-
Notifications
You must be signed in to change notification settings - Fork 0
/
backstage-github.tf
68 lines (56 loc) · 2.06 KB
/
backstage-github.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Configure GitHub variables & secrets for Backstage itself and for all scaffolded apps
locals {
github_app_credentials_file = "github-app-credentials.json"
github_app_credentials = jsondecode(file("${path.module}/${local.github_app_credentials_file}"))
github_app_id = local.github_app_credentials["appId"]
github_app_client_id = local.github_app_credentials["clientId"]
github_app_client_secret = local.github_app_credentials["clientSecret"]
github_app_private_key = local.github_app_credentials["privateKey"]
github_webhook_secret = local.github_app_credentials["webhookSecret"]
}
locals {
backstage_repo = "backstage"
}
resource "github_actions_organization_variable" "backstage_cloud_provider" {
variable_name = "CLOUD_PROVIDER"
visibility = "all"
value = local.cloud_provider
}
resource "github_actions_organization_variable" "backstage_aws_region" {
variable_name = "AWS_REGION"
visibility = "all"
value = var.aws_region
}
resource "github_actions_organization_variable" "backstage_aws_role_arn" {
variable_name = "AWS_ROLE_ARN"
visibility = "all"
value = module.iam_github_oidc_role.arn
}
resource "github_actions_organization_variable" "backstage_humanitec_org_id" {
variable_name = "HUMANITEC_ORG_ID"
visibility = "all"
value = var.humanitec_org_id
}
resource "github_actions_organization_secret" "backstage_humanitec_token" {
secret_name = "HUMANITEC_TOKEN"
visibility = "all"
plaintext_value = var.humanitec_ci_service_user_token
}
# Backstage repository itself
resource "github_repository" "backstage" {
name = local.backstage_repo
description = "Backstage"
visibility = "public"
template {
owner = "humanitec-architecture"
repository = "backstage"
}
depends_on = [
module.base,
module.backstage_ecr,
module.iam_github_oidc_role,
humanitec_application.backstage,
humanitec_resource_definition_criteria.backstage_postgres,
github_actions_organization_secret.backstage_humanitec_token,
]
}