Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/go_modules/test/golang.org/x/net-…
Browse files Browse the repository at this point in the history
…0.23.0
  • Loading branch information
sj-williams authored Oct 25, 2024
2 parents 9d328d6 + 2c7e95d commit 2aabd0b
Show file tree
Hide file tree
Showing 8 changed files with 39 additions and 17 deletions.
11 changes: 11 additions & 0 deletions .github/workflows/dependencies-project.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: Add dependencies to Cloud Platform project

on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'

jobs:
add-dependabot-to-project:
uses: ministryofjustice/cloud-platform-github-workflows/.github/workflows/dependencies-project.yml@main
secrets: inherit
2 changes: 1 addition & 1 deletion .github/workflows/documentation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: terraform-docs/gh-actions@v1.0.0
- uses: terraform-docs/gh-actions@v1.2.0
with:
working-dir: .
output-file: README.md
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/unit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
uses: actions/checkout@v4

- name: Setup Go
uses: actions/setup-go@v2
uses: actions/setup-go@v5
with:
go-version: 1.21.6
- name: Run Terratest Unit Tests
Expand All @@ -28,7 +28,7 @@ jobs:
uses: actions/checkout@v4

- name: Setup Go
uses: actions/setup-go@v2
uses: actions/setup-go@v5
with:
go-version: 1.21.6
- name: Run Terratest Unit Tests
Expand Down
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

This Terraform module will create an [Amazon Elastic Container Registry](https://aws.amazon.com/ecr/) private repository for use on the Cloud Platform.

If you're using GitHub as your OIDC provider, this module will automatically create the required variables for authentication in your GitHub repository.
If you're using GitHub as your OIDC provider, this module will automatically create the required variables for authentication in your GitHub repository. By default these will be created as [repository secrets and variables](https://docs.github.com/en/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository). Alternatively, you can configure the module to instead create the ECR secrets and variables in your own defined [GitHub Environments](https://docs.github.com/en/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment) with the `github_environments` field. This pattern is useful if you wish to define separate ECR repositories for different Cloud Platform environments within the same GitHub repository.

If you're using CircleCI as your OIDC provider, this module will create a Kubernetes ConfigMap in your namespace with your authentication variables to use as environment variables in CircleCI.

Expand Down Expand Up @@ -76,6 +76,7 @@ No modules.
| [github_actions_environment_secret.ecr_role_to_assume](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_secret) | resource |
| [github_actions_environment_variable.ecr_region](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_variable) | resource |
| [github_actions_environment_variable.ecr_repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_variable) | resource |
| [github_actions_secret.ecr_registry_url](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
| [github_actions_secret.ecr_role_to_assume](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
| [github_actions_variable.ecr_region](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource |
| [github_actions_variable.ecr_repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource |
Expand Down
2 changes: 1 addition & 1 deletion examples/ecr.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*
*/
module "ecr" {
source = "github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials?ref=6.1.1"
source = "github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials?ref=7.0.0"

# Repository configuration
repo_name = var.namespace
Expand Down
22 changes: 16 additions & 6 deletions main.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
data "aws_caller_identity" "current" {}
data "aws_region" "current" {}

locals {
ecr_registry_url = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com"

# GitHub configuration
github_repositories = toset([
for repository in var.github_repositories : {
Expand Down Expand Up @@ -32,9 +37,6 @@ locals {
}
}

data "aws_caller_identity" "current" {}
data "aws_region" "current" {}

# ECR repository
resource "aws_ecr_repository" "repo" {
name = "${var.team_name}/${var.repo_name}"
Expand Down Expand Up @@ -294,23 +296,31 @@ resource "aws_iam_role_policy_attachment" "github_ecr" {

# Actions
resource "github_actions_secret" "ecr_role_to_assume" {
for_each = local.enable_github ? local.github_repos : []
for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []

repository = each.value
secret_name = local.github_variable_names["ECR_ROLE_TO_ASSUME"]
plaintext_value = aws_iam_role.github[0].arn
}

resource "github_actions_variable" "ecr_region" {
for_each = local.enable_github ? local.github_repos : []
for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []

repository = each.value
variable_name = local.github_variable_names["ECR_REGION"]
value = data.aws_region.current.name
}

resource "github_actions_secret" "ecr_registry_url" {
for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []

repository = each.value
secret_name = "ECR_REGISTRY_URL"
plaintext_value = local.ecr_registry_url
}

resource "github_actions_variable" "ecr_repository" {
for_each = local.enable_github ? local.github_repos : []
for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []

repository = each.value
variable_name = local.github_variable_names["ECR_REPOSITORY"]
Expand Down
4 changes: 2 additions & 2 deletions test/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ require (
github.com/googleapis/gax-go/v2 v2.7.1 // indirect
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-getter v1.7.1 // indirect
github.com/hashicorp/go-getter v1.7.4 // indirect
github.com/hashicorp/go-multierror v1.1.0 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
Expand Down Expand Up @@ -55,6 +55,6 @@ require (
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
google.golang.org/grpc v1.56.3 // indirect
google.golang.org/protobuf v1.31.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
8 changes: 4 additions & 4 deletions test/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -344,8 +344,8 @@ github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/U
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-getter v1.7.1 h1:SWiSWN/42qdpR0MdhaOc/bLR48PLuP1ZQtYLRlM69uY=
github.com/hashicorp/go-getter v1.7.1/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0=
github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
Expand Down Expand Up @@ -948,8 +948,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down

0 comments on commit 2aabd0b

Please sign in to comment.