feat(mysql): cross-repo MySQL app provisioning contract by poly-glot · Pull Request #30 · poly-glot/firebase-cloud

poly-glot · 2026-04-25T14:45:01Z

Summary

Establishes a single contract (mysql-app-catalog GSM secret) between firebase-cloud and personal-cloud so adding a new app's MySQL database becomes a one-file edit + push.

New app-with-mysql module: per-app GSM secret shells ({app}-db-{user,pass,name}) + IAM bindings to runtime SA + db-host access.
New mysql-catalog.tf: publishes JSON map of apps to GSM, plus IAM bindings granting personal-cloud-ci-cd deploy SA reader on bootstrap secrets (catalog, db-admin-, oci-tf-aws-).
Migrate shehryar.tf: removes inline secret declarations, uses the new module. Cloud Run env refs use literal secret IDs (consistent with existing db-host pattern).
Threads personal_cloud_deploy_sa variable through the apps module boundary.
shehryar app outputs surfaced at root (Cloud Run URL, custom domain, WIF provider, etc.).

State for shehryar-db-{user,pass,name} shells already imported into the new module addresses; this PR's apply will be a no-op on those (they show as in-place updates only because the GCP provider auto-adds goog-terraform-provisioned labels).

Companion PR on personal-cloud has already merged (commit b318211): consumes the catalog, drops duplicate shell ownership, all 6 OCI-using workflows now fetch creds from GSM after WIF auth.

Spec: docs/superpowers/specs/2026-04-25-mysql-app-provisioning-design.md in personal-cloud.
Plan: docs/superpowers/plans/2026-04-25-mysql-app-provisioning.md in personal-cloud.

Test plan

CI plan output: ~31 to add, ~8 in-place updates (auto-labels), 0 destroys (modulo unrelated drift)
After apply: gcloud secrets versions access latest --secret=mysql-app-catalog | jq . returns {"shehryar":{"database":"rn_chatapp","sa_email":"shehryar-runtime@..."}}
After apply: gcloud iam service-accounts list --filter="email~shehryar" shows both -runtime and -ci-cd SAs
After apply: gcloud secrets get-iam-policy shehryar-db-user shows shehryar-runtime binding
After apply: gcloud secrets get-iam-policy mysql-app-catalog shows personal-cloud-ci-cd binding
Manual trigger of terraform-mysql-apps.yaml on personal-cloud succeeds and writes per-app secret versions

Encapsulates per-app GSM secret shells (user/pass/name) and IAM bindings granting the runtime SA reader on its own shells plus the shared db-host secret. Output app_entry feeds mysql-app-catalog.

Email of the personal-cloud CI/CD service account that needs reader access on bootstrap GSM secrets (oci-tf-aws-*, db-admin-*). Default matches the production SA; overridable via tfvars.

- shehryar.tf: replaces 3 inline secret resources with the app-with-mysql module call. Cloud Run secret refs now use literal IDs (consistent with the existing db-host pattern). - mysql-catalog.tf: locals.mysql_apps publishes JSON to the mysql-app-catalog GSM secret. IAM bindings grant personal-cloud's deploy SA reader on the bootstrap secrets so its workflow can fetch creds without manual gcloud bootstrapping. - variables.tf + main.tf: thread personal_cloud_deploy_sa through the apps module boundary. - outputs.tf: surface shehryar identity/hosting/api URLs at root. State for shehryar-db-{user,pass,name} shells has been imported into the new module addresses.

github-actions · 2026-04-25T14:45:51Z

Terraform Plan `success`

Show Plan

data.google_project.project: Reading...
module.project_setup.google_project_service.apis["cloudfunctions.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/cloudfunctions.googleapis.com]
module.project_setup.google_project_service.apis["storage.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/storage.googleapis.com]
module.project_setup.google_project_service.apis["cloudbuild.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/cloudbuild.googleapis.com]
module.project_setup.google_project_service.apis["iam.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/iam.googleapis.com]
module.project_setup.google_project_service.apis["cloudresourcemanager.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/cloudresourcemanager.googleapis.com]
module.project_setup.google_project_service.apis["firestore.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/firestore.googleapis.com]
module.project_setup.google_project_service.apis["artifactregistry.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/artifactregistry.googleapis.com]
module.project_setup.google_project_service.apis["cloudscheduler.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/cloudscheduler.googleapis.com]
module.project_setup.google_project_service.apis["firebasedatabase.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/firebasedatabase.googleapis.com]
data.google_project.project: Read complete after 1s [id=projects/firebase-cloud-491613]
module.project_setup.google_project_service.apis["firebasehosting.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/firebasehosting.googleapis.com]
module.project_setup.google_project_service.apis["pubsub.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/pubsub.googleapis.com]
module.project_setup.google_project_service.apis["bigquery.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/bigquery.googleapis.com]
module.project_setup.google_project_service.apis["firebase.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/firebase.googleapis.com]
module.project_setup.google_project_service.apis["identitytoolkit.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/identitytoolkit.googleapis.com]
module.project_setup.google_project_service.apis["firebaserules.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/firebaserules.googleapis.com]
module.project_setup.google_project_service.apis["dns.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/dns.googleapis.com]
module.project_setup.google_project_service.apis["maps-embed-backend.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/maps-embed-backend.googleapis.com]
module.project_setup.google_project_service.apis["compute.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/compute.googleapis.com]
module.project_setup.google_project_service.apis["bigquerydatatransfer.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/bigquerydatatransfer.googleapis.com]
module.project_setup.google_project_service.apis["street-view-image-backend.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/street-view-image-backend.googleapis.com]
module.project_setup.google_project_service.apis["secretmanager.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/secretmanager.googleapis.com]
module.project_setup.google_project_service.apis["apikeys.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/apikeys.googleapis.com]
module.project_setup.google_project_service.apis["maps-backend.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/maps-backend.googleapis.com]
module.project_setup.google_project_service.apis["serviceusage.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/serviceusage.googleapis.com]
module.project_setup.google_project_service.apis["cloudbilling.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/cloudbilling.googleapis.com]
module.project_setup.google_project_service.apis["aiplatform.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/aiplatform.googleapis.com]
module.project_setup.google_project_service.apis["eventarc.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/eventarc.googleapis.com]
module.project_setup.google_project_service.apis["run.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/run.googleapis.com]
module.project_setup.google_project_service.apis["iamcredentials.googleapis.com"]: Refreshing state... [id=firebase-cloud-491613/iamcredentials.googleapis.com]
module.project_setup.google_firebase_project.default: Refreshing state... [id=projects/firebase-cloud-491613]
module.project_setup.google_identity_platform_config.auth: Refreshing state... [id=projects/firebase-cloud-491613/config]
module.artifact_registry.google_artifact_registry_repository.docker: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/repositories/firebase-cloud]
module.wif_pool.google_iam_workload_identity_pool.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool]
module.apps.google_apikeys_key.openguessr_maps_web: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/keys/openguessr-maps-web]
module.apps.google_service_account.mysql_keepalive_scheduler: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/mysql-keepalive-scheduler@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_service_account.mysql_keepalive: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/mysql-keepalive@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_secret_manager_secret.openguessr_google_maps_api_key: Refreshing state... [id=projects/firebase-cloud-491613/secrets/openguessr-GOOGLE_MAPS_API_KEY]
module.apps.google_secret_manager_secret.db_user: Refreshing state... [id=projects/firebase-cloud-491613/secrets/db-user]
module.apps.module.crea8ivedesign_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/crea8ivedesign-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_secret_manager_secret.db_pass: Refreshing state... [id=projects/firebase-cloud-491613/secrets/db-pass]
module.apps.module.amazingcar_2003_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/amazingcar-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.crea8ivedesign_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/crea8ivedesign-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.shehryar_db.google_secret_manager_secret.shells["name"]: Refreshing state... [id=projects/firebase-cloud-491613/secrets/shehryar-db-name]
module.apps.module.shehryar_db.google_secret_manager_secret.shells["pass"]: Refreshing state... [id=projects/firebase-cloud-491613/secrets/shehryar-db-pass]
module.apps.module.shehryar_db.google_secret_manager_secret.shells["user"]: Refreshing state... [id=projects/firebase-cloud-491613/secrets/shehryar-db-user]
module.apps.module.azadi_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/openguessr]
module.apps.module.amazing_landing_firestore.google_firestore_database.app: Refreshing state... [id=projects/firebase-cloud-491613/databases/amazing-landing]
module.apps.module.azadi_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/azadi]
module.apps.module.hooklab_firestore.google_firestore_database.app: Refreshing state... [id=projects/firebase-cloud-491613/databases/hooklab]
module.apps.module.hooklab_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/hooklab]
module.apps.module.amazingcar_2003_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/amazingcar-2003]
module.apps.module.thehighlands_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/thehighlands]
module.apps.module.pakistan_2003_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/pakistan-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/azadi-go-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/amazing-landing-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_firebase_database_instance.openguessr: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west1/instances/firebase-cloud-491613-default-rtdb]
module.apps.module.hooklab_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/amazing-landing]
module.apps.module.azadi_go_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/azadi-go]
module.apps.module.azadi_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/azadi-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_secret_manager_secret.db_host: Refreshing state... [id=projects/firebase-cloud-491613/secrets/db-host]
module.apps.module.azadi_go_firestore.google_firestore_database.app: Refreshing state... [id=projects/firebase-cloud-491613/databases/azadi-go]
module.apps.module.azadi_go_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.crea8ivedesign_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/crea8ivedesign]
module.apps.module.azadi_firestore.google_firestore_database.app: Refreshing state... [id=projects/firebase-cloud-491613/databases/azadi]
module.apps.module.thehighlands_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/thehighlands-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.pakistan_2003_hosting.google_firebase_hosting_site.default: Refreshing state... [id=projects/firebase-cloud-491613/sites/pakistan-2003]
module.apps.module.pakistan_2003_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/pakistan-2003-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazingcar_2003_identity.google_service_account.runtime: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/amazingcar-2003-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.thehighlands_identity.google_service_account.ci_cd: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/thehighlands-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_secret_manager_secret_version.openguessr_google_maps_api_key: Refreshing state... [id=projects/563789376070/secrets/openguessr-GOOGLE_MAPS_API_KEY/versions/1]
module.apps.module.crea8ivedesign_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:crea8ivedesign-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazingcar_2003_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:amazingcar-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazingcar_2003_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:amazingcar-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazingcar_2003_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:amazingcar-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazingcar_2003_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:amazingcar-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_project_iam_member.mysql_keepalive_logging: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:mysql-keepalive@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_project_iam_member.mysql_keepalive_secrets: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:mysql-keepalive@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.crea8ivedesign_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:crea8ivedesign-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.crea8ivedesign_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:crea8ivedesign-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.crea8ivedesign_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:crea8ivedesign-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.crea8ivedesign_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:crea8ivedesign-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/cloudbuild.builds.builder"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudbuild.builds.builder/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/run.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/run.admin/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/artifactregistry.writer"]: Refreshing state... [id=firebase-cloud-491613/roles/artifactregistry.writer/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.pakistan_2003_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:pakistan-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.pakistan_2003_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:pakistan-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.pakistan_2003_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:pakistan-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.pakistan_2003_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:pakistan-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.runtime_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.runtime_roles["roles/aiplatform.user"]: Refreshing state... [id=firebase-cloud-491613/roles/aiplatform.user/serviceAccount:openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.runtime_roles["roles/firebasedatabase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasedatabase.admin/serviceAccount:openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.runtime_roles["roles/firebaseauth.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebaseauth.admin/serviceAccount:openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.runtime_roles["roles/cloudtrace.agent"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudtrace.agent/serviceAccount:azadi-go-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.runtime_roles["roles/monitoring.metricWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/monitoring.metricWriter/serviceAccount:azadi-go-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.runtime_roles["roles/datastore.user"]: Refreshing state... [id=firebase-cloud-491613/roles/datastore.user/serviceAccount:azadi-go-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.runtime_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:azadi-go-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:azadi-go-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.runtime_roles["roles/cloudtrace.agent"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudtrace.agent/serviceAccount:amazing-landing-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.runtime_roles["roles/datastore.user"]: Refreshing state... [id=firebase-cloud-491613/roles/datastore.user/serviceAccount:amazing-landing-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:amazing-landing-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.runtime_roles["roles/monitoring.metricWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/monitoring.metricWriter/serviceAccount:amazing-landing-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/aiplatform.user"]: Refreshing state... [id=firebase-cloud-491613/roles/aiplatform.user/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/cloudtrace.agent"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudtrace.agent/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/bigquery.dataViewer"]: Refreshing state... [id=firebase-cloud-491613/roles/bigquery.dataViewer/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/bigquery.jobUser"]: Refreshing state... [id=firebase-cloud-491613/roles/bigquery.jobUser/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/monitoring.metricWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/monitoring.metricWriter/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/datastore.user"]: Refreshing state... [id=firebase-cloud-491613/roles/datastore.user/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.runtime_roles["roles/firebaseauth.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebaseauth.admin/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/cloudbuild.builds.builder"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudbuild.builds.builder/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/run.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/run.admin/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/artifactregistry.writer"]: Refreshing state... [id=firebase-cloud-491613/roles/artifactregistry.writer/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/azadi/versions/138e6657c33683e1]
module.apps.module.amazingcar_2003_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/amazingcar-2003/versions/dbb4eab80d297817]
module.apps.module.hooklab_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/hooklab/versions/8219e1e95f34a7a9]
module.apps.module.openguessr_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/openguessr/versions/8b239311f164a5c6]
module.apps.module.azadi_identity.google_project_iam_member.runtime_roles["roles/cloudtrace.agent"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudtrace.agent/serviceAccount:azadi-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.runtime_roles["roles/datastore.user"]: Refreshing state... [id=firebase-cloud-491613/roles/datastore.user/serviceAccount:azadi-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.runtime_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:azadi-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.runtime_roles["roles/monitoring.metricWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/monitoring.metricWriter/serviceAccount:azadi-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:azadi-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/cloudbuild.builds.builder"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudbuild.builds.builder/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/artifactregistry.writer"]: Refreshing state... [id=firebase-cloud-491613/roles/artifactregistry.writer/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_identity.google_project_iam_member.ci_cd_roles["roles/run.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/run.admin/serviceAccount:hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/artifactregistry.writer"]: Refreshing state... [id=firebase-cloud-491613/roles/artifactregistry.writer/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/run.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/run.admin/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_identity.google_project_iam_member.ci_cd_roles["roles/cloudbuild.builds.builder"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudbuild.builds.builder/serviceAccount:azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.thehighlands_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/thehighlands/versions/87b4233c5b3298ca]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/cloudscheduler.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudscheduler.admin/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/secretmanager.secretAccessor"]: Refreshing state... [id=firebase-cloud-491613/roles/secretmanager.secretAccessor/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/run.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/run.admin/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/artifactregistry.writer"]: Refreshing state... [id=firebase-cloud-491613/roles/artifactregistry.writer/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.openguessr_identity.google_project_iam_member.ci_cd_roles["roles/cloudbuild.builds.builder"]: Refreshing state... [id=firebase-cloud-491613/roles/cloudbuild.builds.builder/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.thehighlands_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:thehighlands-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.pakistan_2003_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:pakistan-2003-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazingcar_2003_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"]: Refreshing state... [id=firebase-cloud-491613/roles/logging.logWriter/serviceAccount:amazingcar-2003-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.thehighlands_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"]: Refreshing state... [id=firebase-cloud-491613/roles/iam.serviceAccountUser/serviceAccount:thehighlands-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.thehighlands_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"]: Refreshing state... [id=firebase-cloud-491613/roles/serviceusage.serviceUsageConsumer/serviceAccount:thehighlands-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.thehighlands_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebase.admin/serviceAccount:thehighlands-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.thehighlands_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"]: Refreshing state... [id=firebase-cloud-491613/roles/firebasehosting.admin/serviceAccount:thehighlands-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.amazing_landing_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/amazing-landing/versions/504f28d0d1e5a4b8]
module.apps.module.azadi_go_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/azadi-go/versions/18692f50ff84c654]
module.apps.module.pakistan_2003_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/pakistan-2003/versions/34a0caa4a770cec3]
module.apps.module.crea8ivedesign_hosting.google_firebase_hosting_version.default: Refreshing state... [id=sites/crea8ivedesign/versions/8df08a71ad43d5fa]
module.apps.google_cloud_run_v2_job.mysql_keepalive: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/jobs/mysql-keepalive]
module.apps.google_firebase_hosting_custom_domain.amazingcar_2003: Refreshing state... [id=projects/firebase-cloud-491613/sites/amazingcar-2003/customDomains/amazingcar-2003.junaid.guru]
module.apps.google_firebase_hosting_custom_domain.thehighlands: Refreshing state... [id=projects/firebase-cloud-491613/sites/thehighlands/customDomains/thehighlands.junaid.guru]
module.apps.google_firebase_hosting_custom_domain.pakistan_2003: Refreshing state... [id=projects/firebase-cloud-491613/sites/pakistan-2003/customDomains/pakistan-2003.junaid.guru]
module.apps.google_firebase_hosting_custom_domain.crea8ivedesign: Refreshing state... [id=projects/firebase-cloud-491613/sites/crea8ivedesign/customDomains/crea8ivedesign.junaid.guru]
module.apps.module.azadi_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/azadi-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/azadi]
module.apps.module.crea8ivedesign_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/crea8ivedesign-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/crea8ivedesign]
module.apps.module.openguessr_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/openguessr]
module.apps.module.amazingcar_2003_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/amazingcar-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/amazingcar-2003]
module.apps.module.amazing_landing_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/amazing-landing-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/amazing-landing]
module.apps.module.thehighlands_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/thehighlands-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/thehighlands]
module.apps.module.pakistan_2003_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/pakistan-2003-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/pakistan-2003]
module.apps.module.azadi_go_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/azadi-go-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/azadi-go]
module.apps.module.azadi_go_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/azadi-go-github]
module.apps.module.hooklab_identity.google_service_account_iam_member.wif_binding: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/hooklab-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.workloadIdentityUser/principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/hooklab]
module.apps.module.azadi_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/azadi-github]
module.apps.module.thehighlands_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/thehighlands-github]
module.apps.module.amazing_landing_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/amazing-landing-github]
module.apps.module.crea8ivedesign_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/crea8ivedesign-github]
module.apps.module.pakistan_2003_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/pakistan-2003-github]
module.apps.module.openguessr_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/openguessr-github]
module.apps.module.amazingcar_2003_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/amazingcar-2003-github]
module.apps.module.hooklab_identity.google_iam_workload_identity_pool_provider.github: Refreshing state... [id=projects/firebase-cloud-491613/locations/global/workloadIdentityPools/github-actions-pool/providers/hooklab-github]
module.apps.google_cloud_run_v2_job_iam_member.scheduler_invoker: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/jobs/mysql-keepalive/roles/run.invoker/serviceAccount:mysql-keepalive-scheduler@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.azadi_go_cloud_run.google_cloud_run_v2_service.default: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/azadi-go-api]
module.apps.module.amazing_landing_cloud_run.google_cloud_run_v2_service.default: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/amazing-landing-api]
module.apps.module.azadi_cloud_run.google_cloud_run_v2_service.default: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/azadi-api]
module.apps.google_service_account_iam_member.openguessr_runtime_token_creator: Refreshing state... [id=projects/firebase-cloud-491613/serviceAccounts/openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com/roles/iam.serviceAccountTokenCreator/serviceAccount:openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_secret_manager_secret_iam_member.openguessr_maps_key_cicd_admin: Refreshing state... [id=projects/firebase-cloud-491613/secrets/openguessr-GOOGLE_MAPS_API_KEY/roles/secretmanager.admin/serviceAccount:openguessr-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.google_secret_manager_secret_iam_member.openguessr_maps_key_runtime_access: Refreshing state... [id=projects/firebase-cloud-491613/secrets/openguessr-GOOGLE_MAPS_API_KEY/roles/secretmanager.secretAccessor/serviceAccount:openguessr-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_bigquery.google_project_iam_member.bq_data_editor: Refreshing state... [id=firebase-cloud-491613/roles/bigquery.dataEditor/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_bigquery.google_project_iam_member.bq_job_user: Refreshing state... [id=firebase-cloud-491613/roles/bigquery.jobUser/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_bigquery.google_bigquery_dataset.app: Refreshing state... [id=projects/firebase-cloud-491613/datasets/hooklab]
module.apps.module.hooklab_bigquery.google_project_iam_member.vertex_user: Refreshing state... [id=firebase-cloud-491613/roles/aiplatform.user/serviceAccount:hooklab-runtime@firebase-cloud-491613.iam.gserviceaccount.com]
module.apps.module.hooklab_cloud_run.google_cloud_run_v2_service.default: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/hooklab-api]
module.apps.module.azadi_go_cloud_run.google_cloud_run_v2_service_iam_member.public[0]: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/azadi-go-api/roles/run.invoker/allUsers]
module.apps.module.hooklab_bigquery.google_bigquery_table.executions: Refreshing state... [id=projects/firebase-cloud-491613/datasets/hooklab/tables/executions]
module.apps.module.hooklab_cloud_run.google_cloud_run_v2_service_iam_member.public[0]: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/hooklab-api/roles/run.invoker/allUsers]
module.apps.module.amazing_landing_cloud_run.google_cloud_run_v2_service_iam_member.public[0]: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/amazing-landing-api/roles/run.invoker/allUsers]
module.apps.module.azadi_cloud_run.google_cloud_run_v2_service_iam_member.public[0]: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/services/azadi-api/roles/run.invoker/allUsers]
module.apps.google_cloud_scheduler_job.mysql_keepalive: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/jobs/mysql-keepalive-daily]
module.apps.module.azadi_scheduler.google_cloud_scheduler_job.jobs["azadi-settlement-cleanup"]: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/jobs/azadi-settlement-cleanup]
module.apps.module.hooklab_scheduler.google_cloud_scheduler_job.jobs["hooklab-aggregate"]: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/jobs/hooklab-aggregate]
module.apps.module.hooklab_scheduler.google_cloud_scheduler_job.jobs["hooklab-cleanup"]: Refreshing state... [id=projects/firebase-cloud-491613/locations/europe-west2/jobs/hooklab-cleanup]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # module.apps.google_cloud_run_v2_service.shehryar_api will be created
  + resource "google_cloud_run_v2_service" "shehryar_api" {
      + conditions              = (known after apply)
      + create_time             = (known after apply)
      + creator                 = (known after apply)
      + delete_time             = (known after apply)
      + deletion_protection     = false
      + effective_annotations   = (known after apply)
      + effective_labels        = {
          + "goog-terraform-provisioned" = "true"
        }
      + etag                    = (known after apply)
      + expire_time             = (known after apply)
      + generation              = (known after apply)
      + id                      = (known after apply)
      + ingress                 = "INGRESS_TRAFFIC_ALL"
      + last_modifier           = (known after apply)
      + latest_created_revision = (known after apply)
      + latest_ready_revision   = (known after apply)
      + launch_stage            = (known after apply)
      + location                = "europe-west2"
      + name                    = "shehryar-api"
      + observed_generation     = (known after apply)
      + project                 = "firebase-cloud-491613"
      + reconciling             = (known after apply)
      + terminal_condition      = (known after apply)
      + terraform_labels        = {
          + "goog-terraform-provisioned" = "true"
        }
      + traffic_statuses        = (known after apply)
      + uid                     = (known after apply)
      + update_time             = (known after apply)
      + uri                     = (known after apply)
      + urls                    = (known after apply)

      + template {
          + execution_environment            = "EXECUTION_ENVIRONMENT_GEN2"
          + max_instance_request_concurrency = (known after apply)
          + service_account                  = "shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
          + timeout                          = "300s"

          + containers {
              + build_info = (known after apply)
              + image      = "europe-west2-docker.pkg.dev/firebase-cloud-491613/firebase-cloud/shehryar-api:latest"

              + env {
                  + name  = "APP_ENV"
                  + value = "production"
                }
              + env {
                  + name  = "DB_HOST"
                    # (1 unchanged attribute hidden)

                  + value_source {
                      + secret_key_ref {
                          + secret  = "db-host"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "DB_NAME"
                    # (1 unchanged attribute hidden)

                  + value_source {
                      + secret_key_ref {
                          + secret  = "shehryar-db-name"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "DB_PASS"
                    # (1 unchanged attribute hidden)

                  + value_source {
                      + secret_key_ref {
                          + secret  = "shehryar-db-pass"
                          + version = "latest"
                        }
                    }
                }
              + env {
                  + name  = "DB_USER"
                    # (1 unchanged attribute hidden)

                  + value_source {
                      + secret_key_ref {
                          + secret  = "shehryar-db-user"
                          + version = "latest"
                        }
                    }
                }

              + liveness_probe {
                  + failure_threshold     = 3
                  + initial_delay_seconds = 0
                  + period_seconds        = 30
                  + timeout_seconds       = 3

                  + http_get {
                      + path = "/"
                      + port = (known after apply)
                    }
                }

              + ports (known after apply)

              + resources {
                  + cpu_idle          = true
                  + limits            = {
                      + "cpu"    = "1"
                      + "memory" = "512Mi"
                    }
                  + startup_cpu_boost = true
                }

              + startup_probe {
                  + failure_threshold     = 3
                  + initial_delay_seconds = 5
                  + period_seconds        = 10
                  + timeout_seconds       = 3

                  + http_get {
                      + path = "/chatapp/health.php"
                      + port = (known after apply)
                    }
                }
            }

          + scaling {
              + max_instance_count = 1
              + min_instance_count = 0
            }
        }

      + traffic {
          + percent = 100
          + type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
        }
    }

  # module.apps.google_cloud_run_v2_service_iam_member.shehryar_api_public will be created
  + resource "google_cloud_run_v2_service_iam_member" "shehryar_api_public" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + location = "europe-west2"
      + member   = "allUsers"
      + name     = "shehryar-api"
      + project  = "firebase-cloud-491613"
      + role     = "roles/run.invoker"
    }

  # module.apps.google_firebase_hosting_custom_domain.shehryar will be created
  + resource "google_firebase_hosting_custom_domain" "shehryar" {
      + cert                  = (known after apply)
      + cert_preference       = (known after apply)
      + create_time           = (known after apply)
      + custom_domain         = "shehryar.junaid.guru"
      + delete_time           = (known after apply)
      + etag                  = (known after apply)
      + expire_time           = (known after apply)
      + host_state            = (known after apply)
      + id                    = (known after apply)
      + issues                = (known after apply)
      + name                  = (known after apply)
      + ownership_state       = (known after apply)
      + project               = "firebase-cloud-491613"
      + reconciling           = (known after apply)
      + required_dns_updates  = (known after apply)
      + site_id               = "shehryar"
      + update_time           = (known after apply)
      + wait_dns_verification = false
    }

  # module.apps.google_secret_manager_secret.mysql_app_catalog will be created
  + resource "google_secret_manager_secret" "mysql_app_catalog" {
      + create_time           = (known after apply)
      + deletion_protection   = false
      + effective_annotations = (known after apply)
      + effective_labels      = {
          + "goog-terraform-provisioned" = "true"
        }
      + expire_time           = (known after apply)
      + id                    = (known after apply)
      + name                  = (known after apply)
      + project               = "firebase-cloud-491613"
      + secret_id             = "mysql-app-catalog"
      + terraform_labels      = {
          + "goog-terraform-provisioned" = "true"
        }

      + replication {
          + auto {
            }
        }
    }

  # module.apps.google_secret_manager_secret_iam_member.personal_cloud_bootstrap_access["db-admin-pass"] will be created
  + resource "google_secret_manager_secret_iam_member" "personal_cloud_bootstrap_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:personal-cloud-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "db-admin-pass"
    }

  # module.apps.google_secret_manager_secret_iam_member.personal_cloud_bootstrap_access["db-admin-user"] will be created
  + resource "google_secret_manager_secret_iam_member" "personal_cloud_bootstrap_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:personal-cloud-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "db-admin-user"
    }

  # module.apps.google_secret_manager_secret_iam_member.personal_cloud_bootstrap_access["mysql-app-catalog"] will be created
  + resource "google_secret_manager_secret_iam_member" "personal_cloud_bootstrap_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:personal-cloud-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "mysql-app-catalog"
    }

  # module.apps.google_secret_manager_secret_iam_member.personal_cloud_bootstrap_access["oci-tf-aws-access-key-id"] will be created
  + resource "google_secret_manager_secret_iam_member" "personal_cloud_bootstrap_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:personal-cloud-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "oci-tf-aws-access-key-id"
    }

  # module.apps.google_secret_manager_secret_iam_member.personal_cloud_bootstrap_access["oci-tf-aws-secret-access-key"] will be created
  + resource "google_secret_manager_secret_iam_member" "personal_cloud_bootstrap_access" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:personal-cloud-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "oci-tf-aws-secret-access-key"
    }

  # module.apps.google_secret_manager_secret_version.mysql_app_catalog will be created
  + resource "google_secret_manager_secret_version" "mysql_app_catalog" {
      + create_time            = (known after apply)
      + deletion_policy        = "DELETE"
      + destroy_time           = (known after apply)
      + enabled                = true
      + id                     = (known after apply)
      + is_secret_data_base64  = false
      + name                   = (known after apply)
      + secret                 = (known after apply)
      + secret_data            = (sensitive value)
      + secret_data_wo_version = 0
      + version                = (known after apply)
    }

  # module.project_setup.google_identity_platform_config.auth will be updated in-place
  ~ resource "google_identity_platform_config" "auth" {
        id                         = "projects/firebase-cloud-491613/config"
        name                       = "projects/563789376070/config"
        # (3 unchanged attributes hidden)

      - multi_tenant {
          - allow_tenants           = false -> null
            # (1 unchanged attribute hidden)
        }

      ~ sign_in {
            # (2 unchanged attributes hidden)

          - phone_number {
              - enabled            = false -> null
              - test_phone_numbers = {} -> null
            }

            # (2 unchanged blocks hidden)
        }

        # (4 unchanged blocks hidden)
    }

  # module.apps.module.amazing_landing_cloud_run.google_cloud_run_v2_service.default will be updated in-place
  ~ resource "google_cloud_run_v2_service" "default" {
        id                      = "projects/firebase-cloud-491613/locations/europe-west2/services/amazing-landing-api"
        name                    = "amazing-landing-api"
        # (35 unchanged attributes hidden)

      - scaling {
          - manual_instance_count = 0 -> null
          - min_instance_count    = 0 -> null
            # (1 unchanged attribute hidden)
        }

        # (3 unchanged blocks hidden)
    }

  # module.apps.module.azadi_cloud_run.google_cloud_run_v2_service.default will be updated in-place
  ~ resource "google_cloud_run_v2_service" "default" {
        id                      = "projects/firebase-cloud-491613/locations/europe-west2/services/azadi-api"
        name                    = "azadi-api"
        # (35 unchanged attributes hidden)

      - scaling {
          - manual_instance_count = 0 -> null
          - min_instance_count    = 0 -> null
            # (1 unchanged attribute hidden)
        }

        # (3 unchanged blocks hidden)
    }

  # module.apps.module.azadi_go_cloud_run.google_cloud_run_v2_service.default will be updated in-place
  ~ resource "google_cloud_run_v2_service" "default" {
        id                      = "projects/firebase-cloud-491613/locations/europe-west2/services/azadi-go-api"
        name                    = "azadi-go-api"
        # (35 unchanged attributes hidden)

      - scaling {
          - manual_instance_count = 0 -> null
          - min_instance_count    = 0 -> null
            # (1 unchanged attribute hidden)
        }

        # (3 unchanged blocks hidden)
    }

  # module.apps.module.hooklab_cloud_run.google_cloud_run_v2_service.default will be updated in-place
  ~ resource "google_cloud_run_v2_service" "default" {
        id                      = "projects/firebase-cloud-491613/locations/europe-west2/services/hooklab-api"
        name                    = "hooklab-api"
        # (35 unchanged attributes hidden)

      - scaling {
          - manual_instance_count = 0 -> null
          - min_instance_count    = 0 -> null
            # (1 unchanged attribute hidden)
        }

        # (3 unchanged blocks hidden)
    }

  # module.apps.module.shehryar_db.data.google_secret_manager_secret.db_host will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "google_secret_manager_secret" "db_host" {
      + annotations           = (known after apply)
      + create_time           = (known after apply)
      + deletion_protection   = (known after apply)
      + effective_annotations = (known after apply)
      + effective_labels      = (known after apply)
      + expire_time           = (known after apply)
      + id                    = (known after apply)
      + labels                = (known after apply)
      + name                  = (known after apply)
      + project               = "firebase-cloud-491613"
      + replication           = (known after apply)
      + rotation              = (known after apply)
      + secret_id             = "db-host"
      + tags                  = (known after apply)
      + terraform_labels      = (known after apply)
      + topics                = (known after apply)
      + ttl                   = (known after apply)
      + version_aliases       = (known after apply)
      + version_destroy_ttl   = (known after apply)
    }

  # module.apps.module.shehryar_db.google_secret_manager_secret.shells["name"] will be updated in-place
  ~ resource "google_secret_manager_secret" "shells" {
        id                    = "projects/firebase-cloud-491613/secrets/shehryar-db-name"
        name                  = "projects/563789376070/secrets/shehryar-db-name"
      ~ terraform_labels      = {
          + "goog-terraform-provisioned" = "true"
        }
        # (11 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.apps.module.shehryar_db.google_secret_manager_secret.shells["pass"] will be updated in-place
  ~ resource "google_secret_manager_secret" "shells" {
        id                    = "projects/firebase-cloud-491613/secrets/shehryar-db-pass"
        name                  = "projects/563789376070/secrets/shehryar-db-pass"
      ~ terraform_labels      = {
          + "goog-terraform-provisioned" = "true"
        }
        # (11 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.apps.module.shehryar_db.google_secret_manager_secret.shells["user"] will be updated in-place
  ~ resource "google_secret_manager_secret" "shells" {
        id                    = "projects/firebase-cloud-491613/secrets/shehryar-db-user"
        name                  = "projects/563789376070/secrets/shehryar-db-user"
      ~ terraform_labels      = {
          + "goog-terraform-provisioned" = "true"
        }
        # (11 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.apps.module.shehryar_db.google_secret_manager_secret_iam_member.app_shells["name"] will be created
  + resource "google_secret_manager_secret_iam_member" "app_shells" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "shehryar-db-name"
    }

  # module.apps.module.shehryar_db.google_secret_manager_secret_iam_member.app_shells["pass"] will be created
  + resource "google_secret_manager_secret_iam_member" "app_shells" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "shehryar-db-pass"
    }

  # module.apps.module.shehryar_db.google_secret_manager_secret_iam_member.app_shells["user"] will be created
  + resource "google_secret_manager_secret_iam_member" "app_shells" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "shehryar-db-user"
    }

  # module.apps.module.shehryar_db.google_secret_manager_secret_iam_member.db_host will be created
  + resource "google_secret_manager_secret_iam_member" "db_host" {
      + etag      = (known after apply)
      + id        = (known after apply)
      + member    = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project   = "firebase-cloud-491613"
      + role      = "roles/secretmanager.secretAccessor"
      + secret_id = "db-host"
    }

  # module.apps.module.shehryar_hosting.google_firebase_hosting_site.default will be created
  + resource "google_firebase_hosting_site" "default" {
      + default_url = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + project     = "firebase-cloud-491613"
      + site_id     = "shehryar"
      + type        = (known after apply)
    }

  # module.apps.module.shehryar_hosting.google_firebase_hosting_version.default will be created
  + resource "google_firebase_hosting_version" "default" {
      + id         = (known after apply)
      + name       = (known after apply)
      + site_id    = "shehryar"
      + version_id = (known after apply)

      + config {
          + headers {
              + glob    = "**"
              + headers = {
                  + "Permissions-Policy"     = "geolocation=(), microphone=(), camera=()"
                  + "Referrer-Policy"        = "strict-origin-when-cross-origin"
                  + "X-Content-Type-Options" = "nosniff"
                  + "X-Frame-Options"        = "DENY"
                  + "X-XSS-Protection"       = "1; mode=block"
                }
            }
          + headers {
              + glob    = "**/*.@(js|css|svg|png|jpg|jpeg|gif|ico|woff2)"
              + headers = {
                  + "Cache-Control" = "public, max-age=31536000, immutable"
                }
            }
          + rewrites {
              + glob = "**"
              + path = "/index.html"
            }
        }
    }

  # module.apps.module.shehryar_identity.google_iam_workload_identity_pool_provider.github will be created
  + resource "google_iam_workload_identity_pool_provider" "github" {
      + attribute_condition                = "assertion.repository == 'poly-glot/shehryar'"
      + attribute_mapping                  = {
          + "attribute.actor"      = "assertion.actor"
          + "attribute.ref"        = "assertion.ref"
          + "attribute.repository" = "assertion.repository"
          + "google.subject"       = "assertion.sub"
        }
      + display_name                       = "shehryar GitHub OIDC"
      + id                                 = (known after apply)
      + name                               = (known after apply)
      + project                            = "firebase-cloud-491613"
      + state                              = (known after apply)
      + workload_identity_pool_id          = "github-actions-pool"
      + workload_identity_pool_provider_id = "shehryar-github"

      + oidc {
          + issuer_uri = "https://token.actions.githubusercontent.com"
        }
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.ci_cd_roles["roles/artifactregistry.writer"] will be created
  + resource "google_project_iam_member" "ci_cd_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/artifactregistry.writer"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.ci_cd_roles["roles/firebase.admin"] will be created
  + resource "google_project_iam_member" "ci_cd_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/firebase.admin"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.ci_cd_roles["roles/firebasehosting.admin"] will be created
  + resource "google_project_iam_member" "ci_cd_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/firebasehosting.admin"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.ci_cd_roles["roles/iam.serviceAccountUser"] will be created
  + resource "google_project_iam_member" "ci_cd_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/iam.serviceAccountUser"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.ci_cd_roles["roles/run.admin"] will be created
  + resource "google_project_iam_member" "ci_cd_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/run.admin"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.ci_cd_roles["roles/serviceusage.serviceUsageConsumer"] will be created
  + resource "google_project_iam_member" "ci_cd_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/serviceusage.serviceUsageConsumer"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.runtime_roles["roles/cloudtrace.agent"] will be created
  + resource "google_project_iam_member" "runtime_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/cloudtrace.agent"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.runtime_roles["roles/logging.logWriter"] will be created
  + resource "google_project_iam_member" "runtime_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/logging.logWriter"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.runtime_roles["roles/monitoring.metricWriter"] will be created
  + resource "google_project_iam_member" "runtime_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/monitoring.metricWriter"
    }

  # module.apps.module.shehryar_identity.google_project_iam_member.runtime_roles["roles/secretmanager.secretAccessor"] will be created
  + resource "google_project_iam_member" "runtime_roles" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + project = "firebase-cloud-491613"
      + role    = "roles/secretmanager.secretAccessor"
    }

  # module.apps.module.shehryar_identity.google_service_account.ci_cd will be created
  + resource "google_service_account" "ci_cd" {
      + account_id   = "shehryar-ci-cd"
      + description  = "CI/CD SA for poly-glot/shehryar"
      + disabled     = false
      + display_name = "shehryar GitHub Actions CI/CD"
      + email        = "shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + id           = (known after apply)
      + member       = "serviceAccount:shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
      + name         = (known after apply)
      + project      = "firebase-cloud-491613"
      + unique_id    = (known after apply)
    }

  # module.apps.module.shehryar_identity.google_service_account.runtime will be created
  + resource "google_service_account" "runtime" {
      + account_id   = "shehryar-runtime"
      + description  = "Runtime identity for shehryar on Cloud Run"
      + disabled     = false
      + display_name = "shehryar Cloud Run Runtime"
      + email        = "shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + id           = (known after apply)
      + member       = "serviceAccount:shehryar-runtime@firebase-cloud-491613.iam.gserviceaccount.com"
      + name         = (known after apply)
      + project      = "firebase-cloud-491613"
      + unique_id    = (known after apply)
    }

  # module.apps.module.shehryar_identity.google_service_account_iam_member.wif_binding will be created
  + resource "google_service_account_iam_member" "wif_binding" {
      + etag               = (known after apply)
      + id                 = (known after apply)
      + member             = "principalSet://iam.googleapis.com/projects/563789376070/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/poly-glot/shehryar"
      + role               = "roles/iam.workloadIdentityUser"
      + service_account_id = (known after apply)
    }

Plan: 30 to add, 8 to change, 0 to destroy.

Changes to Outputs:
  + shehryar_api_url              = (known after apply)
  + shehryar_custom_domain        = "shehryar.junaid.guru"
  + shehryar_gcp_sa_email         = "shehryar-ci-cd@firebase-cloud-491613.iam.gserviceaccount.com"
  + shehryar_required_dns         = (known after apply)
  + shehryar_wif_provider         = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan"

Triggered by @poly-glot, commit d2ebd30c55dac5d3c5ee6e7a6a19faeaed187cb4

poly-glot added 3 commits April 25, 2026 14:29

feat(mysql): add app-with-mysql module

0ad8d27

Encapsulates per-app GSM secret shells (user/pass/name) and IAM bindings granting the runtime SA reader on its own shells plus the shared db-host secret. Output app_entry feeds mysql-app-catalog.

feat(mysql): add personal_cloud_deploy_sa variable

13bbbbc

Email of the personal-cloud CI/CD service account that needs reader access on bootstrap GSM secrets (oci-tf-aws-*, db-admin-*). Default matches the production SA; overridable via tfvars.

poly-glot merged commit 8ad4708 into main Apr 25, 2026
2 checks passed

poly-glot deleted the feature/mysql-app-catalog branch April 25, 2026 14:46

This was referenced Apr 25, 2026

fix(shehryar): bootstrap Cloud Run with placeholder image #31

Merged

ci(mysql): auto-dispatch personal-cloud apply after firebase-cloud apply #32

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(mysql): cross-repo MySQL app provisioning contract#30

feat(mysql): cross-repo MySQL app provisioning contract#30
poly-glot merged 3 commits into
mainfrom
feature/mysql-app-catalog

poly-glot commented Apr 25, 2026

Uh oh!

github-actions Bot commented Apr 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

poly-glot commented Apr 25, 2026

Summary

Test plan

Uh oh!

github-actions Bot commented Apr 25, 2026

Terraform Plan success

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Terraform Plan `success`