes = ["tests"]
}
resource "google_storage_bucket" "github_hook_bucket" {
name = "github_hook_bucket_${var.google.env}"
}
resource "google_storage_bucket_object" "github_hook_zip" {
name = "github_hook_${data.archive_file.github_hook_zip.output_md5}.zip"
bucket = google_storage_bucket.github_hook_bucket.name
source = "${path.module}/github_hook.zip"
}
resource "google_cloudfunctions_function" "github_hook" {
name = "github_hook_function"
description = "Receive GitHub hooks"
runtime = "nodejs12"
available_memory_mb = 128
timeout = 60
source_archive_bucket = google_storage_bucket.github_hook_bucket.name
source_archive_object = google_storage_bucket_object.github_hook_zip.name
service_account_email = google_service_account.github_hook.email
trigger_http = true
entry_point = "githubHook"
ingress_settings = "ALLOW_ALL"
environment_variables = {
"SECRET_GITHUB_JSON_RESOURCE_NAME" = var.secret_github_json.resource_name
"START_AND_STOP_TOPIC_NAME" = var.start_and_stop_topic_name
}
}
resource "google_cloudfunctions_function_iam_member" "github_hook_invoker" {
project = google_cloudfunctions_function.github_hook.project
region = google_cloudfunctions_function.github_hook.region
cloud_function = google_cloudfunctions_function.github_hook.name
role = "roles/cloudfunctions.invoker"
member = "allUsers"
}
resource "google_service_account" "github_hook" {
account_id = "github-hook-user"
display_name = "GitHub hook User"
}
resource "google_project_iam_member" "github_hook_secretmanager_secretaccessor" {
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:${google_service_account.github_hook.email}"
}
resource "google_project_iam_member" "github_hook_pubsub_publisher" {
role = "roles/pubsub.publisher"
member = "serviceAccount:${google_service_account.github_hook.email}"
}
output "github_hook_trigger_url" {
value = google_cloudfunctions_function.github_hook.https_trigger_url
}