add gcp service account email as gh repo secret

epiccoolguy · Feb 9, 2024 · 82fc18a · 82fc18a
1 parent 3fbaa30
commit 82fc18a
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -108,5 +108,6 @@ module "gh_secrets" {
   gcp_billing_account_id         = var.gcp_billing_account_id
   gcp_project_id                 = module.project.project_id
   gcp_tfstate_bucket_name        = module.bucket.names["${var.gcp_tfstate_bucket_name}"]
+  gcp_service_account_email      = module.project.service_account_email
   gcp_workload_identity_provider = module.workload_identity.provider.name
 }
diff --git a/modules/gh/main.tf b/modules/gh/main.tf
@@ -28,6 +28,12 @@ resource "github_actions_secret" "gcp_tfstate_bucket_name" {
   repository      = var.gh_repository
 }
 
+resource "github_actions_secret" "gcp_service_account_email" {
+  secret_name     = "GCP_SERVICE_ACCOUNT_EMAIL"
+  plaintext_value = var.gcp_service_account_email
+  repository      = var.gh_repository
+}
+
 resource "github_actions_secret" "gcp_workload_identity_provider" {
   secret_name     = "GCP_WORKLOAD_IDENTITY_PROVIDER"
   plaintext_value = var.gcp_workload_identity_provider

diff --git a/modules/gh/variables.tf b/modules/gh/variables.tf
@@ -22,6 +22,10 @@ variable "gcp_tfstate_bucket_name" {
   type = string
 }
 
+variable "gcp_service_account_email" {
+  type = string
+}
+
 variable "gcp_workload_identity_provider" {
   type = string
 }