mirror of
https://github.com/digital-asset/daml.git
synced 2024-11-10 00:35:25 +03:00
168345f4a8
Recently we have been seeing lots of issues with the Bazel cache. It does not seem like it would need to delete things, but the issues cropped up about the same time we restricted the permissions, so it's worth trying to revert that. CHANGELOG_BEGIN CHANGELOG_END
36 lines
1.2 KiB
HCL
36 lines
1.2 KiB
HCL
# Copyright (c) 2020 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Setup the Bazel Bucket + CDN
|
|
locals {
|
|
bazel_cache_name = "daml-bazel-cache"
|
|
|
|
// see main.tf for additional locals
|
|
}
|
|
|
|
module "bazel_cache" {
|
|
source = "./modules/gcp_cdn_bucket"
|
|
|
|
labels = "${local.labels}"
|
|
name = "${local.bazel_cache_name}"
|
|
project = "${local.project}"
|
|
region = "${local.region}"
|
|
ssl_certificate = "https://www.googleapis.com/compute/v1/projects/da-dev-gcp-daml-language/global/sslCertificates/bazel-cache"
|
|
cache_retention_days = 60
|
|
}
|
|
|
|
// allow rw access for CI writer (see writer.tf)
|
|
// Note: it looks like the Bazel cache does not work properly if it does not
|
|
// have delete permission, wich is a bit scary.
|
|
resource "google_storage_bucket_iam_member" "bazel_cache_writer" {
|
|
bucket = "${module.bazel_cache.bucket_name}"
|
|
|
|
# https://cloud.google.com/storage/docs/access-control/iam-roles
|
|
role = "roles/storage.objectAdmin"
|
|
member = "serviceAccount:${google_service_account.writer.email}"
|
|
}
|
|
|
|
output "bazel_cache_ip" {
|
|
value = "${module.bazel_cache.external_ip}"
|
|
}
|