2023-01-04 20:21:15 +03:00
|
|
|
# Copyright (c) 2023 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
2019-04-04 11:33:38 +03:00
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
// Setup the Bazel Bucket + CDN
|
|
|
|
locals {
|
|
|
|
bazel_cache_name = "daml-bazel-cache"
|
|
|
|
|
|
|
|
// see main.tf for additional locals
|
|
|
|
}
|
|
|
|
|
|
|
|
module "bazel_cache" {
|
|
|
|
source = "./modules/gcp_cdn_bucket"
|
|
|
|
|
2021-02-08 20:25:04 +03:00
|
|
|
labels = local.labels
|
|
|
|
name = local.bazel_cache_name
|
|
|
|
project = local.project
|
|
|
|
region = local.region
|
2020-09-17 18:36:35 +03:00
|
|
|
ssl_certificate = "https://www.googleapis.com/compute/v1/projects/da-dev-gcp-daml-language/global/sslCertificates/bazel-cache"
|
2022-06-21 17:37:24 +03:00
|
|
|
ssl_policy = google_compute_ssl_policy.ssl_policy.self_link
|
2019-04-04 11:33:38 +03:00
|
|
|
cache_retention_days = 60
|
|
|
|
}
|
|
|
|
|
2019-05-01 18:54:09 +03:00
|
|
|
// allow rw access for CI writer (see writer.tf)
|
2020-09-29 14:56:35 +03:00
|
|
|
// Note: it looks like the Bazel cache does not work properly if it does not
|
|
|
|
// have delete permission, wich is a bit scary.
|
|
|
|
resource "google_storage_bucket_iam_member" "bazel_cache_writer" {
|
2021-02-08 20:25:04 +03:00
|
|
|
bucket = module.bazel_cache.bucket_name
|
2019-04-04 11:33:38 +03:00
|
|
|
|
|
|
|
# https://cloud.google.com/storage/docs/access-control/iam-roles
|
2020-09-29 14:56:35 +03:00
|
|
|
role = "roles/storage.objectAdmin"
|
2019-04-04 11:33:38 +03:00
|
|
|
member = "serviceAccount:${google_service_account.writer.email}"
|
|
|
|
}
|
|
|
|
|
|
|
|
output "bazel_cache_ip" {
|
2021-02-08 20:25:04 +03:00
|
|
|
value = module.bazel_cache.external_ip
|
2019-04-04 11:33:38 +03:00
|
|
|
}
|