1
0
Fork 0
mirror of https://github.com/imjasonh/terraform-playground synced 2026-07-07 23:35:16 +00:00
Signed-off-by: Jason Hall <jason@chainguard.dev>
This commit is contained in:
Jason Hall 2023-06-22 20:44:27 -04:00
parent 394319530c
commit b81265229d
Failed to extract signature

View file

@ -1 +1,22 @@
TODO
# `image-workflow`
This sets up a Cloud Run app to listen for `registry.push` events to a private Chainguard Registry group, and triggers a GitHub Actions workflow with that image ref as an input.
The Terraform does everything:
- builds the mirroring app into an image using `ko_build`
- deploys the app to a Cloud Run service
`TODO: package as a module like enforce-events`
Once things have been provisioned, this module outputs a `secret-command`
containing the command to run to upload your Github "personal access token" to
the Google Secret Manager secret the application will use, looking something
like this:
```shell
echo -n YOUR GITHUB PAT | \
gcloud --project ... secrets versions add ... --data-file=-
```
The personal access token needs `actions:write` to trigger workflows.