Azuka/github.tf

## github.tf
resource "github_actions_secret" "ci" {
  repository      = "your/repository"
  secret_name     = "FIREBASE_SERVICE_ACCOUNT_${SUFFIX}"
  plaintext_value = base64decode(google_service_account_key.ci.private_key)
}

## iam.tf
data "google_project" "default" {
  provider = google-beta
}

resource "google_service_account" "ci" {
  account_id   = "deployer"
  display_name = "Deployer Service Account for CI"
}

resource "google_service_account_key" "ci" {
  service_account_id = google_service_account.ci.id
}

resource "google_project_iam_member" "ci" {
  project = data.google_project.default.id
  for_each = toset([
    "serviceusage.apiKeysViewer", // API Keys Viewer
    "run.viewer",                 // Cloud run viewer
    "firebaseauth.admin",         // Firebase auth admin
    "firebasehosting.admin",      // Firebase hosting admin
  ])
  role   = "roles/${each.key}"
  member = "serviceAccount:${google_service_account.ci.email}"
}
	resource "github_actions_secret" "ci" {
	repository = "your/repository"
	secret_name = "FIREBASE_SERVICE_ACCOUNT_${SUFFIX}"
	plaintext_value = base64decode(google_service_account_key.ci.private_key)
	}
	data "google_project" "default" {
	provider = google-beta
	}

	resource "google_service_account" "ci" {
	account_id = "deployer"
	display_name = "Deployer Service Account for CI"
	}

	resource "google_service_account_key" "ci" {
	service_account_id = google_service_account.ci.id
	}

	resource "google_project_iam_member" "ci" {
	project = data.google_project.default.id
	for_each = toset([
	"serviceusage.apiKeysViewer", // API Keys Viewer
	"run.viewer", // Cloud run viewer
	"firebaseauth.admin", // Firebase auth admin
	"firebasehosting.admin", // Firebase hosting admin
	])
	role = "roles/${each.key}"
	member = "serviceAccount:${google_service_account.ci.email}"
	}