-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbackstage-github.tf
82 lines (65 loc) · 2.42 KB
/
backstage-github.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Configure GitHub variables & secrets for Backstage itself and for all scaffolded apps
locals {
github_app_credentials_file = "github-app-credentials.json"
github_app_credentials = jsondecode(file("${path.module}/${local.github_app_credentials_file}"))
github_app_id = local.github_app_credentials["appId"]
github_app_client_id = local.github_app_credentials["clientId"]
github_app_client_secret = local.github_app_credentials["clientSecret"]
github_app_private_key = local.github_app_credentials["privateKey"]
github_webhook_secret = local.github_app_credentials["webhookSecret"]
}
locals {
backstage_repo = "backstage"
}
resource "github_actions_organization_variable" "backstage_cloud_provider" {
variable_name = "CLOUD_PROVIDER"
visibility = "all"
value = "gcp"
}
resource "github_actions_organization_variable" "backstage_gcp_workload_identity_provider" {
variable_name = "GCP_WORKLOAD_IDENTITY_PROVIDER"
visibility = "all"
value = module.gh_oidc.provider_name
}
resource "github_actions_organization_variable" "backstage_gcp_service_account" {
variable_name = "GCP_SERVICE_ACCOUNT"
visibility = "all"
value = google_service_account.sa.email
}
resource "github_actions_organization_variable" "backstage_gcp_gar_host" {
variable_name = "GCP_GAR_HOST"
visibility = "all"
value = local.repository_host
}
resource "github_actions_organization_variable" "backstage_gcp_gar_name" {
variable_name = "GCP_GAR_NAME"
visibility = "all"
value = local.repository_name
}
resource "github_actions_organization_variable" "backstage_humanitec_org_id" {
variable_name = "HUMANITEC_ORG_ID"
visibility = "all"
value = var.humanitec_org_id
}
resource "github_actions_organization_secret" "backstage_humanitec_token" {
secret_name = "HUMANITEC_TOKEN"
visibility = "all"
plaintext_value = var.humanitec_ci_service_user_token
}
# Backstage repository itself
resource "github_repository" "backstage" {
name = local.backstage_repo
description = "Backstage"
visibility = "public"
template {
owner = "humanitec-architecture"
repository = "backstage"
}
depends_on = [
module.base,
module.gh_oidc,
humanitec_application.backstage,
humanitec_resource_definition_criteria.backstage_postgres,
github_actions_organization_secret.backstage_humanitec_token,
]
}