| 123456789101112131415161718192021222324252627 |
- data "aws_secretsmanager_secret" "ghe-key" {
- name = "GHE/mdr-aws-codebuild/key"
- provider = aws.c2
- }
- data "aws_secretsmanager_secret_version" "ghe-key" {
- secret_id = data.aws_secretsmanager_secret.ghe-key.id
- provider = aws.c2
- }
- #locals {
- # If key was in json format, we would need to decode it.
- # secret_ghe_key = jsondecode(data.aws_secretsmanager_secret_version.ghe-key.secret_string)
- #}
- # Note some AWS craziness here. The GitHub credential is not tied to a build, even though it _looks_
- # like it is in the Web UI. There can only be one GitHub credential per account+region::
- # https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-codebuild.GitHubSourceCredentials.html
- #
- # "Note: CodeBuild only allows a single credential for GitHub to be saved in a given AWS account
- # in a given region - any attempt to add more than one will result in an error."
- resource "aws_codebuild_source_credential" "github_token" {
- auth_type = "PERSONAL_ACCESS_TOKEN"
- server_type = "GITHUB_ENTERPRISE"
- token = data.aws_secretsmanager_secret_version.ghe-key.secret_string
- }
|
