Invalidating blog cache

build.tf

resource "google_cloudbuild_trigger" "site_trigger" {
  provider = google-beta
  name     = "site-trigger"
  project  = var.project

  github {
    push {
      branch = "master"
    }
    owner = "pcostesi"
    name  = "pcostesi.dev"

  }

  substitutions = {
    "_CF_ZONE"      = cloudflare_zone.main_site[0].id
    "_CF_USER"      = var.email_address
    "_CF_API_TOKEN" = cloudflare_api_token.dns_tls_purge_cache[0].value
  }

  filename = "cloudbuild.yaml"
}

cache.tf

data "cloudflare_api_token_permission_groups" "all" {}

resource "cloudflare_api_token" "dns_tls_purge_cache" {
  name = "dns_tls_purge_cache"

  policy {
    permission_groups = [
      data.cloudflare_api_token_permission_groups.all.permissions["Cache Purge"],
    ]
    resources = {
      "com.cloudflare.api.account.zone.${cloudflare_zone.main_site[0].id}" = "*"
    }
  }
  count = var.use_cloudflare ? 1 : 0
}

cloudbuild.yaml

steps:
  - name: node:current
    entrypoint: npm
    args: ["install"]
  - name: node:current
    entrypoint: npx
    args: ["browserslist@latest", "--update-db"]
  - name: node:current
    entrypoint: npm
    args: ["run", "build"]
  - name: gcr.io/cloud-builders/gsutil
    args: ["-m", "rsync", "-r", "-c", "-d", "./public", "gs://pcostesi.dev"]
  - name: gcr.io/cloud-builders/gcloud
    entrypoint: "bash"
    args:
      - "-c"
      - |
        curl -X POST "https://api.cloudflare.com/client/v4/zones/${_CF_ZONE}/purge_cache" \
            -H "X-Auth-Email: ${_CF_USER}" \
            -H "Authorization: Bearer ${_CF_API_TOKEN}" \
            -H "Content-Type: application/json" \
            --data '{"purge_everything":true}'

dns.tf

# Global IP, needed for the load balancer (maybe this should go to `routing.tf`)
resource "google_compute_global_address" "static_sites" {
  provider = google
  name     = "static-sites"

  count = var.use_cloudflare ? 0 : 1
}

# Managed DNS zone
data "google_dns_managed_zone" "main_site" {
  provider = google
  name     = var.project

  count = var.use_cloudflare ? 0 : 1
}

# Bind IP to the DNS
resource "google_dns_record_set" "static_site" {
  provider     = google
  name         = "${var.static_site}."
  type         = "A"
  ttl          = 300
  managed_zone = data.google_dns_managed_zone.main_site[0].name
  rrdatas      = [google_compute_global_address.static_sites[0].address]

  count = var.use_cloudflare ? 0 : 1
}

# Site verification
resource "google_dns_record_set" "static_site_txt" {
  provider     = google
  name         = "${var.static_site}."
  type         = "TXT"
  ttl          = 300
  managed_zone = data.google_dns_managed_zone.main_site[0].name
  rrdatas      = ["google-site-verification=KNrjsg5IVfr7ivKz94SoZ06U7nTtfOsmuzZRncbXpRI"]

  count = var.use_cloudflare ? 0 : 1
}

resource "cloudflare_zone" "main_site" {
  zone  = var.static_site
  count = var.use_cloudflare ? 1 : 0
}

resource "cloudflare_zone_settings_override" "main_site" {
  zone_id = cloudflare_zone.main_site[0].id
  settings {
    ssl                      = "strict"
    always_use_https         = "on"
    automatic_https_rewrites = "on"
  }

  count = var.use_cloudflare ? 1 : 0
}

resource "cloudflare_record" "static_site" {
  zone_id = cloudflare_zone.main_site[0].id
  name    = "${var.static_site}."
  value   = "c.storage.googleapis.com"
  type    = "CNAME"
  ttl     = 1
  proxied = true

  count = var.use_cloudflare ? 1 : 0
}

resource "cloudflare_record" "static_site_txt" {
  zone_id = cloudflare_zone.main_site[0].id
  name    = "${var.static_site}."
  type    = "TXT"
  ttl     = 300
  value   = "google-site-verification=${var.google_site_verification}"

  count = var.use_cloudflare ? 1 : 0
}