1
0
Fork 0
mirror of https://github.com/imjasonh/terraform-playground synced 2026-07-15 02:45:23 +00:00
terraform-playground/image-workflow
Jason Hall b81265229d
README
Signed-off-by: Jason Hall <jason@chainguard.dev>
2023-06-22 20:44:27 -04:00
..
cmd/app WIP: image workflow 2023-06-22 20:41:22 -04:00
hack WIP: image workflow 2023-06-22 20:41:22 -04:00
iac WIP: image workflow 2023-06-22 20:41:22 -04:00
go.mod WIP: image workflow 2023-06-22 20:41:22 -04:00
go.sum WIP: image workflow 2023-06-22 20:41:22 -04:00
README.md README 2023-06-22 20:44:27 -04:00

image-workflow

This sets up a Cloud Run app to listen for registry.push events to a private Chainguard Registry group, and triggers a GitHub Actions workflow with that image ref as an input.

The Terraform does everything:

  • builds the mirroring app into an image using ko_build
  • deploys the app to a Cloud Run service

TODO: package as a module like enforce-events

Once things have been provisioned, this module outputs a secret-command containing the command to run to upload your Github "personal access token" to the Google Secret Manager secret the application will use, looking something like this:

echo -n YOUR GITHUB PAT | \
  gcloud --project ... secrets versions add ... --data-file=-

The personal access token needs actions:write to trigger workflows.