Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/oun/terramate-example

Last synced: 16 days ago
JSON representation

Host: GitHub
URL: https://github.com/oun/terramate-example
Owner: oun
Created: 2023-11-20T01:32:54.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2023-11-20T03:23:27.000Z (about 1 year ago)
Last Synced: 2023-11-21T03:36:33.475Z (about 1 year ago)
Language: HCL
Size: 4.88 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Terramate Example

This repository contains example code that you can use with Terramate to keep Terraform code DRY.

## Getting Started

### Prerequisites

- [Terramate](https://terramate.io/docs/cli/)

- [tfenv](https://github.com/tfutils/tfenv)

- [Terraform](https://www.terraform.io/)

- [pre-commit](https://pre-commit.com/)

- [tflint](https://github.com/terraform-linters/tflint)

### Install

```

brew install terramate tfenv pre-commit tflint

```

Install Terraform

```

tfenv install

```

Install git hook scripts

```

pre-commit install

```

### Setup Github Actions Workflows

To authenticate and authorize Github Actions Workflows to Google Cloud,

you need to setup and configure Workload Identity Federation by creating Workload Identity Pool

and Workload Identity Provider.

```

PROJECT_ID=

gcloud iam workload-identity-pools create "github-pool" \

  --project="${PROJECT_ID}" \

  --location="global" \

  --display-name="Github pool"

```

```

gcloud iam workload-identity-pools providers create-oidc "github-oidc" \

  --project="${PROJECT_ID}" \

  --location="global" \

  --workload-identity-pool="github-pool" \

  --display-name="Github provider" \

  --attribute-mapping="google.subject=assertion.sub,attribute.repository=assertion.repository" \

  --issuer-uri="https://token.actions.githubusercontent.com"

```

```

SA_NAME=github-actions

gcloud iam service-accounts create ${SA_NAME} \

  --project="${PROJECT_ID}" \

  --display-name="Github Actions"

```

```

PROJECT_NUMBER=$(gcloud projects describe ${PROJECT_ID} --format="value(projectNumber)")

REPO_OWNER=

REPO_NAME=

gcloud iam service-accounts add-iam-policy-binding "${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" \

  --project="${PROJECT_ID}" \

  --role="roles/iam.workloadIdentityUser" \

  --member="principalSet://iam.googleapis.com/projects/${PROJECT_NUMBER}/locations/global/workloadIdentityPools/github-pool/attribute.repository/${REPO_OWNER}/${REPO_NAME}"

```

```

gcloud services enable iamcredentials.googleapis.com \

  --project="${PROJECT_ID}"

```

Add the following Github Actions secrets in your repository settings.

```

PROVIDER_NAME: projects/${PROJECT_NUMBER}/locations/global/workloadIdentityPools/github-pool/providers/github-oidc

SA_EMAIL: ${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com

```