fix: publish CI

terraform/module/main.tf

@@ -3,12 +3,17 @@ locals {
 }
 
 # =================================================================
-# Public bucket for static content
+# Public bucket for static content with uploader service account
 # =================================================================
 resource "google_project_service" "storage" {
   service = "storage.googleapis.com"
 }
 
+resource "google_service_account" "uploader_sa" {
+  account_id   = "${var.prefix}-uploader-sa"
+  display_name = "Uploader Service Account"
+}
+
 resource "google_storage_bucket" "bucket" {
   name       = var.domain
   depends_on = [google_project_service.storage]
@@ -20,10 +25,13 @@ resource "google_storage_bucket" "bucket" {
   }
 }
 
-resource "google_storage_default_object_access_control" "bucket_public" {
+resource "google_storage_bucket_acl" "bucket_acl" {
   bucket = google_storage_bucket.bucket.name
-  role   = "READER"
-  entity = "allUsers"
+
+  role_entity = [
+    "READER:allUsers",
+    "OWNER:user-${google_service_account.uploader_sa.email}",
+  ]
 }
 
 resource "google_storage_bucket_object" "index" {
@@ -32,17 +40,6 @@ resource "google_storage_bucket_object" "index" {
   bucket = google_storage_bucket.bucket.name
 }
 
-resource "google_service_account" "uploader_sa" {
-  account_id   = "${var.prefix}-uploader-sa"
-  display_name = "Uploader Service Account"
-}
-
-resource "google_storage_default_object_access_control" "upload" {
-  bucket = google_storage_bucket.bucket.name
-  role   = "OWNER"
-  entity = "user-${google_service_account.uploader_sa.email}"
-}
-
 # =================================================================
 # Expose bucket via HTTPS using Cloud CDN
 #