1717 -" flake.nix"
1818workflow_dispatch :
1919
20+ permissions :
21+ # Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage)
22+ id-token :write
23+
2024jobs :
2125build_image :
2226if :github.actor != 'dependabot[bot]' # Skip Dependabot PRs
8589 -name :Setup Terraform
8690uses :./.github/actions/setup-tf
8791
92+ -name :Authenticate to Google Cloud
93+ uses :google-github-actions/auth@v2
94+ with :
95+ workload_identity_provider :projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
96+ service_account :coder-ci@coder-dogfood.iam.gserviceaccount.com
97+
8898 -name :Terraform init and validate
8999run :|
90100 cd dogfood
@@ -110,11 +120,12 @@ jobs:
110120 cd dogfood
111121 terraform apply -auto-approve
112122env :
113- # Consumed byCoder CLI
123+ # Consumed bycoderd provider
114124CODER_URL :https://dev.coder.com
115125CODER_SESSION_TOKEN :${{ secrets.CODER_SESSION_TOKEN }}
116126# Template source & details
117127TF_VAR_CODER_TEMPLATE_NAME :${{ secrets.CODER_TEMPLATE_NAME }}
118128TF_VAR_CODER_TEMPLATE_VERSION :${{ steps.vars.outputs.sha_short }}
119129TF_VAR_CODER_TEMPLATE_DIR :./contents
120130TF_VAR_CODER_TEMPLATE_MESSAGE :${{ steps.message.outputs.pr_title }}
131+ TF_LOG :info