├── .dockerignore ├── .env.example ├── .github └── workflows │ └── docker-image.yml ├── .gitignore ├── README.md ├── backend ├── Dockerfile ├── __init__.py ├── app │ ├── __init__.py │ ├── api │ │ └── v1 │ │ │ ├── __init__.py │ │ │ └── endponts │ │ │ ├── __init__.py │ │ │ └── test_endpoint.py │ └── main.py └── requirements.txt ├── cloudbuild.yaml ├── docker-compose.dev.yml └── terraform ├── main.tf ├── modules ├── cloud_build │ ├── main.tf │ └── variables.tf ├── cloud_run │ ├── main.tf │ ├── output.tf │ └── variables.tf └── secret_manager │ ├── main.tf │ └── variables.tf └── variabiles.tf /.dockerignore: -------------------------------------------------------------------------------- 1 | env/ 2 | __pycache__/ 3 | 4 | *.env 5 | *.env* 6 | env.* 7 | -------------------------------------------------------------------------------- /.env.example: -------------------------------------------------------------------------------- 1 | DB_USERNAME=postgres 2 | DB_PASSWORD=postgres 3 | DB_HOST=localhost 4 | DB_NAME=crawler 5 | 6 | STORAGE_OPTION=local 7 | GCS_BUCKET_NAME=bucket-path -------------------------------------------------------------------------------- /.github/workflows/docker-image.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI 2 | 3 | on: 4 | push: 5 | branches: ["master"] 6 | tags: 7 | - "v*" 8 | pull_request: 9 | branches: ["master"] 10 | 11 | jobs: 12 | build: 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - uses: actions/checkout@v3 17 | 18 | - name: Log in to Docker Hub 19 | uses: docker/login-action@v2 20 | with: 21 | username: ${{ secrets.DOCKER_HUB_USERNAME }} 22 | password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} 23 | 24 | - name: Extract metadata (tags, labels) for Docker 25 | id: meta 26 | uses: docker/metadata-action@v4 27 | with: 28 | images: inter92/fastapi-cloudrun 29 | 30 | - name: Build and push Docker image 31 | uses: docker/build-push-action@v3 32 | with: 33 | context: ./backend 34 | file: ./backend/Dockerfile 35 | push: true 36 | tags: ${{ steps.meta.outputs.tags }} 37 | labels: ${{ steps.meta.outputs.labels }} 38 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | code_report.py 3 | custom_tree_and_files_corrected.txt 4 | 5 | # .tfstate files 6 | terraform.tfstate 7 | terraform.tfvars 8 | terraform/terraform.tfvars 9 | .terraform.lock.hcl 10 | .terraform 11 | *.backup 12 | # Crash log files 13 | crash.log 14 | crash.*.log 15 | 16 | 17 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 18 | # password, private keys, and other secrets. These should not be part of version 19 | # control as they are data points which are potentially sensitive and subject 20 | # to change depending on the environment. 21 | *.tfvars 22 | *.tfvars.json 23 | 24 | archive 25 | # Byte-compiled / optimized / DLL files 26 | __pycache__/ 27 | *.py[cod] 28 | *$py.class 29 | custom_tree_and_files_corrected.txt 30 | code_report.py 31 | *.pdf 32 | models 33 | # C extensions 34 | *.so 35 | 36 | *.env 37 | *.env* 38 | env.* 39 | 40 | # Distribution / packaging 41 | .Python 42 | build/ 43 | develop-eggs/ 44 | dist/ 45 | downloads/ 46 | eggs/ 47 | .eggs/ 48 | lib/ 49 | lib64/ 50 | parts/ 51 | sdist/ 52 | var/ 53 | wheels/ 54 | share/python-wheels/ 55 | *.egg-info/ 56 | .installed.cfg 57 | *.egg 58 | MANIFEST 59 | 60 | # PyInstaller 61 | # Usually these files are written by a python script from a template 62 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 63 | *.manifest 64 | *.spec 65 | 66 | # Installer logs 67 | pip-log.txt 68 | pip-delete-this-directory.txt 69 | 70 | # Unit test / coverage reports 71 | htmlcov/ 72 | .tox/ 73 | .nox/ 74 | .coverage 75 | .coverage.* 76 | .cache 77 | nosetests.xml 78 | coverage.xml 79 | *.cover 80 | *.py,cover 81 | .hypothesis/ 82 | .pytest_cache/ 83 | cover/ 84 | 85 | # Translations 86 | *.mo 87 | *.pot 88 | 89 | # Django stuff: 90 | *.log 91 | local_settings.py 92 | db.sqlite3 93 | db.sqlite3-journal 94 | 95 | # Flask stuff: 96 | instance/ 97 | .webassets-cache 98 | 99 | # Scrapy stuff: 100 | .scrapy 101 | 102 | # Sphinx documentation 103 | docs/_build/ 104 | 105 | # PyBuilder 106 | .pybuilder/ 107 | target/ 108 | 109 | # Jupyter Notebook 110 | .ipynb_checkpoints 111 | 112 | # IPython 113 | profile_default/ 114 | ipython_config.py 115 | 116 | # pyenv 117 | # For a library or package, you might want to ignore these files since the code is 118 | # intended to run in multiple environments; otherwise, check them in: 119 | # .python-version 120 | 121 | # pipenv 122 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 123 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 124 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 125 | # install all needed dependencies. 126 | #Pipfile.lock 127 | 128 | # poetry 129 | # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. 130 | # This is especially recommended for binary packages to ensure reproducibility, and is more 131 | # commonly ignored for libraries. 132 | # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control 133 | #poetry.lock 134 | 135 | # pdm 136 | # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. 137 | #pdm.lock 138 | # pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it 139 | # in version control. 140 | # https://pdm.fming.dev/#use-with-ide 141 | .pdm.toml 142 | 143 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm 144 | __pypackages__/ 145 | 146 | # Celery stuff 147 | celerybeat-schedule 148 | celerybeat.pid 149 | 150 | # SageMath parsed files 151 | *.sage.py 152 | 153 | # Environments 154 | .env 155 | .venv 156 | env/ 157 | venv/ 158 | ENV/ 159 | env.bak/ 160 | venv.bak/ 161 | 162 | # Spyder project settings 163 | .spyderproject 164 | .spyproject 165 | 166 | # Rope project settings 167 | .ropeproject 168 | 169 | # mkdocs documentation 170 | /site 171 | 172 | # mypy 173 | .mypy_cache/ 174 | .dmypy.json 175 | dmypy.json 176 | 177 | # Pyre type checker 178 | .pyre/ 179 | 180 | # pytype static type analyzer 181 | .pytype/ 182 | 183 | # Cython debug symbols 184 | cython_debug/ 185 | 186 | # PyCharm 187 | # JetBrains specific template is maintained in a separate JetBrains.gitignore that can 188 | # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore 189 | # and can be added to the global gitignore or merged into this file. For a more nuclear 190 | # option (not recommended) you can uncomment the following to ignore the entire idea folder. 191 | #.idea/ 192 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # FastAPI CloudRun Starter 2 | 3 | This repository serves as a starter template for setting up a FastAPI backend using Google CloudRun. It's designed to streamline the process of deploying a FastAPI application using modern infrastructure as code principles. 4 | 5 | ## Features 6 | 7 | - Terraform-based infrastructure setup. 8 | - Integration with GitHub Actions for continuous integration. 9 | - Automatic trigger setup for Cloud Build. 10 | - Secure storage of secrets using Secret Manager. 11 | 12 | ## Getting Started 13 | 14 | ### Prerequisites 15 | 16 | 1. **Google Cloud Platform Account**: Ensure you have an active GCP account. [Sign up here](https://cloud.google.com/) if needed. 17 | 2. **Project Setup**: Create a new GCP project and note down the project ID. 18 | 3. **Service Account**: Create a service account with 'Owner' permissions in your GCP project and generate a JSON key file. 19 | 4. **Connecting Cloud Build to Your GitHub Account**: Create a personal access token in GitHub with `repo` and `read:user` permissions. For organization apps, include `read:org` permission. [Guide here](https://cloud.google.com/build/docs/automating-builds/github/connect-repo-github?generation=2nd-gen#terraform_1). 20 | 21 | ### Terraform Configuration 22 | 23 | - **Rename File**: Rename `terraform.tfvars.example` to `terraform.tfvars`. 24 | - **Insert Credentials**: Fill in your credentials in the `terraform.tfvars` file. 25 | 26 | ### Docker Configuration 27 | 28 | The `Dockerfile` is configured to use the NVIDIA CUDA base image with FastAPI dependencies. The application is exposed on port 8000 and can be customized as needed. 29 | 30 | ### FastAPI Application 31 | 32 | The `main.py` script is the entry point for the FastAPI application. It includes basic routes and can be extended for additional functionality. 33 | 34 | ## Usage 35 | 36 | To deploy the infrastructure and application: 37 | 38 | 1. Initialize Terraform: 39 | ```bash 40 | terraform init 41 | ``` 42 | 2. Apply Terraform configuration: 43 | ```bash 44 | terraform apply 45 | ``` 46 | 3. To build and run the Docker container locally, use: 47 | ```bash 48 | docker-compose up --build 49 | ``` 50 | 51 | ## Contributing 52 | 53 | Contributions to enhance this starter template are welcome. Please follow standard GitHub contribution guidelines. 54 | -------------------------------------------------------------------------------- /backend/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Python runtime as a parent image 2 | FROM python:3.9-slim 3 | 4 | # Set the working directory in the container 5 | WORKDIR /code 6 | 7 | # Copy the current directory contents into the container at /code 8 | COPY ./app /code/app 9 | COPY requirements.txt /code/ 10 | 11 | # Install any needed packages specified in requirements.txt 12 | RUN pip install --no-cache-dir -r requirements.txt 13 | 14 | ENV PYTHONPATH=/code 15 | EXPOSE 8000 16 | 17 | CMD uvicorn app.main:app --port=${PORT:-8000} --host=0.0.0.0 18 | 19 | -------------------------------------------------------------------------------- /backend/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mazzasaverio/fastapi-cloudrun-starter/1b50bd466a263cab1e7d9c7e9acb27fd4d5e7bb2/backend/__init__.py -------------------------------------------------------------------------------- /backend/app/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mazzasaverio/fastapi-cloudrun-starter/1b50bd466a263cab1e7d9c7e9acb27fd4d5e7bb2/backend/app/__init__.py -------------------------------------------------------------------------------- /backend/app/api/v1/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mazzasaverio/fastapi-cloudrun-starter/1b50bd466a263cab1e7d9c7e9acb27fd4d5e7bb2/backend/app/api/v1/__init__.py -------------------------------------------------------------------------------- /backend/app/api/v1/endponts/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mazzasaverio/fastapi-cloudrun-starter/1b50bd466a263cab1e7d9c7e9acb27fd4d5e7bb2/backend/app/api/v1/endponts/__init__.py -------------------------------------------------------------------------------- /backend/app/api/v1/endponts/test_endpoint.py: -------------------------------------------------------------------------------- 1 | from fastapi import APIRouter 2 | 3 | router = APIRouter() 4 | 5 | 6 | @router.get("/test") 7 | async def test(): 8 | return {"message": "Test endpoint is working!"} 9 | -------------------------------------------------------------------------------- /backend/app/main.py: -------------------------------------------------------------------------------- 1 | from fastapi import FastAPI, HTTPException, status, Request 2 | from fastapi.responses import RedirectResponse, JSONResponse 3 | from app.api.v1.endponts import test_endpoint 4 | 5 | 6 | app = FastAPI(title="Title") 7 | 8 | app.include_router(test_endpoint.router, prefix="/api/v1") 9 | 10 | 11 | @app.get("/") 12 | async def root(request: Request): 13 | return RedirectResponse(url="/docs", status_code=status.HTTP_307_TEMPORARY_REDIRECT) 14 | 15 | 16 | @app.get("/metrics") 17 | async def metrics(): 18 | return JSONResponse(content={"message": "Metrics not implemented"}) 19 | -------------------------------------------------------------------------------- /backend/requirements.txt: -------------------------------------------------------------------------------- 1 | fastapi==0.109.2 2 | pip-chill==1.0.3 3 | uvicorn==0.27.0.post1 4 | -------------------------------------------------------------------------------- /cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | steps: 2 | - name: "gcr.io/cloud-builders/docker" 3 | args: 4 | ["build", "-t", "gcr.io/$PROJECT_ID/fastapi-cloudrun:latest", "./backend"] 5 | 6 | - name: "gcr.io/cloud-builders/docker" 7 | args: ["push", "gcr.io/$PROJECT_ID/fastapi-cloudrun:latest"] 8 | 9 | - name: "gcr.io/google.com/cloudsdktool/cloud-sdk" 10 | entrypoint: gcloud 11 | args: 12 | - "run" 13 | - "deploy" 14 | - "cloudrun-service" # Make sure this is your service name 15 | - "--image=gcr.io/$PROJECT_ID/fastapi-cloudrun:latest" 16 | - "--region=us-central1" # Confirm this is your desired region 17 | - "--platform=managed" 18 | - "--allow-unauthenticated" # Consider removing if you need authentication 19 | 20 | images: 21 | - "gcr.io/$PROJECT_ID/fastapi-cloudrun:latest" 22 | -------------------------------------------------------------------------------- /docker-compose.dev.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | 3 | services: 4 | web: 5 | build: . 6 | command: sh -c "uvicorn main:app --reload --port=8000 --host=0.0.0.0" 7 | env_file: 8 | - .env.dev 9 | ports: 10 | - "8000:8000" 11 | volumes: 12 | - .:/app 13 | -------------------------------------------------------------------------------- /terraform/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | 6 | } 7 | google-beta = { 8 | source = "hashicorp/google-beta" 9 | 10 | } 11 | } 12 | } 13 | 14 | provider "google" { 15 | credentials = file(var.gcp_credentials_file) 16 | project = var.gcp_project_id 17 | region = var.gcp_region 18 | zone = var.gcp_zone 19 | } 20 | 21 | provider "google-beta" { 22 | credentials = file(var.gcp_credentials_file) 23 | project = var.gcp_project_id 24 | region = var.gcp_region 25 | zone = var.gcp_zone 26 | } 27 | 28 | # Fetch existing service account 29 | data "google_service_account" "existing_service_account" { 30 | account_id = var.gcp_service_account_name 31 | } 32 | 33 | # Activate Google services 34 | resource "google_project_service" "enabled_services" { 35 | for_each = toset(var.gcp_services) 36 | service = "${each.key}.googleapis.com" 37 | disable_on_destroy = false 38 | } 39 | 40 | 41 | 42 | # IAM role assignments for an existing service account 43 | resource "google_project_iam_member" "existing_service_account_iam_roles" { 44 | for_each = toset(var.gcp_existing_service_account_roles) 45 | project = var.gcp_project_id 46 | role = "roles/${each.value}" 47 | member = "serviceAccount:${data.google_service_account.existing_service_account.email}" 48 | } 49 | 50 | # IAM role assignments for Cloud Build service account with specific roles 51 | resource "google_project_iam_member" "cloud_build_service_account_iam_roles" { 52 | for_each = toset(var.gcp_cloud_build_service_account_roles) 53 | project = var.gcp_project_id 54 | role = "roles/${each.value}" 55 | member = "serviceAccount:${var.gcp_project_number}@cloudbuild.gserviceaccount.com" 56 | } 57 | 58 | 59 | 60 | /* -------------------------------------------------------------------------- */ 61 | /* Modules */ 62 | /* -------------------------------------------------------------------------- */ 63 | 64 | module "secret_manager" { 65 | source = "./modules/secret_manager" 66 | github_token = var.github_token 67 | } 68 | 69 | 70 | 71 | module "cloud_run" { 72 | source = "./modules/cloud_run" 73 | 74 | gcp_project_id = var.gcp_project_id 75 | gcp_region = var.gcp_region 76 | network_id = var.gcp_network_name 77 | depends_on = [ 78 | module.secret_manager 79 | ] 80 | } 81 | 82 | 83 | module "cloud_build" { 84 | source = "./modules/cloud_build" 85 | gcp_project_id = var.gcp_project_id 86 | gcp_project_number = var.gcp_project_number 87 | repo_name = var.repo_name 88 | branch = var.branch 89 | github_gcp_installation_id = var.github_gcp_installation_id 90 | gcp_region = var.gcp_region 91 | github_remote_uri = var.github_remote_uri 92 | 93 | depends_on = [ 94 | module.cloud_run, 95 | module.secret_manager 96 | ] 97 | } 98 | 99 | -------------------------------------------------------------------------------- /terraform/modules/cloud_build/main.tf: -------------------------------------------------------------------------------- 1 | data "google_secret_manager_secret_version" "github_token" { 2 | secret = "github-token-secret" 3 | project = var.gcp_project_id 4 | } 5 | 6 | data "google_iam_policy" "secret_accessor" { 7 | binding { 8 | role = "roles/secretmanager.secretAccessor" 9 | members = ["serviceAccount:service-${var.gcp_project_number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"] 10 | } 11 | } 12 | 13 | resource "google_secret_manager_secret_iam_policy" "policy" { 14 | project = var.gcp_project_id 15 | secret_id = "github-token-secret" 16 | policy_data = data.google_iam_policy.secret_accessor.policy_data 17 | } 18 | 19 | 20 | resource "google_cloudbuildv2_connection" "github_connection" { 21 | location = var.gcp_region 22 | name = "github-connection" 23 | 24 | github_config { 25 | app_installation_id = var.github_gcp_installation_id 26 | authorizer_credential { 27 | oauth_token_secret_version = data.google_secret_manager_secret_version.github_token.id 28 | } 29 | } 30 | } 31 | 32 | 33 | 34 | 35 | resource "google_cloudbuildv2_repository" "cloud_build_repository" { 36 | project = var.gcp_project_id 37 | location = var.gcp_region 38 | name = var.repo_name 39 | parent_connection = google_cloudbuildv2_connection.github_connection.name 40 | remote_uri = var.github_remote_uri 41 | } 42 | 43 | 44 | resource "google_cloudbuild_trigger" "build_trigger_on_push" { 45 | location = var.gcp_region 46 | name = "build-trigger-on-push" 47 | 48 | repository_event_config { 49 | repository = google_cloudbuildv2_repository.cloud_build_repository.id 50 | push { 51 | branch = var.branch 52 | } 53 | } 54 | 55 | filename = "cloudbuild.yaml" 56 | } 57 | 58 | -------------------------------------------------------------------------------- /terraform/modules/cloud_build/variables.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "gcp_project_id" { 3 | description = "The GCP project ID." 4 | type = string 5 | } 6 | 7 | 8 | 9 | variable "gcp_project_number" { 10 | description = "The GCP project number." 11 | type = string 12 | } 13 | 14 | 15 | variable "repo_name" { 16 | description = "The name of the repository to create the trigger for the Cloud Build." 17 | type = string 18 | } 19 | 20 | variable "branch" { 21 | description = "The branch of the repository to create the trigger for the Cloud Build." 22 | type = string 23 | } 24 | 25 | variable "github_gcp_installation_id" { 26 | description = "The GitHub App installation ID." 27 | type = string 28 | } 29 | 30 | variable "gcp_region" { 31 | description = "The GCP region." 32 | type = string 33 | } 34 | 35 | variable "github_remote_uri" { 36 | description = "The GitHub remote URI." 37 | type = string 38 | } 39 | -------------------------------------------------------------------------------- /terraform/modules/cloud_run/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_cloud_run_v2_service" "default" { 2 | name = "cloudrun-service" 3 | location = "us-central1" 4 | ingress = "INGRESS_TRAFFIC_ALL" 5 | 6 | template { 7 | containers { 8 | image = "gcr.io/${var.gcp_project_id}/fastapi-cloudrun:latest" 9 | resources { 10 | limits = { 11 | cpu = "2" 12 | memory = "1024Mi" 13 | } 14 | } 15 | } 16 | 17 | # Include other necessary configurations such as scaling, vpc_access, etc. 18 | } 19 | 20 | # Traffic configuration 21 | traffic { 22 | type = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST" 23 | percent = 100 24 | } 25 | 26 | # Additional configurations as needed 27 | } 28 | 29 | resource "google_cloud_run_service_iam_member" "public_invoker" { 30 | location = "us-central1" 31 | service = google_cloud_run_v2_service.default.name 32 | role = "roles/run.invoker" 33 | member = "allUsers" 34 | } 35 | -------------------------------------------------------------------------------- /terraform/modules/cloud_run/output.tf: -------------------------------------------------------------------------------- 1 | output "service_url" { 2 | value = google_cloud_run_v2_service.default.uri 3 | } 4 | -------------------------------------------------------------------------------- /terraform/modules/cloud_run/variables.tf: -------------------------------------------------------------------------------- 1 | variable "gcp_region" { 2 | description = "The region where the Cloud Run service will be deployed." 3 | type = string 4 | } 5 | 6 | variable "network_id" { 7 | description = "The ID of the VPC network." 8 | type = string 9 | } 10 | 11 | variable "gcp_project_id" { 12 | description = "Project ID" 13 | type = string 14 | } 15 | 16 | -------------------------------------------------------------------------------- /terraform/modules/secret_manager/main.tf: -------------------------------------------------------------------------------- 1 | 2 | /* ----------------------------- GITHUB ACCOUNT ----------------------------- */ 3 | 4 | resource "google_secret_manager_secret" "github_token_secret" { 5 | secret_id = "github-token-secret-2" 6 | replication { 7 | auto {} 8 | } 9 | } 10 | 11 | resource "google_secret_manager_secret_version" "github_token_secret_version" { 12 | secret = google_secret_manager_secret.github_token_secret.id 13 | secret_data = var.github_token 14 | } 15 | -------------------------------------------------------------------------------- /terraform/modules/secret_manager/variables.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | variable "github_token" { 4 | description = "The GitHub personal access token." 5 | type = string 6 | } 7 | 8 | -------------------------------------------------------------------------------- /terraform/variabiles.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | /* ------------------------------ GCP Foundation----------------------------- */ 6 | 7 | variable "gcp_project_id" { 8 | description = "The GCP project ID." 9 | type = string 10 | } 11 | variable "gcp_project_number" { 12 | description = "The GCP project number." 13 | type = string 14 | } 15 | 16 | variable "gcp_service_account_name" { 17 | description = "The name of the service account." 18 | type = string 19 | } 20 | 21 | variable "gcp_credentials_file" { 22 | description = "The path to the Google Cloud Service Account credentials file." 23 | type = string 24 | } 25 | 26 | variable "gcp_services" { 27 | description = "The list of services to enable." 28 | type = list(string) 29 | } 30 | 31 | variable "gcp_existing_service_account_roles" { 32 | description = "List of roles to be assigned to the existing service account" 33 | type = list(string) 34 | default = ["secretmanager.secretAccessor", "cloudsql.client"] 35 | } 36 | 37 | variable "gcp_cloud_build_service_account_roles" { 38 | description = "List of roles to be assigned to the Cloud Build service account" 39 | type = list(string) 40 | default = ["secretmanager.secretAccessor", "compute.admin", "run.admin"] 41 | } 42 | 43 | variable "gcp_network_name" { 44 | description = "The name of the VPC network." 45 | type = string 46 | } 47 | 48 | 49 | variable "gcp_region" { 50 | description = "The region where the resources will be created." 51 | type = string 52 | } 53 | 54 | variable "gcp_zone" { 55 | description = "The zone where the resources will be created." 56 | type = string 57 | } 58 | 59 | 60 | /* ----------------------------- Secret Manager ----------------------------- */ 61 | 62 | 63 | variable "repo_name" { 64 | description = "The name of the repository to create the trigger for the Cloud Build." 65 | type = string 66 | } 67 | 68 | variable "branch" { 69 | description = "The branch of the repository to create the trigger for the Cloud Build." 70 | type = string 71 | } 72 | 73 | variable "github_token" { 74 | description = "The GitHub personal access token." 75 | type = string 76 | } 77 | 78 | 79 | variable "github_gcp_installation_id" { 80 | description = "The GitHub App installation ID." 81 | type = string 82 | } 83 | 84 | variable "github_remote_uri" { 85 | description = "The GitHub remote URI." 86 | type = string 87 | } 88 | --------------------------------------------------------------------------------