{"id":20019120,"url":"https://github.com/ekgf/gcloud-terraform","last_synced_at":"2025-10-12T15:19:11.284Z","repository":{"id":114512001,"uuid":"262309328","full_name":"EKGF/gcloud-terraform","owner":"EKGF","description":"Terraform and sops","archived":false,"fork":false,"pushed_at":"2024-08-27T15:40:16.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-08-18T13:44:23.474Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EKGF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-08T11:47:07.000Z","updated_at":"2024-08-27T15:40:19.000Z","dependencies_parsed_at":"2024-11-13T09:33:55.106Z","dependency_job_id":null,"html_url":"https://github.com/EKGF/gcloud-terraform","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/EKGF/gcloud-terraform","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-terraform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-terraform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-terraform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-terraform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EKGF","download_url":"https://codeload.github.com/EKGF/gcloud-terraform/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EKGF%2Fgcloud-terraform/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271727594,"owners_count":24810561,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-22T02:00:08.480Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T08:26:00.313Z","updated_at":"2025-10-12T15:19:06.235Z","avatar_url":"https://github.com/EKGF.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [Terraform](https://www.terraform.io/docs) cloud builder\n\n## Terraform cloud builder\nThis builder can be used to run the terraform tool in the GCE. From the Hashicorp Terraform [product page](https://www.terraform.io/):\n\n\u003e HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source\n\u003e tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code,\n\u003e edited, reviewed, and versioned.\n\n### Building this builder\nTo build this builder with the default version, run the following command in this directory.\n\n```sh\n$ gcloud builds submit --config=cloudbuild.yaml\n```\n\n## Using this builder\n\n### Terraform backend\nTerraform stores state information about infrastructure it has provisioned. It uses this to plan out the delta between what your .tf files specifiy, and what's actually out there. This state can be stored in different ways by Terraform; it is configured via [backends](https://www.terraform.io/docs/backends/).\n\nThe default backend for Terraform is local, which will store state information the working directory in ```$ ./.terraform```. Most build platforms (including GCE) do not persist the working directory between builds. Losing this state information is no bueno.\n\nThere are a couple of options for managing Terraform state across builds:\n\n###### Ignore the issue\nIn your build, you'll want to initialize terraform and refresh the local state. This is really not a good idea; it'll be slow and not multi-run safe (if multiple runs kick off concurrently, there'll be nastiness such as race conditions). [local_backend](examples/local_backend/README.markdown) is an example of this approach.\n###### Persist the state in a GCS bucket manually\nIn your build, set up steps to manually fetch the state before running Terraform, then push it back up after Terraform is done. This will help by removing the need to init \u0026 refresh on every build; but will not address the concurrency issues.\n###### Use a backend for remote storage\nThis is probably what you want to do. You'll still need to set up your GCS storage, and you'll need to configure the backend in your tf configurations. Some backends (happily, the [GCS](https://www.terraform.io/docs/backends/types/gcs.html) one does!) support locking of the remote state. This helps address the concurrency issue. [gcs_backend](examples/gcs_backend/README.markdown) is an example of this approach.\n\n### Using this builder with Google Container Engine\nTo use this builder, your [builder service account](https://cloud.google.com/container-builder/docs/how-to/service-account-permissions) will need IAM permissions sufficient for the operations you want to perform. Adding the 'Kubernetes Engine Service Agent' role is sufficient for running the examples. Refer to the Google Cloud Platform [IAM integration page](https://cloud.google.com/container-engine/docs/iam-integration) for more info.\n\nThe article [Managing GCP projects with terraform](https://cloud.google.com/community/tutorials/managing-gcp-projects-with-terraform) gives a good strategy for administering projects in GCP with Terraform. If you intend to go beyond the examples, strongly consider an approach that isolates service accounts by function. A service account that can do 'all the things' is risky.\n\n### Using this builder image anywhere else\nThis image can be run on any Docker host, without GCE. Why would you want to do this? It'll let you run Terraform locally, with no environment dependencies other than a Docker host installation. You can use the [local Cloud Build](https://cloud.google.com/cloud-build/docs/build-debug-locally) for this; but if you're curious or have\nweird / advanced requirements (for example, if you want to run Terraform as a build step on another platform like Travis or Circle CI, and don't want to use Cloud Build, it is an option).\n\nYou'll need to:\n 1. Provide a service account key file\n 2. Mount your project directory at '/workspace' when you run docker\n ```sh\ndocker run -it --rm -e GCLOUD_SERVICE_KEY=${GCLOUD_SERVICE_KEY} \\\n  --mount type=bind,source=$PWD,target=/workspace \\\n  --workdir=\"/workspace\" \\\n  ekgf/terraform \u003ccommand\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fekgf%2Fgcloud-terraform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fekgf%2Fgcloud-terraform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fekgf%2Fgcloud-terraform/lists"}