chore(dogfood): use remote tf state

ethanndickson · ethanndickson · commit dbd860ef9b6d · 2024-08-20T08:27:45.000Z
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
@@ -17,6 +17,11 @@ on:
       - "flake.nix"
   workflow_dispatch:
 
+
+permissions:
+  # Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage)
+  id-token: write
+
 jobs:
   build_image:
     if: github.actor != 'dependabot[bot]' # Skip Dependabot PRs
@@ -85,6 +90,12 @@ jobs:
       - name: Setup Terraform
         uses: ./.github/actions/setup-tf
 
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
+          service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
+
       - name: Terraform init and validate
         run: |
           cd dogfood
@@ -118,3 +129,4 @@ jobs:
           TF_VAR_CODER_TEMPLATE_VERSION: ${{ steps.vars.outputs.sha_short }}
           TF_VAR_CODER_TEMPLATE_DIR: ./contents
           TF_VAR_CODER_TEMPLATE_MESSAGE: ${{ steps.message.outputs.pr_title }}
+          TF_LOG: info
diff --git a/dogfood/main.tf b/dogfood/main.tf
@@ -4,9 +4,11 @@ terraform {
       source = "coder/coderd"
     }
   }
+  backend "gcs" {
+    bucket = "coder-dogfood-tf-state"
+  }
 }
 
-// Alternative to committing a state file
 import {
   to = coderd_template.dogfood
   id = "0d286645-29aa-4eaf-9b52-cc5d2740c90b"

Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,11 @@ terraform {`
`4`	`4`	`source = "coder/coderd"`
`5`	`5`	`}`
`6`	`6`	`}`
	`7`	`+ backend "gcs" {`
	`8`	`+ bucket = "coder-dogfood-tf-state"`
	`9`	`+ }`
`7`	`10`	`}`
`8`	`11`
`9`		`-// Alternative to committing a state file`
`10`	`12`	`import {`
`11`	`13`	`to = coderd_template.dogfood`
`12`	`14`	`id = "0d286645-29aa-4eaf-9b52-cc5d2740c90b"`