rshamunov commented on code in PR #26513: URL: https://github.com/apache/beam/pull/26513#discussion_r1187490100
########## playground/terraform/infrastructure/cloudbuild-manual-setup/README.md: ########## @@ -66,19 +98,26 @@ cd playground/terraform/infrastructure/cloudbuild-manual-setup/01.setup/ # Run terraform commands terraform init -backend-config="bucket=$STATE_BUCKET" -terraform apply -var="project_id=$(gcloud config get-value project)" +terraform apply var="project_id=$(gcloud config get-value project)" -var-file="$BEAM_ROOT/playground/terraform/environment/$ENVIRONMENT_NAME/common.tfvars" ``` -## 2. Connect Apache Beam GitHub repository and GCP Cloud Build -**Note:** Ensure correct `region` is set in [Cloud Build Triggers](https://console.cloud.google.com/cloud-build/triggers) page before proceeding further. +## 3. Provide IAM role for Google-managed service account + +1. Navigate to GCP Console. +2. Navigate to `IAM & Admin`. +3. Check the box `Include Google-provided role grants` on the right side of the IAM & Admin page. +4. Look for `[email protected]` service account. +5. Assign `Secret Manager Secret Accessor` to it. -Follow [Connect to a GitHub repository](https://cloud.google.com/build/docs/automating-builds/github/connect-repo-github) to connect Apache Beam GitHub repository and GCP Cloud Build. +## 4. Connect beamplayground/deploy-workaround GitHub repository and GCP Cloud Build Review Comment: It could be any repo. Define beamplayground/deploy-workaround as default value in common.tfvars, but describe general approach here -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
