From 30d38142622d4077a0d30ce1d6a9a2e86d6de965 Mon Sep 17 00:00:00 2001
From: Sven Sauleau <sven@cloudflare.com>
Date: Wed, 4 Jan 2023 13:59:43 +0000
Subject: [PATCH] fix deploy

---
 .github/workflows/deploy.yml |  2 ++
 tf/main.tf                   | 52 +++++++++++++++++++++++++++++++-----
 2 files changed, 47 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 30d5e00..8ebf4f0 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -56,6 +56,7 @@ jobs:
         env:
           TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }}
           TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }}
+          TF_VAR_cloudflare_zone_name: ${{ secrets.CF_ZONE_NAME }}
           TF_VAR_gh_username: ${{ github.actor }}
           TF_VAR_d1_id: ${{ env.d1_id }}
 
@@ -65,6 +66,7 @@ jobs:
           apiToken: ${{ secrets.CF_API_TOKEN }}
           preCommands: |
             echo "*** pre commands ***"
+            yarn
             yarn build
             cp -rv ./frontend/dist/* .
             echo "******"
diff --git a/tf/main.tf b/tf/main.tf
index d8298c2..fa9693b 100644
--- a/tf/main.tf
+++ b/tf/main.tf
@@ -2,6 +2,10 @@ variable "cloudflare_account_id" {
   type = string
 }
 
+variable "cloudflare_zone_name" {
+  type = string
+}
+
 variable "cloudflare_api_token" {
   type = string
 }
@@ -32,20 +36,27 @@ provider "cloudflare" {
   api_token = var.cloudflare_api_token
 }
 
+data "cloudflare_zone" "zone" {
+  account_id = var.cloudflare_account_id
+  name       = var.cloudflare_zone_name
+}
+
+
 resource "cloudflare_workers_kv_namespace" "wildebeest_cache" {
   account_id = var.cloudflare_account_id
-  title = "wildebeest-cache"
+  title = "wildebeest-${var.gh_username}-cache"
 }
 
 resource "random_password" "user_key" {
-  length           = 256
-  special          = false
+  length  = 256
+  special = false
 }
 
 resource "cloudflare_pages_project" "wildebeest_pages_project" {
   account_id = var.cloudflare_account_id
   name              = "wildebeest-${var.gh_username}"
   production_branch = "main"
+
   deployment_configs {
     production {
       environment_variables = {
@@ -59,21 +70,48 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {
         KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id
       }
       d1_databases = {
-        D1_BINDING = var.d1_id
+        DATABASE = var.d1_id
       }
     }
   }
 }
 
+resource "cloudflare_record" "record" {
+  zone_id = data.cloudflare_zone.zone.id
+  name    = "@"
+  value   = cloudflare_pages_project.wildebeest_pages_project.subdomain
+  type    = "CNAME"
+  ttl     = 1
+  proxied = true
+}
+
+resource "cloudflare_pages_domain" "domain" {
+  account_id   = var.cloudflare_account_id
+  project_name = "wildebeest-${var.gh_username}"
+  domain       = var.cloudflare_zone_name
+}
+
 resource "cloudflare_access_application" "wildebeest_access" {
   account_id                = var.cloudflare_account_id
   name                      = "wildebeest-${var.gh_username}"
-  domain                    = "${cloudflare_pages_project.wildebeest_pages_project.subdomain}/oauth/authorize"
+  domain                    = "${var.cloudflare_zone_name}/oauth/authorize"
   type                      = "self_hosted"
   session_duration          = "168h"
   auto_redirect_to_identity = false
 }
 
-output "access_aud" {
-  value = cloudflare_access_application.wildebeest_access.aud
+resource "cloudflare_access_policy" "policy" {
+  application_id = cloudflare_access_application.wildebeest_access.id
+  zone_id        = data.cloudflare_zone.zone.id
+  name           = "policy"
+  precedence     = "1"
+  decision       = "allow"
+
+  include {
+    email = ["test@example.com"]
+  }
 }
+
+/* output "access_aud" { */
+/*   value = cloudflare_access_application.wildebeest_access.aud */
+/* } */