try pulling secrets from gcloud for tf

2025-04-24 19:39:11 +00:00 · 2020-12-06 22:36:11 -05:00 · 2020-12-06 22:36:11 -05:00 · d8bda6fb43
commit d8bda6fb43
parent 441b24045d
3 changed files with 25 additions and 11 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -104,6 +104,13 @@ jobs:
                  service_account_key: ${{ secrets.GCS_TF_KEY }}
                  export_default_credentials: true

+            - name: Get Google Secrets (they keep them in a box under a tree)
+              id: secrets
+              uses: google-github-actions/get-secretmanager-secrets@main
+              with:
+                  secrets: |-
+                      secretJSON:${{ secrets.GCS_PROJECT_ID }}/${{github.event.inputs.environment}}-tfvars
+
            - name: Pull necessary artifacts
              working-directory: ./terraform
              run: |
@ -119,24 +126,25 @@ jobs:
              run: |
                  terraform init --backend-config "prefix=${{github.event.inputs.environment}}"

-            - name: Write tags to tags.tfvars.auto.json
+            - name: Write *.auto.tfvars.json files
              working-directory: ./terraform
              run: |
                  echo '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "worker_path": "./worker-dist/backend-worker.js"}' | jq . | tee tags.tfvars.auto.json
+                  echo ${SECRET_TFVARS} > secrets.auto.tfvars.json
+              env:
+                  SECRET_TFVARS: ${{ steps.secrets.outputs.secretJSON }}

            - name: Terraform plan
              working-directory: ./terraform
              run: |
                  terraform plan \
-                    --var-file variables/global.tfvars \
-                    --var-file variables/${{github.event.inputs.environment}}.tfvars \
+                    -var-file variables/global.tfvars \
+                    -var-file variables/${{github.event.inputs.environment}}.tfvars \
                    -out=./deployment.tfplan

            - name: Terraform apply
              working-directory: ./terraform
              run: |
                  terraform apply \
-                    --var-file variables/global.tfvars \
-                    --var-file variables/${{github.event.inputs.environment}}.tfvars \
                    -auto-approve \
                        deployment.tfplan
--- a/terraform/mappings.tf
+++ b/terraform/mappings.tf
@ -0,0 +1,12 @@
+locals {
+  artifactBaseMap = {
+    us-east4             = "us-docker.pkg.dev/roleypoly/roleypoly/"
+    us-central1          = "us-docker.pkg.dev/roleypoly/roleypoly/"
+    us-west1             = "us-docker.pkg.dev/roleypoly/roleypoly/"
+    europe-west2         = "europe-docker.pkg.dev/roleypoly/roleypoly/"
+    europe-west3         = "europe-docker.pkg.dev/roleypoly/roleypoly/"
+    australia-southeast1 = "asia-docker.pkg.dev/roleypoly/roleypoly/"
+    asia-northeast1      = "asia-docker.pkg.dev/roleypoly/roleypoly/"
+    asia-southeast1      = "asia-docker.pkg.dev/roleypoly/roleypoly/"
+  }
+}
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@ -32,11 +32,6 @@ terraform {
  }
 }

-variable "cloudflare_email" {
-  type      = string
-  sensitive = true
-}
-
 variable "cloudflare_api_token" {
  type      = string
  sensitive = true
@ -53,7 +48,6 @@ variable "cloudflare_zone_id" {
 }

 provider "cloudflare" {
-  email      = var.cloudflare_email
  api_token  = var.cloudflare_api_token
  account_id = var.cloudflare_account_id
 }