feat(module): add provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.1.0 - 2025-07-09
+
+### Added
+
+- Added provisioning of the AWS IAM user access key to a Forgejo runner repository's secret and variable.
+
 ## 1.0.1 - 2025-04-12
 
 ### Changed

README.md

@@ -10,7 +10,7 @@ and continuous integration tasks on AWS.
 
 ``` hcl
 module "aws_iam_ci_user" {
-  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.1"
+  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.1.0"
 
   core_policy_statements = jsonencode([
     {
@@ -19,6 +19,10 @@ module "aws_iam_ci_user" {
       Resource = "*"
     }
   ])
+  forgejo_repository = {
+    name  = local.name
+    owner = "adyxax"
+  }
   name = local.name
   tests_policy_statements = jsonencode([
     {

infrastructure/tofu/.terraform.lock.hcl

@@ -1,6 +1,23 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 
+provider "registry.opentofu.org/adyxax/forgejo" {
+  version     = "1.1.0"
+  constraints = "1.1.0"
+  hashes = [
+    "h1:xa2K1rn2OzQofizev01UBKEgq4WHo3EM5/fiPCxFL/E=",
+    "zh:0a9fb11ae6b14abca1a5376b3c83182586e8735e67aa863b223737af1edb9802",
+    "zh:16a86c5a4b394f04ab14992b15ee812daee38c88570a6431a9dd7c0b961c3166",
+    "zh:2c2f2703fad8d682d74832ea650cb58efbaf7b63e67c57f4344561ab529c81de",
+    "zh:38326430e210fb899981a5d99b3dd17f0040356ef1879e0a3fe96c9d13d27b4b",
+    "zh:7757c16957287f8e1cca39d349d5c219fc31ef8ce55b60db9f83099e10cd3a93",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:b91bd40d90199ff8c811e241f94931a540d571807743dcd9768625d177c38e29",
+    "zh:efb6d4c30e3412a727c63af9d04ed4b24dfdde251d18343d62a45ae967e4f6ab",
+    "zh:f5357ef185a3183f01555371602471aeadc340a16b1f1355e706fedbfd1f9dad",
+  ]
+}
+
 provider "registry.opentofu.org/hashicorp/aws" {
   version     = "5.91.0"
   constraints = "5.91.0"

infrastructure/tofu/main.tf

@@ -8,7 +8,11 @@ module "aws_iam_ci_user" {
     aws.root  = aws.all["root"]
     aws.tests = aws.all["tests"]
   }
-  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.1"
+  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.1.0"
 
+  forgejo_repository = {
+    name  = local.name
+    owner = "adyxax"
+  }
   name = local.name
 }

infrastructure/tofu/providers.tf

@@ -11,6 +11,10 @@ terraform {
       source  = "hashicorp/aws"
       version = "5.91.0"
     }
+    forgejo = {
+      source  = "adyxax/forgejo"
+      version = "1.1.0"
+    }
   }
 }
 
@@ -22,3 +26,7 @@ provider "aws" {
   profile = each.key
   region  = "eu-west-3"
 }
+
+provider "forgejo" {
+  base_uri = "https://git.adyxax.org/"
+}

main.tf

@@ -44,3 +44,17 @@ module "aws_iam_user" {
   assume_role_account_names = ["core", "tests"]
   name                      = var.name
 }
+
+resource "forgejo_repository_actions_secret" "aws_iam_user" {
+  data       = module.aws_iam_user.access_key_secret
+  name       = "AWS_ACCESS_KEY_SECRET"
+  owner      = var.forgejo_repository.owner
+  repository = var.forgejo_repository.name
+}
+
+resource "forgejo_repository_actions_variable" "aws_iam_user" {
+  data       = module.aws_iam_user.access_key_id
+  name       = "AWS_ACCESS_KEY_ID"
+  owner      = var.forgejo_repository.owner
+  repository = var.forgejo_repository.name
+}

providers.tf

@@ -4,5 +4,8 @@ terraform {
       configuration_aliases = [aws.core, aws.root, aws.tests]
       source                = "hashicorp/aws"
     }
+    forgejo = {
+      source = "adyxax/forgejo"
+    }
   }
 }

variables.tf

@@ -11,6 +11,15 @@ variable "name" {
   type        = string
 }
 
+variable "forgejo_repository" {
+  description = "The Forgejo's repository information the IAM user's access key will be provisioned to."
+  nullable    = false
+  type = object({
+    name  = string
+    owner = string
+  })
+}
+
 variable "tests_policy_statements" {
   default     = "[]"
   description = "The JSON encoded list of AWS policy statements for the role in the tests AWS account."