From 3597ba89e57ee827ae3a05b5ca353bc68ccf65d1 Mon Sep 17 00:00:00 2001 From: "Amelia (Dev Agent)" Date: Thu, 16 Apr 2026 15:26:59 -0600 Subject: [PATCH 1/8] fix(pipeline): hacer pasos de build y deploy condicionales MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit El repositorio proyectosacc actualmente solo contiene infraestructura (Terraform, scripts, nginx). El código de la aplicación se agregará en el futuro. Este cambio hace que los pasos 04_build, 05_publish, 06_install y 07_deploy verifiquen la existencia de archivos de aplicación antes de ejecutar npm/gradle/aws s3/ssh, evitando fallos del pipeline cuando no hay código que compilar o desplegar. --- bitbucket-pipelines.yml | 157 +++++++++++++++++++++++++++++++--------- 1 file changed, 123 insertions(+), 34 deletions(-) diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index 22b9fe9..9c9eb67 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -38,9 +38,20 @@ pipelines: script: - set -euo pipefail - echo "=== Build de proyectosacc (sin deploy) ===" - - npm ci - - npm run build - - ./gradlew clean bootJar + - | + if [ -f package.json ]; then + npm ci + npm run build + else + echo "INFO: No se encontró package.json. Saltando build npm." + fi + - | + if [ -f gradlew ] || [ -f build.gradle ]; then + ./gradlew clean bootJar + else + echo "INFO: No se encontró gradlew ni build.gradle. Saltando build Gradle." + fi + - echo "Build condicional completado." branches: developer: @@ -85,9 +96,20 @@ pipelines: name: 04_build script: - set -euo pipefail - - npm ci - - npm run build - - ./gradlew clean bootJar + - | + if [ -f package.json ]; then + npm ci + npm run build + else + echo "INFO: No se encontró package.json. Saltando build npm." + fi + - | + if [ -f gradlew ] || [ -f build.gradle ]; then + ./gradlew clean bootJar + else + echo "INFO: No se encontró gradlew ni build.gradle. Saltando build Gradle." + fi + - echo "Build condicional completado." artifacts: - build/** - build/libs/*.jar @@ -98,21 +120,44 @@ pipelines: script: - set -euo pipefail - source scripts/aws-oidc-setup.sh dev - - aws s3 sync build/ "s3://${DEV_S3_FRONTEND_BUCKET}/" --delete - - aws s3 cp build/libs/*.jar "s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar" + - | + if [ -d build/ ] && [ "$(ls -A build/ 2>/dev/null)" ]; then + aws s3 sync build/ "s3://${DEV_S3_FRONTEND_BUCKET}/" --delete + else + echo "INFO: No se encontró directorio build/ con contenido. Saltando sync a S3." + fi + - | + if ls build/libs/*.jar >/dev/null 2>&1; then + aws s3 cp build/libs/*.jar "s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar" + else + echo "INFO: No se encontró JAR en build/libs/. Saltando copia a S3." + fi + - echo "Publish condicional completado." - step: name: 06_install script: - set -euo pipefail - - echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key - - chmod 600 ~/.ssh/sacc4_key - | - ssh -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" \ - -i ~/.ssh/sacc4_key \ - -o StrictHostKeyChecking=no \ - "${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \ - "bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'" + JAR_LOCAL_PATTERN="build/libs/*.jar" + JAR_S3_URI="s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar" + HAS_LOCAL_JAR=false + if ls ${JAR_LOCAL_PATTERN} >/dev/null 2>&1; then + HAS_LOCAL_JAR=true + fi + if [ "${HAS_LOCAL_JAR}" = "true" ]; then + echo "INFO: Artefacto JAR encontrado localmente. Procediendo con instalación en servidor." + echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key + chmod 600 ~/.ssh/sacc4_key + ssh -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" \ + -i ~/.ssh/sacc4_key \ + -o StrictHostKeyChecking=no \ + "${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \ + "bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp ${JAR_S3_URI} /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'" + else + echo "INFO: No se encontró artefacto JAR localmente. Saltando instalación." + fi + - echo "Install condicional completado." - step: name: 07_deploy @@ -127,12 +172,17 @@ pipelines: -i ~/.ssh/sacc4_key \ -o StrictHostKeyChecking=no \ "${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \ - "bash /home/thoth/deploy/setup/deploy.sh" - - export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])") - - aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*" + "bash -c 'if [ -f /home/thoth/deploy/setup/deploy.sh ]; then bash /home/thoth/deploy/setup/deploy.sh; else echo \"INFO: No se encontró script de deploy. Saltando deploy backend.\"; fi'" + - | + if [ -f terraform/terraform-outputs.json ]; then + export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])") + aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*" + else + echo "INFO: No se encontró terraform-outputs.json. Saltando invalidación de CloudFront." + fi - export TELEGRAM_BOT_TOKEN="${DEV_TELEGRAM_BOT_TOKEN}" - export TELEGRAM_CHAT_ID="${DEV_TELEGRAM_CHAT_ID}" - - bash scripts/telegram-pipeline-notify.sh success "CloudFront invalidado" + - bash scripts/telegram-pipeline-notify.sh success "Deploy condicional completado" master: - step: @@ -176,9 +226,20 @@ pipelines: name: 04_build script: - set -euo pipefail - - npm ci - - npm run build - - ./gradlew clean bootJar + - | + if [ -f package.json ]; then + npm ci + npm run build + else + echo "INFO: No se encontró package.json. Saltando build npm." + fi + - | + if [ -f gradlew ] || [ -f build.gradle ]; then + ./gradlew clean bootJar + else + echo "INFO: No se encontró gradlew ni build.gradle. Saltando build Gradle." + fi + - echo "Build condicional completado." artifacts: - build/** - build/libs/*.jar @@ -189,21 +250,44 @@ pipelines: script: - set -euo pipefail - source scripts/aws-oidc-setup.sh prod - - aws s3 sync build/ "s3://${PROD_S3_FRONTEND_BUCKET}/" --delete - - aws s3 cp build/libs/*.jar "s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar" + - | + if [ -d build/ ] && [ "$(ls -A build/ 2>/dev/null)" ]; then + aws s3 sync build/ "s3://${PROD_S3_FRONTEND_BUCKET}/" --delete + else + echo "INFO: No se encontró directorio build/ con contenido. Saltando sync a S3." + fi + - | + if ls build/libs/*.jar >/dev/null 2>&1; then + aws s3 cp build/libs/*.jar "s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar" + else + echo "INFO: No se encontró JAR en build/libs/. Saltando copia a S3." + fi + - echo "Publish condicional completado." - step: name: 06_install script: - set -euo pipefail - - echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key - - chmod 600 ~/.ssh/sacc4_key - | - ssh -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" \ - -i ~/.ssh/sacc4_key \ - -o StrictHostKeyChecking=no \ - "${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \ - "bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'" + JAR_LOCAL_PATTERN="build/libs/*.jar" + JAR_S3_URI="s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar" + HAS_LOCAL_JAR=false + if ls ${JAR_LOCAL_PATTERN} >/dev/null 2>&1; then + HAS_LOCAL_JAR=true + fi + if [ "${HAS_LOCAL_JAR}" = "true" ]; then + echo "INFO: Artefacto JAR encontrado localmente. Procediendo con instalación en servidor." + echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key + chmod 600 ~/.ssh/sacc4_key + ssh -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" \ + -i ~/.ssh/sacc4_key \ + -o StrictHostKeyChecking=no \ + "${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \ + "bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp ${JAR_S3_URI} /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'" + else + echo "INFO: No se encontró artefacto JAR localmente. Saltando instalación." + fi + - echo "Install condicional completado." - step: name: 06b_notify_approval @@ -229,9 +313,14 @@ pipelines: -i ~/.ssh/sacc4_key \ -o StrictHostKeyChecking=no \ "${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \ - "bash /home/thoth/deploy/setup/deploy.sh" - - export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])") - - aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*" + "bash -c 'if [ -f /home/thoth/deploy/setup/deploy.sh ]; then bash /home/thoth/deploy/setup/deploy.sh; else echo \"INFO: No se encontró script de deploy. Saltando deploy backend.\"; fi'" + - | + if [ -f terraform/terraform-outputs.json ]; then + export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])") + aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*" + else + echo "INFO: No se encontró terraform-outputs.json. Saltando invalidación de CloudFront." + fi - export TELEGRAM_BOT_TOKEN="${PROD_TELEGRAM_BOT_TOKEN}" - export TELEGRAM_CHAT_ID="${PROD_TELEGRAM_CHAT_ID}" - bash scripts/telegram-pipeline-notify.sh success "CloudFront invalidado | Deploy a PROD aprobado y completado" From 63ba5553db2d0717415dc9b3f1974afc29696782 Mon Sep 17 00:00:00 2001 From: Evert Daniel Romero Garrido Date: Thu, 16 Apr 2026 21:51:56 +0000 Subject: [PATCH 2/8] Edited with Bitbucket --- message | 9 +++++++++ terraform/oidc-bitbucket.tf | 20 +++++++++++++------- 2 files changed, 22 insertions(+), 7 deletions(-) create mode 100644 message diff --git a/message b/message new file mode 100644 index 0000000..d2dddfc --- /dev/null +++ b/message @@ -0,0 +1,9 @@ +fix(terraform): corregir OIDC audience para Bitbucket Cloud + +Bitbucket Cloud genera tokens JWT con audience fijo: +ari:cloud:bitbucket::workspace/465016f8-d6fb-4ecb-ba6f-2248e938942b + +El archivo oidc-bitbucket.tf solo aceptaba sts.amazonaws.com, +lo que causaba InvalidIdentityToken en cada terraform apply. +Ahora el OIDC provider y el rol IAM aceptan ambos audiences +mediante ForAnyValue:StringEquals. diff --git a/terraform/oidc-bitbucket.tf b/terraform/oidc-bitbucket.tf index f54b2bb..3fd335a 100644 --- a/terraform/oidc-bitbucket.tf +++ b/terraform/oidc-bitbucket.tf @@ -14,6 +14,9 @@ locals { bitbucket_workspace = "ccsoft1" bitbucket_oidc_url = "https://api.bitbucket.org/2.0/workspaces/${local.bitbucket_workspace}/pipelines-config/identity/oidc" + # UUID del workspace de Bitbucket Cloud para el audience fijo del OIDC. + bitbucket_workspace_uuid = "465016f8-d6fb-4ecb-ba6f-2248e938942b" + # ------------------------------------------------------------------ # REPO_UUID de proyectosacc # ------------------------------------------------------------------ @@ -40,12 +43,12 @@ data "tls_certificate" "bitbucket_oidc" { resource "aws_iam_openid_connect_provider" "bitbucket" { url = local.bitbucket_oidc_url - # Usamos "sts.amazonaws.com" como audience para simplificar la - # configuración y evitar depender del Workspace UUID de Bitbucket. - # Esto requiere configurar "audiences: [sts.amazonaws.com]" en - # bitbucket-pipelines.yml. + # Bitbucket Cloud usa "ari:cloud:bitbucket::workspace/{uuid}" como audience + # fijo en los tokens JWT. Mantenemos "sts.amazonaws.com" por compatibilidad + # con pipelines que aún lo configuren manualmente. client_id_list = [ - "sts.amazonaws.com" + "sts.amazonaws.com", + "ari:cloud:bitbucket::workspace/${local.bitbucket_workspace_uuid}" ] thumbprint_list = [ @@ -76,8 +79,11 @@ resource "aws_iam_role" "bitbucket_ci_cd" { } Action = "sts:AssumeRoleWithWebIdentity" Condition = { - StringEquals = { - "${trimprefix(local.bitbucket_oidc_url, "https://")}:aud" = "sts.amazonaws.com" + ForAnyValue:StringEquals = { + "${trimprefix(local.bitbucket_oidc_url, "https://")}:aud" = [ + "sts.amazonaws.com", + "ari:cloud:bitbucket::workspace/${local.bitbucket_workspace_uuid}" + ] } StringLike = { "${trimprefix(local.bitbucket_oidc_url, "https://")}:sub" = "${local.bitbucket_repo_uuid}:*" From 2f4a563f9ee78c51d1238eadc260c4023f6b8b71 Mon Sep 17 00:00:00 2001 From: Evert Daniel Romero Garrido Date: Thu, 16 Apr 2026 21:54:55 +0000 Subject: [PATCH 3/8] fix(terraform): corregir OIDC audience para Bitbucket Cloud Bitbucket Cloud genera tokens JWT con audience fijo: ari:cloud:bitbucket::workspace/465016f8-d6fb-4ecb-ba6f-2248e938942b El archivo oidc-bitbucket.tf solo aceptaba sts.amazonaws.com, lo que causaba InvalidIdentityToken en cada terraform apply. Ahora el OIDC provider y el rol IAM aceptan ambos audiences mediante ForAnyValue:StringEquals. --- terraform/oidc-bitbucket.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/oidc-bitbucket.tf b/terraform/oidc-bitbucket.tf index 3fd335a..66bc4da 100644 --- a/terraform/oidc-bitbucket.tf +++ b/terraform/oidc-bitbucket.tf @@ -121,4 +121,4 @@ resource "aws_iam_role_policy_attachment" "bitbucket_ci_cd_admin" { # role = aws_iam_role.bitbucket_ci_cd.id # # policy = file("${path.module}/../docs/iam-policy-ci-cd-proyectosacc.json") -# } +# } \ No newline at end of file From ef9fc6617154b436dcc44ecf1764358fb3be7601 Mon Sep 17 00:00:00 2001 From: Evert Daniel Romero Garrido Date: Thu, 16 Apr 2026 22:03:30 +0000 Subject: [PATCH 4/8] fix(terraform): corregir OIDC audience para Bitbucket Cloud Bitbucket Cloud genera tokens JWT con audience fijo: ari:cloud:bitbucket::workspace/465016f8-d6fb-4ecb-ba6f-2248e938942b El archivo oidc-bitbucket.tf solo aceptaba sts.amazonaws.com, lo que causaba InvalidIdentityToken en cada terraform apply. Ahora el OIDC provider y el rol IAM aceptan ambos audiences mediante ForAnyValue:StringEquals. --- terraform/oidc-bitbucket.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/terraform/oidc-bitbucket.tf b/terraform/oidc-bitbucket.tf index 66bc4da..039b968 100644 --- a/terraform/oidc-bitbucket.tf +++ b/terraform/oidc-bitbucket.tf @@ -14,9 +14,6 @@ locals { bitbucket_workspace = "ccsoft1" bitbucket_oidc_url = "https://api.bitbucket.org/2.0/workspaces/${local.bitbucket_workspace}/pipelines-config/identity/oidc" - # UUID del workspace de Bitbucket Cloud para el audience fijo del OIDC. - bitbucket_workspace_uuid = "465016f8-d6fb-4ecb-ba6f-2248e938942b" - # ------------------------------------------------------------------ # REPO_UUID de proyectosacc # ------------------------------------------------------------------ @@ -30,6 +27,9 @@ locals { # reemplázalo por el UUID exacto del repo ccsoft1/proyectosacc. # ------------------------------------------------------------------ bitbucket_repo_uuid = "{3ceb5bec-0805-4bfb-b891-aaf5626ad7a5}" + + # Workspace UUID de Bitbucket Cloud (audience fijo de los tokens JWT) + bitbucket_workspace_uuid = "465016f8-d6fb-4ecb-ba6f-2248e938942b" } # Obtener el thumbprint del certificado TLS del issuer OIDC @@ -43,9 +43,9 @@ data "tls_certificate" "bitbucket_oidc" { resource "aws_iam_openid_connect_provider" "bitbucket" { url = local.bitbucket_oidc_url - # Bitbucket Cloud usa "ari:cloud:bitbucket::workspace/{uuid}" como audience - # fijo en los tokens JWT. Mantenemos "sts.amazonaws.com" por compatibilidad - # con pipelines que aún lo configuren manualmente. + # Bitbucket Cloud usa `ari:cloud:bitbucket::workspace/{uuid}` como audience + # fijo en los tokens JWT. Mantenemos `sts.amazonaws.com` por compatibilidad + # con configuraciones que lo usen explícitamente. client_id_list = [ "sts.amazonaws.com", "ari:cloud:bitbucket::workspace/${local.bitbucket_workspace_uuid}" @@ -121,4 +121,4 @@ resource "aws_iam_role_policy_attachment" "bitbucket_ci_cd_admin" { # role = aws_iam_role.bitbucket_ci_cd.id # # policy = file("${path.module}/../docs/iam-policy-ci-cd-proyectosacc.json") -# } \ No newline at end of file +# } From 0c6e5be070e4518e7ebcf8b490e47666e011adb8 Mon Sep 17 00:00:00 2001 From: Evert Daniel Romero Garrido Date: Thu, 16 Apr 2026 22:03:42 +0000 Subject: [PATCH 5/8] fix(terraform): corregir OIDC audience para Bitbucket Cloud From 0cc3e1170153765cabc7e09706b42aa82d69ed3f Mon Sep 17 00:00:00 2001 From: Evert Romero Date: Thu, 16 Apr 2026 16:10:43 -0600 Subject: [PATCH 6/8] fix(terraform): corregir sintaxis HCL en trust policy OIDC ForAnyValue:StringEquals debe ir entre comillas dentro de jsonencode() para que Terraform lo interprete correctamente. Sin las comillas, terraform init/plan falla con: Missing attribute separator. --- terraform/oidc-bitbucket.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/oidc-bitbucket.tf b/terraform/oidc-bitbucket.tf index 039b968..05e5da7 100644 --- a/terraform/oidc-bitbucket.tf +++ b/terraform/oidc-bitbucket.tf @@ -79,7 +79,7 @@ resource "aws_iam_role" "bitbucket_ci_cd" { } Action = "sts:AssumeRoleWithWebIdentity" Condition = { - ForAnyValue:StringEquals = { + "ForAnyValue:StringEquals" = { "${trimprefix(local.bitbucket_oidc_url, "https://")}:aud" = [ "sts.amazonaws.com", "ari:cloud:bitbucket::workspace/${local.bitbucket_workspace_uuid}" From 7ea909e8543fd9d794ec8d52a4bdb719883cfed8 Mon Sep 17 00:00:00 2001 From: Evert Romero Date: Thu, 16 Apr 2026 16:23:51 -0600 Subject: [PATCH 7/8] fix(terraform): permitir SSH desde internet para pipeline Bitbucket --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 3017782..4ba021b 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -121,7 +121,7 @@ resource "aws_security_group" "ec2_api" { from_port = 22 to_port = 22 protocol = "tcp" - cidr_blocks = ["10.0.0.0/8"] # Ajustar a IP/VPN real del pipeline + cidr_blocks = ["0.0.0.0/0"] # SSH desde cualquier IP (pipeline Bitbucket + administración) } ingress { From 89363827cd278ae8ff2c38909035231f04148e2b Mon Sep 17 00:00:00 2001 From: Evert Romero Date: Thu, 16 Apr 2026 17:03:39 -0600 Subject: [PATCH 8/8] chore(terraform): update pipeline_public_key in dev and prod tfvars --- terraform/environments/dev.tfvars | 2 +- terraform/environments/prod.tfvars | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/dev.tfvars b/terraform/environments/dev.tfvars index 1e5f9df..11636c8 100644 --- a/terraform/environments/dev.tfvars +++ b/terraform/environments/dev.tfvars @@ -14,7 +14,7 @@ vpc_cidr = "10.1.0.0/16" availability_zones = ["mx-central-1a", "mx-central-1b"] ec2_instance_type = "t3.small" ec2_key_name = "ccsoft-dev-key" -pipeline_public_key = "ssh-ed25519 AAAAC3NzaC... bitbucket.pipeline.ci.cd.proyectosacc.thoth.develop@computocontable.com" +pipeline_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQCNFOzDJzaOMDIeEbH4JCx2OrXrgljajgkJqlozj9m bitbucket.pipeline.ci.cd.proyectosacc.thoth@computocontable.com" db_instance_class = "db.t3.micro" db_name = "sacc_db_dev" db_username = "sacc_admin_dev" diff --git a/terraform/environments/prod.tfvars b/terraform/environments/prod.tfvars index 28e0b09..9e66608 100644 --- a/terraform/environments/prod.tfvars +++ b/terraform/environments/prod.tfvars @@ -14,7 +14,7 @@ vpc_cidr = "10.2.0.0/16" availability_zones = ["mx-central-1a", "mx-central-1b"] ec2_instance_type = "t3.small" ec2_key_name = "ccsoft-prod-key" -pipeline_public_key = "ssh-ed25519 AAAAC3NzaC... bitbucket.pipeline.ci.cd.proyectosacc.thoth.prod@computocontable.com" +pipeline_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQCNFOzDJzaOMDIeEbH4JCx2OrXrgljajgkJqlozj9m bitbucket.pipeline.ci.cd.proyectosacc.thoth@computocontable.com" db_instance_class = "db.t3.micro" db_name = "sacc_db_prod" db_username = "sacc_admin_prod"