Cloud build pushes new images to non-prod envs (#89)

This means that the ci and dev environments will be kept up to date with new images that are deployed.
This does not modify the prod environment.

deployment/live/cloudbuild/dev/terragrunt.hcl

@@ -13,7 +13,8 @@ locals {
 inputs = merge(
   local.common_vars.locals,
   {
-    env = "dev"
+    env               = "dev"
+    cloud_run_service = "distributor-service-dev"
   }
 )
 

deployment/live/cloudbuild/prod/terragrunt.hcl

@@ -13,7 +13,8 @@ locals {
 inputs = merge(
   local.common_vars.locals,
   {
-    env = "prod"
+    env               = "prod"
+    cloud_run_service = "distributor-service-ci"
   }
 )
 

deployment/modules/cloudbuild/main.tf

@@ -60,6 +60,20 @@ resource "google_cloudbuild_trigger" "distributor_docker" {
         local.docker_address
       ]
     }
+    # Deploy container image to Cloud Run
+    step {
+      name       = "gcr.io/google.com/cloudsdktool/cloud-sdk"
+      entrypoint = "gcloud"
+      args       = [
+        "run",
+        "deploy",
+        var.cloud_run_service,
+        "--image",
+        local.docker_address,
+        "--region",
+        var.region
+      ]
+    }
     options {
       logging = "CLOUD_LOGGING_ONLY"
     }
@@ -89,3 +103,9 @@ resource "google_project_iam_member" "artifact_registry_writer" {
   member  = "serviceAccount:${google_service_account.cloudbuild_service_account.email}"
 }
 
+resource "google_project_iam_member" "cloudrun_deployer" {
+  project = var.project_id
+  role    = "roles/run.developer"
+  member  = "serviceAccount:${google_service_account.cloudbuild_service_account.email}"
+}
+

deployment/modules/cloudbuild/variables.tf

@@ -28,3 +28,9 @@ variable "env" {
   description = "Unique identifier for the env, e.g. ci or prod"
   type        = string
 }
+
+variable "cloud_run_service" {
+  description = "The name of the cloud run service that new images should be pushed to"
+  type        = string
+}
+