adding sas automatically

.github/workflows/commit-message-check.yml

@@ -0,0 +1,26 @@
+name: "Commit Message Check"
+
+on:
+  push:
+    branches:
+      - "**"
+
+jobs:
+  commit-message-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Check Commit Messages
+        run: |
+          IFS=$'\n' commits=($(git log --format=%s ${{ github.event.before }}..${{ github.event.after }}))
+          for commit in "${commits[@]}"
+          do
+            if ! [[ "$commit" =~ ^(feat|fix|chore|docs|style|refactor|perf|test)(\(.*\))?:?.{2,} ]]; then
+              echo "Invalid commit message: $commit"
+              exit 1
+            fi
+          done

README.md

@@ -13,7 +13,7 @@ You can find specific examples and available variables inside [each module folde
 
 ```hcl
 module "cloud-run-api-my-awesome-api" {
-  source                = "github.com/NandosUK/infrastructure/terraform-modules/gcp/cloud-run-v1"
+  source                = "github.com/NandosUK/infrastructure-terraform-modules/gcp/cloud-run-v2"
   project_id                 = "my-gcp-project-id"
   name                       = "my-awesome-api"
   (...)
@@ -58,7 +58,7 @@ The commit message should be structured as follows:
 
 - `feat(api): add new validation logic`
 - `fix(cloud-run-v1): resolve issue with variable x`
-- `chore(tests): add additional unit tests for utils`
+- `test(utils): add additional unit tests for utils`
 - `docs(cloud-function-v1): update setup instructions`
 
 ### How to Make Commits

gcp/cloud-run-v2/README.md

@@ -30,6 +30,14 @@ This updated Terraform module provides a comprehensive set of reusable configura
 
 - **SSL and Domain** : Optional SSL and custom domain settings.
 
+### EventArc Trigger
+
+Key elements description:
+
+- **matching_criteria** : matching criteria for the trigger, including attributes like "attribute," "value", and "operator"(optional) to filter specific events.
+- **event_data_content_type** : Sets the event's content type.
+- **api_path** : to specify the URL path that will be appended to the service's base URL
+
 ### Cloud Build Trigger
 
 - **Advanced Trigger Config** : More granular control over Cloud Build triggers.

gcp/cloud-run-v2/main.tf

@@ -1,5 +1,5 @@
 locals {
-  cloud_armor_rules = fileexists(var.cloud_armor.rules_file_path) ? yamldecode(file(var.cloud_armor.rules_file_path)) : []
+  cloud_armor_rules = var.cloud_armor.enabled ? yamldecode(file(var.cloud_armor.rules_file_path)) : []
 }
 
 # Resource configuration for deploying a Google Cloud Run service
@@ -168,7 +168,7 @@ module "lb-http" {
   version = "~> 9.0"
 
   # SSL and domain configuration
-  managed_ssl_certificate_domains = [var.environment == "prod" ? "${var.name}.api.nandos.dev" : var.environment == "preview" ? "${var.name}-preview.api.nandos.dev" : "${var.name}-preprod.api.nandos.dev"]
+  managed_ssl_certificate_domains = [var.environment == "prod" ? "${var.name}.${var.domain_host}" : var.environment == "preview" ? "${var.name}-preview.${var.domain_host}" : "${var.name}-preprod.${var.domain_host}"]
 
   ssl                       = true
   https_redirect            = true # Enable HTTPS redirect
@@ -206,24 +206,16 @@ resource "google_eventarc_trigger" "default" {
 
   name     = "trigger-${google_cloud_run_v2_service.default.name}"
   location = var.project_region
-  /* matching_criteria {
-    attribute = "type"
-    value     = each.value.event_type
-  }
-  matching_criteria {
-    attribute = "database"
-    value     = "(default)"
-  } */
   dynamic "matching_criteria" {
     for_each = each.value.matching_criteria
     content {
       attribute = matching_criteria.value.attribute
       value     = matching_criteria.value.value
+      operator  = matching_criteria.value.operator
     }
   }
-  event_data_content_type = "application/protobuf"
+  event_data_content_type = each.value.event_data_content_type
   service_account         = var.cloud_run_service_account
-  pubsub_service_account  = var.pubsub_service_account
   destination {
     cloud_run_service {
       service = google_cloud_run_v2_service.default.name
@@ -249,11 +241,10 @@ resource "google_project_iam_binding" "eventarc_pubsub" {
   role    = "roles/iam.serviceAccountTokenCreator"
 
   members = [
-    "serviceAccount:${var.pubsub_service_account}",
+    "serviceAccount:service-${var.project_id}@gcp-sa-pubsub.iam.gserviceaccount.com"
   ]
 }
 
-
 # Cloud Build trigger configuration
 module "trigger_provision" {
   count           = var.create_trigger == true ? 1 : 0

gcp/cloud-run-v2/variables.tf

@@ -203,7 +203,6 @@ variable "eventarc_triggers" {
   description             = "Configuration for Eventarc triggers"
   event_data_content_type = "string"
   type = list(object({
-    pubsub_service_account = string
     event_type = string
     api_path   = string
     matching_criteria = list(object({

test/gcp/cloud-run-v2.tf

@@ -31,28 +31,18 @@ module "cloud-run-api-my-awesome-api" {
   }
   eventarc_triggers = [
     {
-      event_type = "google.cloud.firestore.document.v1.created",
-      api_path   = "/api/my-trigger-receiver"
-      }, {
-
-      event_type = "google.cloud.firestore.document.v1.updated",
-      api_path   = "/api/my-trigger-receiver"
-
-      }, {
-
-      event_type = "google.cloud.firestore.document.v1.created",
-      api_path   = "/api/my-trigger-receiver"
-
-      }, {
-
-      event_type = "google.cloud.firestore.document.v1.deleted",
-      api_path   = "/api/my-trigger-receiver"
-
-      }, {
-
-      event_type = "google.cloud.firestore.document.v1.written",
-      api_path   = "/api/my-trigger-receiver"
-
+      api_path                = "/api/my-trigger-receiver"
+      event_data_content_type = "application/protobuf"
+      matching_criteria = [{
+        attribute = "type"
+        value     = "google.cloud.firestore.document.v1.created",
+        },
+        {
+          attribute = "database"
+          value     = "(default)"
+      }]
     }
   ]
 }
+
+