kopia lustrzana https://github.com/cloudflare/wildebeest
inject ACCESS_AUD and ACCESS_AUTH_DOMAIN Pages app
rodzic
6873eb78e2
commit
b789a059b8
|
@ -11,6 +11,10 @@ jobs:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- uses: hashicorp/setup-terraform@v2
|
- uses: hashicorp/setup-terraform@v2
|
||||||
|
|
||||||
|
- name: Install package
|
||||||
|
run: |
|
||||||
|
sudo apt-get -y install jq
|
||||||
|
|
||||||
- name: Setup node.js
|
- name: Setup node.js
|
||||||
uses: actions/setup-node@v3
|
uses: actions/setup-node@v3
|
||||||
with:
|
with:
|
||||||
|
@ -45,6 +49,12 @@ jobs:
|
||||||
env:
|
env:
|
||||||
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
|
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
|
||||||
|
|
||||||
|
- name: retrieve Zero Trust organization
|
||||||
|
run: |
|
||||||
|
auth_domain=$(curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/access/organizations \
|
||||||
|
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | jq -r '.result.auth_domain')
|
||||||
|
printf "auth_domain=$auth_domain" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Init
|
- name: Init
|
||||||
run: terraform init
|
run: terraform init
|
||||||
working-directory: ./tf
|
working-directory: ./tf
|
||||||
|
@ -59,6 +69,7 @@ jobs:
|
||||||
TF_VAR_cloudflare_zone_name: ${{ secrets.CF_ZONE_NAME }}
|
TF_VAR_cloudflare_zone_name: ${{ secrets.CF_ZONE_NAME }}
|
||||||
TF_VAR_gh_username: ${{ github.actor }}
|
TF_VAR_gh_username: ${{ github.actor }}
|
||||||
TF_VAR_d1_id: ${{ env.d1_id }}
|
TF_VAR_d1_id: ${{ env.d1_id }}
|
||||||
|
TF_VAR_access_auth_domain: ${{ env.auth_domain }}
|
||||||
|
|
||||||
- name: Publish
|
- name: Publish
|
||||||
uses: cloudflare/wrangler-action@2.0.0
|
uses: cloudflare/wrangler-action@2.0.0
|
||||||
|
|
10
tf/main.tf
10
tf/main.tf
|
@ -18,6 +18,10 @@ variable "d1_id" {
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "access_auth_domain" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
terraform {
|
terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
cloudflare = {
|
cloudflare = {
|
||||||
|
@ -65,6 +69,8 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {
|
||||||
CF_API_TOKEN = ""
|
CF_API_TOKEN = ""
|
||||||
|
|
||||||
USER_KEY = random_password.user_key.result
|
USER_KEY = random_password.user_key.result
|
||||||
|
ACCESS_AUD = cloudflare_access_application.wildebeest_access.aud
|
||||||
|
ACCESS_AUTH_DOMAIN = var.access_auth_domain
|
||||||
}
|
}
|
||||||
kv_namespaces = {
|
kv_namespaces = {
|
||||||
KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id
|
KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id
|
||||||
|
@ -111,7 +117,3 @@ resource "cloudflare_access_policy" "policy" {
|
||||||
email = ["test@example.com"]
|
email = ["test@example.com"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* output "access_aud" { */
|
|
||||||
/* value = cloudflare_access_application.wildebeest_access.aud */
|
|
||||||
/* } */
|
|
||||||
|
|
Ładowanie…
Reference in New Issue