mirror of
https://github.com/imjasonh/terraform-playground
synced 2026-07-07 23:35:16 +00:00
README
Signed-off-by: Jason Hall <jason@chainguard.dev>
This commit is contained in:
parent
394319530c
commit
b81265229d
1 changed files with 22 additions and 1 deletions
|
|
@ -1 +1,22 @@
|
|||
TODO
|
||||
# `image-workflow`
|
||||
|
||||
This sets up a Cloud Run app to listen for `registry.push` events to a private Chainguard Registry group, and triggers a GitHub Actions workflow with that image ref as an input.
|
||||
|
||||
The Terraform does everything:
|
||||
|
||||
- builds the mirroring app into an image using `ko_build`
|
||||
- deploys the app to a Cloud Run service
|
||||
|
||||
`TODO: package as a module like enforce-events`
|
||||
|
||||
Once things have been provisioned, this module outputs a `secret-command`
|
||||
containing the command to run to upload your Github "personal access token" to
|
||||
the Google Secret Manager secret the application will use, looking something
|
||||
like this:
|
||||
|
||||
```shell
|
||||
echo -n YOUR GITHUB PAT | \
|
||||
gcloud --project ... secrets versions add ... --data-file=-
|
||||
```
|
||||
|
||||
The personal access token needs `actions:write` to trigger workflows.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue