cmg-ws2024525-demo/infrastructure/main.tf

provider "google" {
  project = var.project_id
  region  = var.region
}

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "6.12.0"
    }
  }
  required_version = ">= 1.3.0"
}

# Enable Google Cloud Build API
resource "google_project_service" "cloudbuild" {
  project = var.project_id
  service = "cloudbuild.googleapis.com"
}

# Enable Container Registry API
resource "google_project_service" "container_registry" {
  project = var.project_id
  service = "containerregistry.googleapis.com"
}

resource "google_storage_bucket" "source_code_bucket" {
  name     = "${var.project_id}${var.bucket_name}"
  location = var.region
  uniform_bucket_level_access = true
  force_destroy = true
}

resource "google_pubsub_topic" "build_trigger" {
  name = "build-trigger-topic"
}

# resource "google_cloudbuild_trigger" "build_trigger" {
#   name = var.cloud_build_trigger_name
#
#   description = "Trigger build when code is updated in the GCS bucket"
#
#   # Triggered by a Pub/Sub event when a file is uploaded to the bucket
#   included_files = ["**"]
#
#   pubsub_config {
#     topic = google_pubsub_topic.build_trigger.id
#
#     # Using the App Engine service account for authentication
#     service_account_email = "${var.project_id}@appspot.gserviceaccount.com"
#   }
#
#   build {
#     step {
#       name = "gcr.io/cloud-builders/gsutil"
#       args = ["cp", "gs://${google_storage_bucket.source_code_bucket.name}/*", "/workspace/"]
#     }
#
#     step {
#       name = "gcr.io/cloud-builders/docker"
#       args = ["build", "-t", "gcr.io/${var.project_id}/my-service", "."]
#     }
#
#     images = ["gcr.io/${var.project_id}/my-service"]
#   }
#   depends_on = [null_resource.upload_function_code]
#
# }


resource "google_storage_bucket_iam_binding" "allow_function_to_write" {
  bucket = google_storage_bucket.source_code_bucket.name

  role = "roles/storage.objectAdmin"

  members = [
    "serviceAccount:${google_cloudfunctions_function.webhook_handler.service_account_email}",
  ]
  depends_on = [null_resource.upload_function_code]
}

# this .... does not work, idk
resource "null_resource" "upload_function_code" {
  provisioner "local-exec" {
    command = "zip -r webhook-function.zip main.py requirements.txt && gsutil cp webhook-function.zip gs://${google_storage_bucket.source_code_bucket.name}/webhook-function.zip && echo uploaded function code"
  }
  depends_on = [google_storage_bucket.source_code_bucket]

}

data "google_iam_policy" "admin" {
  binding {
    role = "roles/cloudfunctions.invoker"
    members = [
    "allUsers"
    ]
  }
}
resource "google_cloudfunctions_function_iam_policy" "member" {
    project = google_cloudfunctions_function.webhook_handler.project
    region = google_cloudfunctions_function.webhook_handler.region
    cloud_function = google_cloudfunctions_function.webhook_handler.name
    policy_data = data.google_iam_policy.admin.policy_data
}


resource "google_cloudfunctions_function" "webhook_handler" {
  name        = "webhook-handler"
  description = "Handles incoming webhooks and uploads the code to GCS."
  runtime     = "python311"
  region      = var.region

  entry_point = "handle_webhook"

  source_archive_bucket = google_storage_bucket.source_code_bucket.name
  source_archive_object = "webhook-function.zip"

  trigger_http = true


  environment_variables = {
    BUCKET_NAME = google_storage_bucket.source_code_bucket.name
  }
  depends_on = [null_resource.upload_function_code]
}