Skip to content

ambient-code/opentofu

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github/workflows
.github/workflows
 
 
gcp
gcp
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 

Repository files navigation

ambient-code-opentofu

OpenTofu configurations for the ambient-code-platform GCP project.

What this manages

  • Workload Identity Federation - GitHub Actions in ambient-code/platform authenticate to GCP without service account keys
  • GCP API enablement - Vertex AI and supporting APIs
  • IAM bindings - roles/aiplatform.user for CI workloads
  • CI/CD - GitHub Actions workflow to validate, plan, and apply changes

State backend

State is stored in a GCS bucket (ambient-code-platform-tfstate). You must have access to this bucket to run tofu init.

The bucket should have:

  • Uniform bucket-level access enabled (no per-object ACLs)
  • Object versioning enabled (allows state recovery)
  • Restricted IAM — only project administrators and the CI identity

CI/CD

A GitHub Actions workflow runs on every push:

  • validate — runs tofu validate on all branches
  • plan — runs tofu plan on non-main branches
  • apply — runs tofu apply -auto-approve on main

The workflow authenticates to GCP via Direct Workload Identity Federation.

Local usage

cd gcp
tofu init
tofu plan
tofu apply

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages