test iap use

Signed-off-by: Glen Yu <glen.yu@gmail.com>

Author: Neutrollized

.github/workflows/packer.yaml

@@ -2,7 +2,7 @@ name: Packer Build
 
 on:
   push:
-    branches: [main]
+    branches: [main, dev]
     paths-ignore: ['**/README.md','**/CHANGELOG.md', 'terraform/*']
 
 env:
@@ -37,6 +37,12 @@ jobs:
         with:
           workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
           service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+      - name: 'Set up Google Cloud SDK'
+        uses: 'google-github-actions/setup-gcloud@v2'
+        with:
+          version: 'latest'
+          project_id: '${{ vars.GCP_PROJECT_ID }}'
+          install_components: 'beta'  # optional: install additional components
 
       - name: Setup `packer`
         uses: hashicorp/setup-packer@main

CHANGELOG.md

@@ -5,6 +5,18 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 
+## [1.2.0] - 2025-??-??
+### Added
+- `dev` branch to GHA trigger
+- `Set up Google Cloud SDK` step to the GHA job steps
+- using IAP to connect to the VM to build (which requires Google Cloud SDK)
+- `use_iap` = true
+- `preemptible` = true
+### Changed
+- Updated Consul version from `1.20.5` to `1.21.0`
+- Updated Nomad version from `1.9.7` to `1.10.0`
+- Updated Vault version from `1.19.0` to `1.19.3`
+
 ## [1.1.0] - 2025-03-26
 ### Added
 - Consul backend storage config example to `vault_server.hcl.sample`

README.md

@@ -64,6 +64,7 @@ You will need to add the following secrets to GitHub:
 - `HCP_CLIENT_SECRET`
 
 **NOTE**: You can track up to ~~[10 buckets (images) for free](https://www.hashicorp.com/products/packer/pricing)~~, but if you do not wish to, you can always comment out `hcp_packer_registry` block from the image build template file(s).
+
 **UPDATE**: As of [v1.1.0](https://github.com/Neutrollized/packer-gcp-with-githubactions/blob/main/CHANGELOG.md#110---2025-03-26), due to recent HCP Packer pricing changes, there's no longer a free tier and hence I've commented out `hcp_packer_registry` references as it's always been my goal to keep my repos/deployments as cost-effective as possible for learning.
 
 

base-docker/base_docker.pkr.hcl

@@ -26,15 +26,19 @@ source "googlecompute" "base-docker" {
   project_id   = var.project_id
   zone         = var.zone
   machine_type = "n1-standard-2"
-  ssh_username = "packer"
-  use_os_login = "false"
+  preemptible  = true
 
   # gcloud compute images list
   source_image_family = var.source_image_family
 
-  image_family      = var.image_family
-  image_name        = "docker-${var.arch}-base-${local.datestamp}"
-  image_description = "Debian 12 image with Docker-CE installed"
+  image_family       = var.image_family
+  image_architecture = var.arch
+  image_name         = "docker-${var.arch}-base-${local.datestamp}"
+  image_description  = "Debian 12 image with Docker-CE installed"
+  
+  ssh_username = "packer"
+  use_os_login = false
+  use_iap      = true
 
   tags = ["packer"]
 }

hashistack/variables.pkrvars.hcl

@@ -1,6 +1,6 @@
 zone = "northamerica-northeast2-c"
 arch = "amd64"
 
-consul_version = "1.20.5"
-nomad_version  = "1.9.7"
-vault_version  = "1.19.0"
+consul_version = "1.21.0"
+nomad_version  = "1.10.0"
+vault_version  = "1.19.3"

terraform/variables.tf

@@ -27,6 +27,7 @@ variable "packer_sa_iam_roles_list" {
   default = [
     "roles/compute.instanceAdmin.v1",
     "roles/iam.serviceAccountUser",
+    "roles/iap.tunnelResourceAccessor",
   ]
 }