-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy path__main__.py
77 lines (67 loc) · 2.51 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import pulumi
import pulumi_cloudflare
import pulumi_github
import pulumi_openttd
config = pulumi.Config()
global_stack = pulumi.StackReference(f"{pulumi.get_organization()}/global-config/prod")
if pulumi_openttd.get_stack() == "prod":
project = pulumi_cloudflare.PagesProject(
"pages",
account_id=global_stack.get_output("cloudflare_account_id"),
name=config.require("name"),
production_branch="main",
)
permission_groups = pulumi_cloudflare.get_api_token_permission_groups()
resources = global_stack.get_output("cloudflare_account_id").apply(
lambda account_id: {f"com.cloudflare.api.account.{account_id}": "*"}
)
api_token = pulumi_cloudflare.ApiToken(
"api-token",
name="app/preview",
policies=[
pulumi_cloudflare.ApiTokenPolicyArgs(
resources=resources,
permission_groups=[
permission_groups.account["Pages Write"],
],
),
],
)
pulumi_github.ActionsSecret(
"github-secret-cloudflare-api-token",
repository="OpenTTD",
secret_name="PREVIEW_CLOUDFLARE_API_TOKEN",
plaintext_value=api_token.value,
opts=pulumi.ResourceOptions(delete_before_replace=True),
)
pulumi_github.ActionsSecret(
"github-secret-cloudflare-account-id",
repository="OpenTTD",
secret_name="PREVIEW_CLOUDFLARE_ACCOUNT_ID",
plaintext_value=global_stack.get_output("cloudflare_account_id"),
opts=pulumi.ResourceOptions(delete_before_replace=True),
)
pulumi_github.ActionsVariable(
"github-variable-cloudflare-project-name",
repository="OpenTTD",
variable_name="PREVIEW_CLOUDFLARE_PROJECT_NAME",
value=config.require("name"),
opts=pulumi.ResourceOptions(delete_before_replace=True),
)
name = f"preview-{pulumi_openttd.get_stack()}"
worker = pulumi_cloudflare.WorkerScript(
f"worker",
account_id=global_stack.get_output("cloudflare_account_id"),
content=open(f"files/cfw-preview.js").read().replace("[[ name ]]", config.require("name")),
logpush=True,
name=name,
module=True,
)
pulumi_cloudflare.WorkerDomain(
f"worker-domain",
account_id=global_stack.get_output("cloudflare_account_id"),
hostname=pulumi.Output.format("{}.{}", config.require("hostname"), global_stack.get_output("domain")),
service=name,
zone_id=global_stack.get_output("cloudflare_zone_id"),
opts=pulumi.ResourceOptions(parent=worker),
)