Skip to content

ambient-code/opentofu

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github/workflows
.github/workflows
 
 
gcp
gcp
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 

Repository files navigation

ambient-code-opentofu

OpenTofu configurations for the ambient-code-platform GCP project.

What this manages

  • Workload Identity Federation - GitHub Actions in ambient-code/platform authenticate to GCP without service account keys
  • GCP API enablement - Vertex AI and supporting APIs
  • IAM bindings - roles/aiplatform.user for CI workloads
  • CI/CD - GitHub Actions workflow to validate, plan, and apply changes

CI/CD

OpenTofu

A GitHub Actions workflow runs on every push:

  • validate — runs tofu validate on all branches
  • plan — runs tofu plan on non-main branches
  • apply — runs tofu apply -auto-approve on main

The workflow authenticates to GCP via Direct Workload Identity Federation.

Local usage

cd gcp
tofu init
tofu plan
tofu apply

State backend

State is stored in a GCS bucket (ambient-code-platform-tfstate). You must have access to this bucket to run tofu init.

The bucket should have:

  • Uniform bucket-level access enabled (no per-object ACLs)
  • Object versioning enabled (allows state recovery)
  • Restricted IAM — only project administrators and the CI identity

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages