This is a template for an IaC Terraform repository that includes a Bitbucket pipeline that authenticates via Workload Identity Federation. It is intended to be run after folder-factory and project-factory.
This is simple repository that only deploys a GCS bucket into a specified project. The point of this project is to prove that Terraform can be deployed to Bitbucket via Workload Identity Federation.
-
Clone this repository and push it to your own Bitbucket repository.
-
Enable pipelines in your Bitbucket Repository. This is done in Repository Settings > Pipelines > Settings.
-
Set up the required environment variables in your Bitbucket repository settings. This is done in Repository Settings > Pipelines > Repository variables.
Environment Variable Description Example Value TERRAFORM_VERSIONThe version of Terraform you want to use 1.4.2STATE_BUCKETThe Google Cloud Storage bucket where your Terraform state files will be stored my-terraform-state-bucketGCP_WORKLOAD_IDENTITY_PROVIDERThe fully qualified identifier of your Google Cloud Workload Identity Provider (See project-factory outputs) projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_IDGCP_SERVICE_ACCOUNTThe email address of your Google Cloud Service Account (See project-factory outputs) [email protected]PROJECT_NAMEYour Google Cloud project ID (See project-factory outputs) my-gcp-projectTERRAFORM_POLICY_VALIDATEtrue -
add a
terraform.tfvarsthat specifies the project you want the bucket to be created inproject = "my-gcp-project"
-
Commit to your repository to trigger a build