fix: add depends on the CI/CD module to prevent error granting roles

daniel-cit · daniel-cit · commit 3c274c64ecba · 2025-10-03T20:23:20.000-03:00
diff --git a/0-bootstrap/cb.tf b/0-bootstrap/cb.tf
@@ -160,6 +160,8 @@ module "tf_private_pool" {
   vpn_configuration = {
     enable_vpn = false
   }
+
+  depends_on = [module.tf_source]
 }
 
 module "tf_cloud_builder" {
@@ -178,6 +180,8 @@ module "tf_cloud_builder" {
   worker_pool_id               = module.tf_private_pool.private_worker_pool_id
   bucket_name                  = "${var.bucket_prefix}-${module.tf_source.cloudbuild_project_id}-tf-cloudbuilder-build-logs"
   workflow_deletion_protection = var.workflow_deletion_protection
+
+  depends_on = [module.tf_source]
 }
 
 module "bootstrap_csr_repo" {
@@ -262,6 +266,8 @@ resource "google_artifact_registry_repository_iam_member" "terraform_sa_artifact
   repository = local.gar_repository
   role       = "roles/artifactregistry.reader"
   member     = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"
+
+  depends_on = [module.tf_source]
 }
 
 resource "google_sourcerepo_repository_iam_member" "member" {
@@ -271,4 +277,6 @@ resource "google_sourcerepo_repository_iam_member" "member" {
   repository = module.tf_source.csr_repos["gcp-policies"].name
   role       = "roles/viewer"
   member     = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"
+
+  depends_on = [module.tf_source]
 }

Original file line number	Diff line number	Diff line change
`@@ -160,6 +160,8 @@ module "tf_private_pool" {`
`160`	`160`	`vpn_configuration = {`
`161`	`161`	`enable_vpn = false`
`162`	`162`	`}`
	`163`	`+`
	`164`	`+ depends_on = [module.tf_source]`
`163`	`165`	`}`
`164`	`166`
`165`	`167`	`module "tf_cloud_builder" {`
`@@ -178,6 +180,8 @@ module "tf_cloud_builder" {`
`178`	`180`	`worker_pool_id = module.tf_private_pool.private_worker_pool_id`
`179`	`181`	`bucket_name = "${var.bucket_prefix}-${module.tf_source.cloudbuild_project_id}-tf-cloudbuilder-build-logs"`
`180`	`182`	`workflow_deletion_protection = var.workflow_deletion_protection`
	`183`	`+`
	`184`	`+ depends_on = [module.tf_source]`
`181`	`185`	`}`
`182`	`186`
`183`	`187`	`module "bootstrap_csr_repo" {`
`@@ -262,6 +266,8 @@ resource "google_artifact_registry_repository_iam_member" "terraform_sa_artifact`
`262`	`266`	`repository = local.gar_repository`
`263`	`267`	`role = "roles/artifactregistry.reader"`
`264`	`268`	`member = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"`
	`269`	`+`
	`270`	`+ depends_on = [module.tf_source]`
`265`	`271`	`}`
`266`	`272`
`267`	`273`	`resource "google_sourcerepo_repository_iam_member" "member" {`
`@@ -271,4 +277,6 @@ resource "google_sourcerepo_repository_iam_member" "member" {`
`271`	`277`	`repository = module.tf_source.csr_repos["gcp-policies"].name`
`272`	`278`	`role = "roles/viewer"`
`273`	`279`	`member = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"`
	`280`	`+`
	`281`	`+ depends_on = [module.tf_source]`
`274`	`282`	`}`