feat: add support to create container registry and secret inside build module

[akocbek]

Description

Issue: #243

we added:

• support to pass region to build module from root
• support to create container registry namespace inside build module
• support to create code engine secret inside build module
• refactored build input variables to simply the build (less inputs needed now)
• build example
• test to run build example

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Features & Improvements

• Pass Region to Build Module
  Added support to pass the region variable from the root module into the build module for more flexible regional deployments.
• Container Registry Namespace Creation
  The build module now supports automatic creation of container registry namespaces when required.
• Code Engine Secret Creation
  Added functionality to create Code Engine secrets directly inside the build module to simplify authentication setup.
• Refactored Build Inputs
  Simplified build input variables to reduce the number of required inputs, making the build configuration easier and cleaner.

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[shemau]

The namespace name will be extended when prefix is set, so prefix should be mentioned in the description.

[akocbek]

good catch, done

[shemau]

I am struggling to work out what this is.

I think it the name of a code engine secret that contains an api key to access container registry.
So the first sentence needs to be clear that it is a secret name, not a secret value. The second sentence needs to clear that the key in the named secret is an API key that has push permission. The third sentence needs to be clear that a code engine secret with a name of the format ${var.prefix}-registry-access-secret will be created with the value (as described already) in it.

[akocbek]

yes, it is a secret name and not a value. I updated the description

[shemau]

Does the count cause an issue an existing namespace is passed?

It seems there should be no count and the module should always be created. The value is used when creating a code engine secret to access the container registry, which is unrelated to namespace creation.

Additional comment included where this is used.

[akocbek]

you are right, updated

[shemau]

The value of server may be undefined.

When local.create_name_space is false module.cr_endpoint does not exist. See comment on module definition.

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[ocofaigh]

@akocbek This is blocking cloud-native AI work - what is the latest?

[akocbek]

@ocofaigh it is ready for final review

[shemau]

All the reported issues are resolved. Spotted minor version downgrade that should not be included here.

[shemau]

We should not be reverting this.

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[shemau]

LGTM

[akocbek]

      2025/11/25 12:25:02 Terraform apply | 
         2025/11/25 12:25:02 Terraform apply | Error: ---
         2025/11/25 12:25:02 Terraform apply | id: terraform-184925c5
         2025/11/25 12:25:02 Terraform apply | summary: 'Error waiting for resource IbmSmPublicCertificate (us-south/79c6d411-c18f-4670-b009-b0044a238667/f61fe906-0ead-8fcf-9614-61dc87789952)
         2025/11/25 12:25:02 Terraform apply |   to be created: unexpected state ''deactivated'', wanted target ''active''. last
         2025/11/25 12:25:02 Terraform apply |   error: %!!(MISSING)s(<nil>)'
         2025/11/25 12:25:02 Terraform apply | severity: error
         2025/11/25 12:25:02 Terraform apply | resource: ibm_sm_public_certificate
         2025/11/25 12:25:02 Terraform apply | operation: create
         2025/11/25 12:25:02 Terraform apply | component:
         2025/11/25 12:25:02 Terraform apply |   name: github.com/IBM-Cloud/terraform-provider-ibm
         2025/11/25 12:25:02 Terraform apply |   version: 1.85.0
         2025/11/25 12:25:02 Terraform apply | ---
         2025/11/25 12:25:02 Terraform apply | 
         2025/11/25 12:25:02 Terraform apply | 
         2025/11/25 12:25:02 Terraform apply |   with ibm_sm_public_certificate.secrets_manager_public_certificate[0],
         2025/11/25 12:25:02 Terraform apply |   on main.tf line 76, in resource "ibm_sm_public_certificate" "secrets_manager_public_certificate":
         2025/11/25 12:25:02 Terraform apply |   76: resource "ibm_sm_public_certificate" "secrets_manager_public_certificate" {
         2025/11/25 12:25:02 Terraform apply | 

[akocbek]

/run pipeline

[terraform-ibm-modules-ops]

🎉 This PR is included in version 4.7.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀