coder
diff --git a/‎.github/workflows/dogfood.yaml
Lines changed: 55 additions & 0 deletions b/‎.github/workflows/dogfood.yaml
Lines changed: 55 additions & 0 deletions
diff --git a/‎envbuilder-dogfood/README.md renamed to ‎dogfood/coder-envbuilder/contents/README.md b/‎envbuilder-dogfood/README.md renamed to ‎dogfood/coder-envbuilder/contents/README.md
diff --git a/‎envbuilder-dogfood/main.tf renamed to ‎dogfood/coder-envbuilder/contents/main.tf b/‎envbuilder-dogfood/main.tf renamed to ‎dogfood/coder-envbuilder/contents/main.tf
diff --git a/‎dogfood/coder-envbuilder/main.tf
Lines changed: 76 additions & 0 deletions b/‎dogfood/coder-envbuilder/main.tf
Lines changed: 76 additions & 0 deletions
@@ -145,3 +145,58 @@ jobs:
           TF_VAR_CODER_TEMPLATE_DIR: ./contents
           TF_VAR_CODER_TEMPLATE_MESSAGE: ${{ steps.message.outputs.pr_title }}
           TF_LOG: info
+
+  deploy_template_envbuilder:
+    needs: build_image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Terraform
+        uses: ./.github/actions/setup-tf
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
+        with:
+          workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
+          service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
+
+      - name: Terraform init and validate
+        run: |
+          cd dogfood/coder-envbuilder
+          terraform init -upgrade
+          terraform validate
+          cd contents
+          terraform init -upgrade
+          terraform validate
+
+      - name: Get short commit SHA
+        if: github.ref == 'refs/heads/main'
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Get latest commit title
+        if: github.ref == 'refs/heads/main'
+        id: message
+        run: echo "pr_title=$(git log --format=%s -n 1 ${{ github.sha }})" >> $GITHUB_OUTPUT
+
+      - name: "Push template"
+        if: github.ref == 'refs/heads/main'
+        run: |
+          cd dogfood/coder-envbuilder
+          terraform apply -auto-approve
+        env:
+          # Consumed by coderd provider
+          CODER_URL: https://dev.coder.com
+          CODER_SESSION_TOKEN: ${{ secrets.CODER_SESSION_TOKEN }}
+          # Template source & details
+          TF_VAR_CODER_TEMPLATE_VERSION: ${{ steps.vars.outputs.sha_short }}
+          TF_VAR_CODER_TEMPLATE_DIR: ./contents
+          TF_VAR_CODER_TEMPLATE_MESSAGE: ${{ steps.message.outputs.pr_title }}
+          TF_LOG: info
@@ -0,0 +1,76 @@
+terraform {
+  required_providers {
+    coderd = {
+      source = "coder/coderd"
+    }
+  }
+  backend "gcs" {
+    bucket = "coder-dogfood-tf-state"
+    prefix = "/templates/coder-envbuilder"
+  }
+}
+
+data "coderd_organization" "default" {
+  is_default = true
+}
+
+data "coderd_user" "machine" {
+  username = "machine"
+}
+
+variable "CODER_TEMPLATE_VERSION" {
+  type = string
+}
+
+variable "CODER_TEMPLATE_DIR" {
+  type = string
+}
+
+variable "CODER_TEMPLATE_MESSAGE" {
+  type = string
+}
+
+resource "coderd_template" "dogfood" {
+  name            = "coder-envbuilder"
+  display_name    = "Write Coder on Coder using Envbuilder"
+  description     = "Write Coder on Coder using a workspace built by Envbuilder."
+  icon            = "/emojis/1f3d7.png" # 🏗️
+  organization_id = "703f72a1-76f6-4f89-9de6-8a3989693fe5"
+  versions = [
+    {
+      name      = var.CODER_TEMPLATE_VERSION
+      message   = var.CODER_TEMPLATE_MESSAGE
+      directory = var.CODER_TEMPLATE_DIR
+      active    = true
+      tf_vars = [{
+        # clusters/dogfood-v2/coder/provisioner/configs/values.yaml#L191-L194
+        "envbuilder_cache_dockerconfigjson_path" = "/home/coder/envbuilder-cache-dockerconfig.json"
+      }]
+    }
+  ]
+  acl = {
+    groups = [{
+      id   = data.coderd_organization.default.id
+      role = "use"
+    }]
+    users = [{
+      id   = data.coderd_user.machine.id
+      role = "admin"
+    }]
+  }
+  activity_bump_ms                  = 10800000
+  allow_user_auto_start             = true
+  allow_user_auto_stop              = true
+  allow_user_cancel_workspace_jobs  = false
+  auto_start_permitted_days_of_week = ["friday", "monday", "saturday", "sunday", "thursday", "tuesday", "wednesday"]
+  auto_stop_requirement = {
+    days_of_week = ["sunday"]
+    weeks        = 1
+  }
+  default_ttl_ms                 = 28800000
+  deprecation_message            = null
+  failure_ttl_ms                 = 604800000
+  require_active_version         = true
+  time_til_dormant_autodelete_ms = 7776000000
+  time_til_dormant_ms            = 8640000000
+}