-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgithub.tf
73 lines (69 loc) · 1.54 KB
/
github.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
resource "github_actions_organization_variable" "nomad_addr" {
variable_name = "NOMAD_ADDR"
value = "https://nomad.datasektionen.se"
visibility = "all"
}
locals {
# Workspace to list of repos that deploy to the workspace. The workspace must already exist.
deploy-tokens = {
auth = [
"dfunkt",
"pls",
"sso",
],
ddagen = [
"ddagen",
],
default = [
"aaallt2",
"aurora",
"bawang",
"calypso",
"darkmode",
"dbuggen",
"djubileet",
"femto",
"harmony",
"metasl2",
"metastudent",
"methone",
"skywhale",
"smingo",
"ston",
"styrdokument-bawang",
"taitan",
"wookieleaks",
"yoggi",
"zaiko",
"zfinger",
],
jml = [
"jml",
],
djulkalendern = [
"djulkalendern",
"duckbot-jr",
],
}
}
resource "nomad_acl_policy" "deploy" {
for_each = local.deploy-tokens
name = "deploy-${each.key}"
rules_hcl = <<HCL
namespace "${each.key}" {
capabilities = ["read-job", "submit-job"]
}
HCL
}
resource "nomad_acl_token" "deploy" {
for_each = local.deploy-tokens
name = "deploy-${each.key}"
policies = [nomad_acl_policy.deploy[each.key].name]
type = "client"
}
resource "github_actions_secret" "nomad_deploy_token" {
for_each = { for repo, ws in transpose(local.deploy-tokens) : repo => ws[0] }
repository = each.key
secret_name = "NOMAD_TOKEN"
plaintext_value = nomad_acl_token.deploy[each.value].secret_id
}