-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy path__main__.py
74 lines (64 loc) · 2.19 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import pulumi
import pulumi_cloudflare
import pulumi_github
config = pulumi.Config()
global_stack = pulumi.StackReference(f"{pulumi.get_organization()}/global-config/prod")
project = pulumi_cloudflare.PagesProject(
"pages",
account_id=global_stack.get_output("cloudflare_account_id"),
name=config.require("name"),
production_branch="main",
)
record = pulumi_cloudflare.PagesDomain(
"pages-domain",
account_id=global_stack.get_output("cloudflare_account_id"),
domain=pulumi.Output.format("{}.{}", config.require("hostname"), global_stack.get_output("domain")),
project_name=config.require("name"),
opts=pulumi.ResourceOptions(depends_on=[project]),
)
pulumi_cloudflare.Record(
"record",
name=config.require("hostname"),
proxied=True,
type="CNAME",
value=project.subdomain,
zone_id=global_stack.get_output("cloudflare_zone_id"),
opts=pulumi.ResourceOptions(depends_on=[record]),
)
permission_groups = pulumi_cloudflare.get_api_token_permission_groups()
resources = global_stack.get_output("cloudflare_account_id").apply(
lambda account_id: {f"com.cloudflare.api.account.{account_id}": "*"}
)
api_token = pulumi_cloudflare.ApiToken(
"api-token",
name="app/docs",
policies=[
pulumi_cloudflare.ApiTokenPolicyArgs(
resources=resources,
permission_groups=[
permission_groups.account["Pages Write"],
],
),
],
)
pulumi_github.ActionsSecret(
"github-secret-cloudflare-api-token",
repository="workflows",
secret_name="DOCS_CLOUDFLARE_API_TOKEN",
plaintext_value=api_token.value,
opts=pulumi.ResourceOptions(delete_before_replace=True),
)
pulumi_github.ActionsSecret(
"github-secret-cloudflare-account-id",
repository="workflows",
secret_name="DOCS_CLOUDFLARE_ACCOUNT_ID",
plaintext_value=global_stack.get_output("cloudflare_account_id"),
opts=pulumi.ResourceOptions(delete_before_replace=True),
)
pulumi_github.ActionsVariable(
"github-variable-cloudflare-project-name",
repository="workflows",
variable_name="DOCS_CLOUDFLARE_PROJECT_NAME",
value=config.require("name"),
opts=pulumi.ResourceOptions(delete_before_replace=True),
)