Add contributor to app cache to gitrunner

equinor · Dec 19, 2024 · 2c6a126 · 2c6a126
1 parent 160f303
commit 2c6a126
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 10 deletions.
diff --git a/.github/workflows/clean-cache-registry.yml b/.github/workflows/clean-cache-registry.yml
@@ -14,6 +14,7 @@ jobs:
   purge:
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         target:
           - name: "dev"

diff --git a/terraform/subscriptions/s940/c2/common/main.tf b/terraform/subscriptions/s940/c2/common/main.tf
@@ -203,6 +203,10 @@ module "radix_id_gitrunner" {
       role     = "Contributor"
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/${data.azurerm_virtual_network.this.resource_group_name}"
     }
+    app_registry_contributor = {
+      role = "Contributor"
+      scope_id = '/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}app'
+    }
   }
   federated_credentials = {
     radix-id-gitrunner = {

diff --git a/terraform/subscriptions/s940/prod/common/main.tf b/terraform/subscriptions/s940/prod/common/main.tf
@@ -212,6 +212,10 @@ module "radix_id_gitrunner" {
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-platform:environment:${module.config.environment}"
     }
+    app_registry_contributor = {
+      role = "Contributor"
+      scope_id = '/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radixprodapp' # TODO: Replace resource name when fixed
+    }
   }
 }
 

diff --git a/terraform/subscriptions/s941/dev/common/main.tf b/terraform/subscriptions/s941/dev/common/main.tf
@@ -205,6 +205,10 @@ module "radix_id_gitrunner" {
       role     = "Contributor"
       scope_id = "/subscriptions/${module.config.subscription}/resourceGroups/${data.azurerm_virtual_network.this.resource_group_name}"
     }
+    app_registry_contributor = {
+      role = "Contributor"
+      scope_id = '/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}app'
+    }
   }
   federated_credentials = {
     radix-id-gitrunner = {

diff --git a/terraform/subscriptions/s941/playground/common/main.tf b/terraform/subscriptions/s941/playground/common/main.tf
@@ -105,52 +105,56 @@ module "radix-id-acr-workflows" {
       name    = "radix-cluster-cleanup-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-cluster-cleanup:ref:refs/heads/release"
-    },
+    }
     radix-cicd-canary-release = {
       name    = "radix-cicd-canary-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-cicd-canary:ref:refs/heads/release"
-    },
+    }
     radix-vulnerability-scanner-release = {
       name    = "radix-vulnerability-scanner-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-vulnerability-scanner:ref:refs/heads/release"
-    },
+    }
     radix-image-builder-release = {
       name    = "radix-image-builder-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-image-builder:ref:refs/heads/release"
-    },
+    }
     radix-tekton-release = {
       name    = "radix-tekton-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-tekton:ref:refs/heads/release"
-    },
+    }
     radix-operator-master = {
       name    = "radix-operator-master"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-operator:ref:refs/heads/master"
-    },
+    }
     radix-operator-release = {
       name    = "radix-operator-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-operator:ref:refs/heads/release"
-    },
+    }
     radix-velero-plugin-release = {
       name    = "radix-velero-plugin-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-velero-plugin:ref:refs/heads/release"
-    },
+    }
     radix-job-scheduler-release = {
       name    = "radix-job-scheduler-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-job-scheduler:ref:refs/heads/release"
-    },
+    }
     radix-buildkit-builder-release = {
       name    = "radix-buildkit-builder-release"
       issuer  = "https://token.actions.githubusercontent.com"
       subject = "repo:equinor/radix-buildkit-builder:ref:refs/heads/release"
-    },
+    }
+    app_registry_contributor = {
+      role = "Contributor"
+      scope_id = '/subscriptions/${module.config.subscription}/resourceGroups/common/providers/Microsoft.ContainerRegistry/registries/radix${module.config.environment}app'
+    }
   }
 }