Merge pull request #1 from e2b-dev/dev

Add dev workflow

Author: jakubno

.github/workflows/fc-kernels.yml

@@ -2,8 +2,6 @@ name: FC Kernels
 
 on:
   push:
-    branches:
-      - main
 
 permissions:
   id-token: write
@@ -25,10 +23,21 @@ jobs:
       - name: Build kernels
         run: sudo make build
 
+      - name: Set bucket based on branch
+        id: set-bucket
+        run: |
+          if [ "${{ github.ref_name }}" = "main" ]; then
+            echo "DESTINATION=${{ vars.GCP_BUCKET_NAME }}/kernels" >> $GITHUB_OUTPUT
+          else
+            echo "DESTINATION=${{ vars.GCP_DEV_BUCKET_NAME }}/${{ github.ref_name }}" >> $GITHUB_OUTPUT
+            echo "You can copy the built kernels by running the following command in your infra repo:"
+            echo "gsutil cp -r builds gs://${{ vars.GCP_DEV_BUCKET_NAME }}/${{ github.ref_name }}/* gs://$(GCP_PROJECT_ID)-fc-kernels/"
+          fi
+
       - name: Upload kernels
         uses: "google-github-actions/upload-cloud-storage@v1"
         with:
           path: "./builds"
-          destination: ${{ secrets.GCP_BUCKET_NAME }}/kernels
+          destination: ${{ steps.set-bucket.outputs.DESTINATION }}/kernels
           gzip: false
           parent: false

terraform/.env.template

@@ -1,3 +1,4 @@
 GCP_PROJECT_ID=
 PREFIX=
-TERRAFORM_STATE_BUCKET=
+TERRAFORM_STATE_BUCKET=
+GCP_REGION=

terraform/Makefile

@@ -2,7 +2,8 @@
 
 tf_vars := TF_VAR_gcp_project_id=$(GCP_PROJECT_ID) \
 	TF_VAR_prefix=$(PREFIX) \
-	TF_VAR_terraform_state_bucket=$(TERRAFORM_STATE_BUCKET)
+	TF_VAR_terraform_state_bucket=$(TERRAFORM_STATE_BUCKET) \
+	TF_VAR_gcp_region=$(GCP_REGION) \
 
 
 .PHONY: init

terraform/main.tf

@@ -62,12 +62,32 @@ resource "google_service_account" "fc_kernels" {
   display_name = "Service account for ${var.github_repository} FC Kernels"
 }
 
-resource "google_storage_bucket_iam_member" "fc_template_bucket_iam" {
+resource "google_storage_bucket_iam_member" "fc_kernels_bucket_iam" {
   bucket = var.gcs_bucket_name
   role   = "roles/storage.objectUser"
   member = "serviceAccount:${google_service_account.fc_kernels.email}"
 }
 
+resource "google_storage_bucket" "development_bucket" {
+  location = var.gcp_region
+  name     = "${var.gcp_project_id}-fc-kernels-development"
+}
+
+resource "google_storage_bucket_iam_binding" "org_read_access" {
+  bucket = google_storage_bucket.development_bucket.name
+  role   = "roles/storage.objectViewer"
+
+  members = [
+    "domain:e2b.dev"
+  ]
+}
+
+resource "google_storage_bucket_iam_member" "fc_kernels_development_bucket_iam" {
+  bucket = google_storage_bucket.development_bucket.name
+  role   = "roles/storage.objectUser"
+  member = "serviceAccount:${google_service_account.fc_kernels.email}"
+}
+
 resource "google_service_account_iam_member" "gha_service_account_wif_tokencreator_iam_member" {
   service_account_id = google_service_account.fc_kernels.name
   role               = "roles/iam.workloadIdentityUser"
@@ -97,10 +117,15 @@ resource "github_actions_secret" "service_account_email_secret" {
   plaintext_value = google_service_account.fc_kernels.email
 }
 
+resource "github_actions_variable" "gcs_bucket_name" {
+  repository    = var.github_repository
+  value         = var.gcs_bucket_name
+  variable_name = "GCP_BUCKET_NAME"
+}
 
-resource "github_actions_secret" "gcs_bucket_name" {
-  repository      = var.github_repository
-  secret_name     = "GCP_BUCKET_NAME"
-  plaintext_value = var.gcs_bucket_name
+resource "github_actions_variable" "gcs_dev_bucket_name" {
+  repository    = var.github_repository
+  variable_name = "GCP_DEV_BUCKET_NAME"
+  value         = google_storage_bucket.development_bucket.name
 }
 

terraform/variables.tf

@@ -8,6 +8,10 @@ variable "github_repository" {
   default = "fc-kernels"
 }
 
+variable "gcp_region" {
+  type = string
+}
+
 variable "gcp_project_id" {
   description = "The project to deploy the cluster in"
   type        = string