The repo contains a terraform module for deploying the Google Cloud Build Notifier as a Cloud Run Service.
altissimo-hq/terraform-google-cloudbuild-notifier
This Terraform module currently relies on a Google Cloud IAM Service Account that is used to send PubSub notifications to the Cloud Run service.
service_account: Service Account email address (ex. "cloud-run-pubsub-invoker@<PROJECT_ID>.iam.gserviceaccount.com")
This Service Account will receive the Cloud Run Invoker role on the Cloud Run Service.
This Terraform module currently relies on a Google Cloud Secret Manager Secret that contains a Slack Webhook where notifications are sent.
slack_webhook_project: Project where the Secret livesslack_webhook_secret_name: Name of the Secret (defaults to "slack-cloudbuild-webook")slack_webhook_secret_version: Version of the Secret (defaults to "latest")
The Compute Engine Service Account needs the Secret Accessor role on the Secret:
- member:
${PROJECT_NUMBER}[email protected] - role:
roles/secretmanager.secretAccessor
This Terraform module currently relies on a Google Cloud Storage Bucket that is used to store the Google Cloud Build Notifier config and template files.
bucket: Name of the Bucket where the configs and templates liveslack_notifier_config_path: Path to the Slack Notifier config (default to "slack-notifications.yaml")slack_notifier_template_path: Path to the Slack Notifier template (default to "slack-template.json")
The Compute Engine Service Account needs the Storage Legacy Object Owner role on the Bucket:
- member:
[email protected] - role:
roles/storage.legacyObjectOwner
This Terrform module currently relies on the PubSub Service Agent has the ability to act as other IAM Service Accounts in the project.
- member:
[email protected] - role:
roles/iam.serviceAccountTokenCreator
| Name | Version |
|---|---|
| >= 5.33.0 |
| Name | Version |
|---|---|
| >= 5.33.0 |
No modules.
| Name | Type |
|---|---|
| google_cloud_run_service.cloud-build-slack-notifier | resource |
| google_cloud_run_service_iam_member.cloud-build-slack-notifier-invoker | resource |
| google_pubsub_subscription.cloud-builds | resource |
| google_pubsub_topic.cloud-builds | resource |
| google_storage_bucket.build-notifier | resource |
| google_storage_bucket_iam_member.build-notifier-compute | resource |
| google_storage_bucket_object.slack-config-yaml | resource |
| google_storage_bucket_object.slack-template-json | resource |
| google_compute_default_service_account.default | data source |
| google_pubsub_topic.cloud-builds | data source |
| google_storage_bucket.bucket | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket | Google Storage Bucket continaing the Cloud Build Notifier configuration | string |
n/a | yes |
| create_bucket | Create the Bucket. Defaults to true. | bool |
true |
no |
| create_pubsub_topic | Create the Pub/Sub Topic. Defaults to true. | bool |
true |
no |
| filter | CEL filter that captures the Cloud Build messages to send to the Cloud Build Notifiers. | string |
"build.status in [Build.Status.SUCCESS, Build.Status.FAILURE, Build.Status.TIMEOUT]" |
no |
| project_id | Google Cloud Project | string |
n/a | yes |
| pubsub_topic | Google Cloud Pub/Sub Topic that will receive Cloud Build notifications. | string |
"cloud-builds" |
no |
| region | Google Cloud Region | string |
"us-central1" |
no |
| service_account | Email address of the Service Account used to invoke the Cloud Run Service | string |
n/a | yes |
| service_name | Name of the Cloud Run Service to deploy | string |
"cloud-build-slack-notifier" |
no |
| slack_config_yaml | YAML string representing the Slack Notifier configuration. | any |
null |
no |
| slack_notifier_config_path | Path to the Slack Notifier config file in the Google Storage Bucket | string |
"slack-notifications.yaml" |
no |
| slack_notifier_image | Container Image contining the Cloud Build Notifier for Slack | string |
"us-east1-docker.pkg.dev/gcb-release/cloud-build-notifiers/slack:latest" |
no |
| slack_notifier_template_path | Path to the Slack Notifier template file in the Google Storage Bucket | string |
"slack-template.json" |
no |
| slack_template_json | JSON string representing the Slack Notifier template. | any |
null |
no |
| slack_webhook_project | Google Cloud Project containing the Slack Webhook | string |
n/a | yes |
| slack_webhook_secret_name | Google Cloud Secret containing the Slack Webhook | string |
"slack-cloudbuild-webhook" |
no |
| slack_webhook_secret_version | Google Cloud Secret Version containing the Slack Webhook | string |
"latest" |
no |
| Name | Description |
|---|---|
| bucket | Bucket used by this module |
| pubsub_subscription | Pub/Sub Subscription created by this module |
| pubsub_topic | Pub/Sub Topic used by this module |
| service | Cloud Run Service created by this module |
| slack_notifier_config | Content of the Slack Notifier Config (YAML) |
| slack_notifier_template | Content of the Slack Notifier Template (JSON) |