diff --git a/.github/workflows/terraform_apply.yaml b/.github/workflows/terraform_apply.yaml index 292208a..b48c1ce 100644 --- a/.github/workflows/terraform_apply.yaml +++ b/.github/workflows/terraform_apply.yaml @@ -17,7 +17,7 @@ jobs: env: AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" + AWS_DEFAULT_REGION: "${{ vars.AWS_DEFAULT_REGION }}" GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}" diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 4ca8302..4684893 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -16,7 +16,7 @@ jobs: env: AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" + AWS_DEFAULT_REGION: "${{ vars.AWS_SESSION_TOKEN }}" GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}" diff --git a/image-pipeline.tf b/image-pipeline.tf index f19cd98..8a3a8f3 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -8,6 +8,9 @@ locals { ] } +locals { + s3_upload = "${path.module}/workflows/s3_upload.yaml.tpl" +} module "image_pipeline_repos" { for_each = toset(local.pipeline_repos) @@ -22,13 +25,13 @@ module "image_pipeline_repos" { force_name = true create_codeowners = false enforce_prs = true - collaborators = merge(local.collaborators, { garri325 = "admin" }) + collaborators = local.collaborators pull_request_bypassers = local.pull_request_bypassers managed_extra_files = [ { path = ".github/workflows/s3_upload.yaml" content = templatefile( - "${path.module}/workflows/s3_upload.yaml.tpl", + lookup(var.image_pipeline_workflows, each.value, local.s3_upload), { repo_name = each.value, bucket_name = "image-pipeline-assets" @@ -71,12 +74,6 @@ module "aws_image_pipeline" { enforce_prs = true collaborators = local.collaborators pull_request_bypassers = local.pull_request_bypassers - vars = [ - { - name = "terraform_version" - value = "1.9.1" - } - ] managed_extra_files = [ { path = ".github/workflows/terraform-plan.yaml" @@ -124,7 +121,7 @@ module "terraform_aws_image_pipeline" { { name = "terraform_version" value = "1.9.1" - } + }, ] managed_extra_files = [ { diff --git a/main.tf b/main.tf index e651048..e945d20 100644 --- a/main.tf +++ b/main.tf @@ -47,7 +47,7 @@ module "automation-repos" { collaborators = local.collaborators pull_request_bypassers = local.pull_request_bypassers } - + # centralized-actions module "centralized-actions" { source = "HappyPathway/repo/github" @@ -65,7 +65,7 @@ module "centralized-actions" { pull_request_bypassers = local.pull_request_bypassers github_is_private = false } - + # terraform-github-repo module "terraform-github-repo" { source = "git@github.e.it.census.gov:CSVD/terraform-github-repo" diff --git a/sandbox.tf b/sandbox.tf index 99ff22e..4919232 100644 --- a/sandbox.tf +++ b/sandbox.tf @@ -18,7 +18,7 @@ module "sandbox" { github_is_private = false create_codeowners = false enforce_prs = false - collaborators = {"arnol377": "admin"} + collaborators = { "arnol377" : "admin" } managed_extra_files = [ { path = ".github/workflows/terraform-plan.yaml" @@ -45,17 +45,4 @@ module "sandbox" { ) } ] - secrets = [ - for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] : - { - name = replace(secret, "GITHUB", "GH") - value = lookup(module.env_var, secret).value - } - ] - vars = [ - { - name = "AWS_ACCESS_KEY_ID" - value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value - } - ] } diff --git a/variables.tf b/variables.tf index e69de29..0f1b652 100644 --- a/variables.tf +++ b/variables.tf @@ -0,0 +1,3 @@ +variable "image_pipeline_workflows" { + type = map(string) +}