-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
74 lines (52 loc) · 1.99 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# AWS reference architecture
module "base" {
source = "./modules/base"
region = var.aws_region
instance_types = var.instance_types
disk_size = var.disk_size
}
# User used for scaffolding and deploying apps
resource "humanitec_user" "deployer" {
count = var.with_backstage ? 1 : 0
name = "deployer"
role = "administrator"
type = "service"
}
resource "humanitec_service_user_token" "deployer" {
count = var.with_backstage ? 1 : 0
id = "deployer"
user_id = humanitec_user.deployer[0].id
description = "Used by scaffolding and deploying"
}
module "github" {
count = var.with_backstage ? 1 : 0
source = "./modules/github"
humanitec_org_id = var.humanitec_org_id
humanitec_ci_service_user_token = humanitec_service_user_token.deployer[0].token
aws_region = var.aws_region
github_org_id = var.github_org_id
depends_on = [module.base]
}
# Configure GitHub variables & secrets for Backstage itself and for all scaffolded apps
locals {
github_app_credentials_file = "github-app-credentials.json"
}
module "github_app" {
count = var.with_backstage ? 1 : 0
source = "github.com/humanitec-architecture/shared-terraform-modules?ref=v2024-06-12//modules/github-app"
credentials_file = "${path.module}/${local.github_app_credentials_file}"
}
# Deploy Backstage as Portal
module "portal_backstage" {
count = var.with_backstage ? 1 : 0
source = "./modules/portal-backstage"
humanitec_org_id = var.humanitec_org_id
humanitec_ci_service_user_token = humanitec_service_user_token.deployer[0].token
github_org_id = var.github_org_id
github_app_client_id = module.github_app[0].client_id
github_app_client_secret = module.github_app[0].client_secret
github_app_id = module.github_app[0].app_id
github_app_private_key = module.github_app[0].private_key
github_webhook_secret = module.github_app[0].webhook_secret
depends_on = [module.github]
}