diff --git a/modules/foundations-github-organization/README.md b/modules/foundations-github-organization/README.md index 7f67b67..864476c 100644 --- a/modules/foundations-github-organization/README.md +++ b/modules/foundations-github-organization/README.md @@ -20,13 +20,12 @@ No modules. | Name | Type | |------|------| +| [github_actions_organization_secret.workload_identity_provider](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_secret) | resource | | [github_actions_organization_variable.tf_state_bucket_location](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource | | [github_actions_organization_variable.tf_state_bucket_name](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource | | [github_actions_organization_variable.tf_state_bucket_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource | -| [github_actions_organization_variable.workload_identity_provider](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource | -| [github_actions_variable.bootstrap_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource | +| [github_actions_secret.organization_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_secret) | resource | | [github_actions_variable.gcp_secret_manager_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource | -| [github_actions_variable.organization_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource | | [github_branch_protection.protect_bootstrap_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource | | [github_branch_protection.protect_organization_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource | | [github_enterprise_organization.github-foundations](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/enterprise_organization) | resource | diff --git a/modules/foundations-github-organization/action-variables.tf b/modules/foundations-github-organization/action-variables.tf index 6ad3262..40b2855 100644 --- a/modules/foundations-github-organization/action-variables.tf +++ b/modules/foundations-github-organization/action-variables.tf @@ -1,19 +1,11 @@ -resource "github_actions_variable" "organization_workload_identity_sa" { +resource "github_actions_secret" "organization_workload_identity_sa" { provider = github.foundation_org_scoped repository = github_repository.organizations_repo.name - variable_name = "GCP_SERVICE_ACCOUNT" + secret_name = "GCP_SERVICE_ACCOUNT" value = var.organization_workload_identity_sa } -resource "github_actions_variable" "bootstrap_workload_identity_sa" { - provider = github.foundation_org_scoped - - repository = github_repository.bootstrap_repo.name - variable_name = "GCP_SERVICE_ACCOUNT" - value = var.bootstrap_workload_identity_sa -} - resource "github_actions_variable" "gcp_secret_manager_project_id" { provider = github.foundation_org_scoped @@ -22,10 +14,10 @@ resource "github_actions_variable" "gcp_secret_manager_project_id" { value = var.gcp_project_id } -resource "github_actions_organization_variable" "workload_identity_provider" { +resource "github_actions_organization_secret" "workload_identity_provider" { provider = github.foundation_org_scoped - variable_name = "WORKLOAD_IDENTITY_PROVIDER" + secret_name = "WORKLOAD_IDENTITY_PROVIDER" value = var.workload_identity_provider_name visibility = "selected" selected_repository_ids = [