fix: publish CI
This commit is contained in:
Andrejus
9
.github/workflows/publish.yml
vendored
9
.github/workflows/publish.yml
vendored
@@ -1,9 +1,8 @@
|
|||||||
name: Dotfiles publisher
|
name: Dotfiles publisher
|
||||||
on: [push]
|
on:
|
||||||
# on:
|
push:
|
||||||
# push:
|
branches:
|
||||||
# branches:
|
- master
|
||||||
# - master
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
publish-installer:
|
publish-installer:
|
||||||
|
|||||||
@@ -4,10 +4,14 @@ Collection of my dotfiles and supporting install scripts
|
|||||||
|
|
||||||
## Install
|
## Install
|
||||||
|
|
||||||
|
[](https://github.com/andrejusk/dotfiles/actions/workflows/publish.yml)
|
||||||
|
|
||||||
wget https://dots.andrejus.dev/setup.sh -qO - | bash
|
wget https://dots.andrejus.dev/setup.sh -qO - | bash
|
||||||
|
|
||||||
## Stack
|
## Stack
|
||||||
|
|
||||||
|
[](https://github.com/andrejusk/dotfiles/actions/workflows/ci.yml)
|
||||||
|
|
||||||
Tested and maintained against Debian buster
|
Tested and maintained against Debian buster
|
||||||
|
|
||||||
### Shells
|
### Shells
|
||||||
|
|||||||
@@ -3,12 +3,17 @@ locals {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# =================================================================
|
# =================================================================
|
||||||
# Public bucket for static content
|
# Public bucket for static content with uploader service account
|
||||||
# =================================================================
|
# =================================================================
|
||||||
resource "google_project_service" "storage" {
|
resource "google_project_service" "storage" {
|
||||||
service = "storage.googleapis.com"
|
service = "storage.googleapis.com"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_service_account" "uploader_sa" {
|
||||||
|
account_id = "${var.prefix}-uploader-sa"
|
||||||
|
display_name = "Uploader Service Account"
|
||||||
|
}
|
||||||
|
|
||||||
resource "google_storage_bucket" "bucket" {
|
resource "google_storage_bucket" "bucket" {
|
||||||
name = var.domain
|
name = var.domain
|
||||||
depends_on = [google_project_service.storage]
|
depends_on = [google_project_service.storage]
|
||||||
@@ -20,10 +25,13 @@ resource "google_storage_bucket" "bucket" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_storage_default_object_access_control" "bucket_public" {
|
resource "google_storage_bucket_acl" "bucket_acl" {
|
||||||
bucket = google_storage_bucket.bucket.name
|
bucket = google_storage_bucket.bucket.name
|
||||||
role = "READER"
|
|
||||||
entity = "allUsers"
|
role_entity = [
|
||||||
|
"READER:allUsers",
|
||||||
|
"OWNER:user-${google_service_account.uploader_sa.email}",
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_storage_bucket_object" "index" {
|
resource "google_storage_bucket_object" "index" {
|
||||||
@@ -32,17 +40,6 @@ resource "google_storage_bucket_object" "index" {
|
|||||||
bucket = google_storage_bucket.bucket.name
|
bucket = google_storage_bucket.bucket.name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_service_account" "uploader_sa" {
|
|
||||||
account_id = "${var.prefix}-uploader-sa"
|
|
||||||
display_name = "Uploader Service Account"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_storage_default_object_access_control" "upload" {
|
|
||||||
bucket = google_storage_bucket.bucket.name
|
|
||||||
role = "OWNER"
|
|
||||||
entity = "user-${google_service_account.uploader_sa.email}"
|
|
||||||
}
|
|
||||||
|
|
||||||
# =================================================================
|
# =================================================================
|
||||||
# Expose bucket via HTTPS using Cloud CDN
|
# Expose bucket via HTTPS using Cloud CDN
|
||||||
#
|
#
|
||||||
|
|||||||
Reference in New Issue
Block a user