Merge pull request #119 from ministryofjustice/jasonBirchall-patch-1

♻️ Refactor GitHub Actions to Store ECR Registry URL as a Secret
ministryofjustice · Oct 7, 2024 · ad7eaaf · ad7eaaf
2 parents f5e3e37 + b9c10e2
commit ad7eaaf
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -76,6 +76,7 @@ No modules.
 | [github_actions_environment_secret.ecr_role_to_assume](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_secret) | resource |
 | [github_actions_environment_variable.ecr_region](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_variable) | resource |
 | [github_actions_environment_variable.ecr_repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_variable) | resource |
+| [github_actions_secret.ecr_registry_url](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_secret.ecr_role_to_assume](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_variable.ecr_region](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource |
 | [github_actions_variable.ecr_repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource |

diff --git a/main.tf b/main.tf
@@ -1,4 +1,9 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
 locals {
+  ecr_registry_url = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com"
+
   # GitHub configuration
   github_repositories = toset([
     for repository in var.github_repositories : {
@@ -32,9 +37,6 @@ locals {
   }
 }
 
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
-
 # ECR repository
 resource "aws_ecr_repository" "repo" {
   name = "${var.team_name}/${var.repo_name}"
@@ -309,6 +311,14 @@ resource "github_actions_variable" "ecr_region" {
   value         = data.aws_region.current.name
 }
 
+resource "github_actions_secret" "ecr_registry_url" {
+  for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []
+
+  repository      = each.value
+  secret_name     = "ECR_REGISTRY_URL"
+  plaintext_value = local.ecr_registry_url
+}
+
 resource "github_actions_variable" "ecr_repository" {
   for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []