Bootstrap actions, add a trivial module. (#1)

Signed-off-by: Matt Moore <[email protected]>

.github/dependabot.yml

@@ -0,0 +1,11 @@
+---
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/documentation.yaml

@@ -0,0 +1,26 @@
+name: Generate terraform docs
+
+on:
+  pull_request:
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        module:
+        - authorize-private-service
+
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - uses: terraform-docs/gh-actions@f6d59f89a280fa0a3febf55ef68f146784b20ba0 # v1.0.0
+        with:
+          working-dir: ${{ matrix.module }}
+          output-file: README.md
+          output-method: inject
+          fail-on-diff: "true"
+
+      - if: failure()
+        run: cat README.md

.github/workflows/main.yaml

@@ -0,0 +1,21 @@
+name: Validate, Lint and Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  lint-and-validate:
+    name: "Terraform fmt and validate"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
+
+      - run: terraform fmt -check
+
+      - run: |
+          terraform init
+          terraform validate

authorize-private-service/main.tf

@@ -0,0 +1,16 @@
+resource "google_cloud_run_v2_service_iam_member" "authorize-calls" {
+  project  = var.project_id
+  location = var.region
+  name     = var.name
+
+  role   = "roles/run.invoker"
+  member = "serviceAccount:${var.service-account}"
+}
+
+data "google_cloud_run_v2_service" "this" {
+  depends_on = [google_cloud_run_v2_service_iam_member.authorize-calls]
+
+  project  = var.project_id
+  location = var.region
+  name     = var.name
+}

authorize-private-service/outputs.tf

@@ -0,0 +1,4 @@
+output "uri" {
+  description = "The URI of the private Cloud Run service."
+  value       = data.google_cloud_run_v2_service.this.uri
+}

authorize-private-service/variables.tf

@@ -0,0 +1,18 @@
+variable "project_id" {
+  type = string
+}
+
+variable "region" {
+  description = "The region in which this Cloud Run service is based."
+  type        = string
+}
+
+variable "name" {
+  description = "The name of the Cloud Run service in this region."
+  type        = string
+}
+
+variable "service-account" {
+  description = "The email of the service account being authorized to invoke the private Cloud Run service."
+  type        = string
+}