feat: add support to create container registry and secret inside build module #258
Conversation
|
/run pipeline |
|
/run pipeline |
|
|
||
| variable "source_type" { | ||
| description = "Specifies the type of source to determine if your build source is in a repository or based on local source code." | ||
| description = "Specifies the type of source to determine if your build source is in a repository or based on local source code. If the value is `local`, then 'source_secret' input must be omitted." |
There was a problem hiding this comment.
Should there be validation. The type appears to be a defined set, so should the permitted values be checked?
Should there be cross variable validation IF this value is local, then source_secret must be null?
| ############################################################################## | ||
|
|
||
| variable "container_registry_namespace" { | ||
| description = "The name of the namespace to create in IBM Cloud Container Registry for organizing container images. Must be set if 'output_image' is not set." |
There was a problem hiding this comment.
The namespace name will be extended when prefix is set, so prefix should be mentioned in the description.
| } | ||
|
|
||
| variable "output_secret" { | ||
| description = "The secret that is required to access the IBM Cloud Container Registry. Make sure that the secret is granted with push permissions towards the specified container registry namespace. If not provided, it will be created using the value of 'container_registry_api_key'; if that is not set, 'ibmcloud_api_key' will be used instead." |
There was a problem hiding this comment.
I am struggling to work out what this is.
I think it the name of a code engine secret that contains an api key to access container registry.
So the first sentence needs to be clear that it is a secret name, not a secret value. The second sentence needs to clear that the key in the named secret is an API key that has push permission. The third sentence needs to be clear that a code engine secret with a name of the format ${var.prefix}-registry-access-secret will be created with the value (as described already) in it.
| } | ||
|
|
||
| module "cr_endpoint" { | ||
| count = local.create_cr_namespace ? 1 : 0 |
There was a problem hiding this comment.
Does the count cause an issue an existing namespace is passed?
It seems there should be no count and the module should always be created. The value is used when creating a code engine secret to access the container registry, which is unrelated to namespace creation.
Additional comment included where this is used.
| data = { | ||
| password = var.container_registry_api_key != null ? var.container_registry_api_key : var.ibmcloud_api_key, | ||
| username = "iamapikey", | ||
| server = module.cr_endpoint[0].container_registry_endpoint_private |
There was a problem hiding this comment.
The value of server may be undefined.
When local.create_name_space is false module.cr_endpoint does not exist. See comment on module definition.
Description
Issue: #243
we added:
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Features & Improvements
Added support to pass the
regionvariable from the root module into the build module for more flexible regional deployments.The build module now supports automatic creation of container registry namespaces when required.
Added functionality to create Code Engine secrets directly inside the build module to simplify authentication setup.
Simplified build input variables to reduce the number of required inputs, making the build configuration easier and cleaner.
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers