From cd7c2073065f9877b3dfebf9fe527d6985adb9cd Mon Sep 17 00:00:00 2001 From: harrison-carter Date: Wed, 18 Mar 2026 16:28:59 +0000 Subject: [PATCH 1/2] feat: add approval_required variable to cloud-cloudbuild-trigger module - Add `approval_required` boolean variable (defaults to `false`) - Use a dynamic `approval_config` block so it's only included when approval is required --- gcp/cloud-cloudbuild-trigger/main.tf | 8 ++++++++ gcp/cloud-cloudbuild-trigger/variables.tf | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/gcp/cloud-cloudbuild-trigger/main.tf b/gcp/cloud-cloudbuild-trigger/main.tf index c4da878..ac5940e 100644 --- a/gcp/cloud-cloudbuild-trigger/main.tf +++ b/gcp/cloud-cloudbuild-trigger/main.tf @@ -36,6 +36,14 @@ resource "google_cloudbuild_trigger" "trigger_main" { included_files = var.include ignored_files = var.exclude disabled = var.disabled + + dynamic "approval_config" { + for_each = var.approval_required ? [1] : [] + + content { + approval_required = true + } + } } locals { diff --git a/gcp/cloud-cloudbuild-trigger/variables.tf b/gcp/cloud-cloudbuild-trigger/variables.tf index 99b9c94..af9bdd1 100644 --- a/gcp/cloud-cloudbuild-trigger/variables.tf +++ b/gcp/cloud-cloudbuild-trigger/variables.tf @@ -119,3 +119,9 @@ variable "repository" { default = null description = "Full resource ID of a google_cloudbuildv2_repository. If set, uses repository_event_config instead of github block." } + +variable "approval_required" { + type = bool + default = false + description = "If true, builds will require manual approval before executing." +} From 235e36776f6094ea578b894bc93946ea42b88014 Mon Sep 17 00:00:00 2001 From: harrison-carter Date: Wed, 18 Mar 2026 16:29:59 +0000 Subject: [PATCH 2/2] feat: pass approval_required variable through cloud-run-v2 module - Add `approval_required` variable to the cloud-run-v2 module and forward it to the trigger provision submodule --- gcp/cloud-cloudbuild-trigger/main.tf | 10 +++------- gcp/cloud-run-v2/main.tf | 1 + gcp/cloud-run-v2/variables.tf | 6 ++++++ 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/gcp/cloud-cloudbuild-trigger/main.tf b/gcp/cloud-cloudbuild-trigger/main.tf index ac5940e..32f9a0a 100644 --- a/gcp/cloud-cloudbuild-trigger/main.tf +++ b/gcp/cloud-cloudbuild-trigger/main.tf @@ -36,13 +36,9 @@ resource "google_cloudbuild_trigger" "trigger_main" { included_files = var.include ignored_files = var.exclude disabled = var.disabled - - dynamic "approval_config" { - for_each = var.approval_required ? [1] : [] - - content { - approval_required = true - } + + approval_config { + approval_required = var.approval_required } } diff --git a/gcp/cloud-run-v2/main.tf b/gcp/cloud-run-v2/main.tf index 0624e58..4b6e28f 100644 --- a/gcp/cloud-run-v2/main.tf +++ b/gcp/cloud-run-v2/main.tf @@ -336,6 +336,7 @@ module "trigger_provision" { repository = var.repository trigger_service_account = var.trigger_service_account + approval_required = var.approval_required # Substitution variables for Cloud Build Trigger substitutions = merge({ diff --git a/gcp/cloud-run-v2/variables.tf b/gcp/cloud-run-v2/variables.tf index d0b1ec4..b010c22 100644 --- a/gcp/cloud-run-v2/variables.tf +++ b/gcp/cloud-run-v2/variables.tf @@ -395,3 +395,9 @@ variable "repository" { default = null description = "Full resource ID of a google_cloudbuildv2_repository. Passed through to the trigger module." } + +variable "approval_required" { + type = bool + default = false + description = "If true, Cloud Build trigger will require manual approval before executing." +}