google-source-bucket-terraform.tf

# ------------ artifacts --------------
resource "google_storage_bucket" "artifacts" {
  name          = "artifacts-<your google project id>"
  project       = "<your google project id>"
  location      = "EUROPE-WEST3"
  storage_class = "STANDARD"
  force_destroy = false

  versioning {
    enabled = true
  }

  lifecycle_rule {
    condition {
      age = "1"
      with_state = "ARCHIVED"
    }
    action {
      type = "Delete"
    }
  }
}

resource "google_storage_bucket_iam_member" "artifacts-objectViewer" {
  bucket = google_storage_bucket.artifacts.name
  role = "roles/storage.objectViewer"
  member = "serviceAccount:project-<your google backup project number>@storage-transfer-service.iam.gserviceaccount.com"
  depends_on= [google_storage_bucket.artifacts]
}

resource "google_storage_bucket_iam_member" "artifacts-legacyBucketReader" {
  bucket = google_storage_bucket.artifacts.name
  role = "roles/storage.legacyBucketReader"
  member = "serviceAccount:project-<your google backup project number>@storage-transfer-service.iam.gserviceaccount.com"
  depends_on= [google_storage_bucket.artifacts]
}

resource "google_storage_bucket_iam_member" "artifacts-gitlab" {
  bucket = google_storage_bucket.artifacts.name
  role = "roles/storage.objectAdmin"
  member = "serviceAccount:gitlab@<your google project id>.iam.gserviceaccount.com"
  depends_on= [google_storage_bucket.artifacts]
}