@swamp/gcs-datastore-bootstrap

v2026.04.22.3

One-shot bootstrap for @swamp/gcs-datastore. Ships a single provisioner model that creates a GCS bucket and a project-scoped custom IAM role, plus a workflow that runs the provisioner and then switches the current swamp repository over to the GCS datastore.

Prerequisites

GCP Application Default Credentials in the environment (env var, gcloud auth application-default login, or attached service account) bound to a principal with roles/storage.admin and roles/iam.roleAdmin (or equivalent) on the target project.
The target project has the Cloud Storage API and the IAM API enabled.
The caller that will run swamp after setup must already hold, or will have bound to it, the custom role produced by this workflow.

What it does

provision creates a private GCS bucket with hardened defaults (uniform bucket-level access on, public access prevention enforced, versioning on) and a project-scoped custom IAM role granting the five runtime permissions (storage.buckets.get, storage.objects.get, storage.objects.create, storage.objects.delete, storage.objects.list) the datastore uses.
A final command/shell step runs swamp datastore setup extension @swamp/gcs-datastore --config ... to flip the repo's datastore to GCS.

Running

swamp extension pull @swamp/gcs-datastore-bootstrap

swamp model create @swamp/gcs-datastore-bootstrap/provisioner \
  swamp-gcs-datastore-provisioner

# Edit the instance so globalArguments are wired to workflow inputs:
#   bucket_name: ${{ inputs.bucket_name }}
#   project_id:  ${{ inputs.project_id }}
#   location:    ${{ inputs.location }}
#   prefix:      ${{ inputs.prefix }}
#   role_id:     ${{ inputs.role_id }}
swamp model edit swamp-gcs-datastore-provisioner

# The command/shell instance used by the final workflow step
swamp model create command/shell swamp-gcs-datastore-setup

swamp workflow run @swamp/bootstrap-gcs-datastore \
  --input bucket_name=my-swamp-state \
  --input project_id=my-gcp-project \
  --input location=US

swamp datastore status

See the bundled README for optional inputs (prefix, role_id), the exact permission set granted by the role, and idempotency notes.

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64 linux-aarch64 darwin-x86_64 darwin-aarch64

Labels

datastorebootstrapgcpgcs

models workflows

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

Grade A

Has README or module doc2/2earned
README has a code example1/1earned
README is substantive1/1earned
Most symbols documented1/1earned
No slow types1/1earned
Has description1/1earned
At least one platform tag (or universal)1/1earned
Two or more platform tags (or universal)1/1earned
License declared1/1earned
Verified public repository2/2earned

Install

$ swamp extension pull @swamp/gcs-datastore-bootstrap

@swamp/gcs-datastore-bootstrap/provisionerv2026.04.22.3provisioner.ts

provisionCreate/verify the GCS bucket and the scoped custom IAM role for @swamp/gcs-datastore.

Resources

state(infinite)— GCS bucket + project-scoped custom IAM role provisioned for swamp.

@swamp/bootstrap-gcs-datastore2d7f4b1e-9c3a-4e5b-8a6f-1b4e7c9d2f8a

Provision a GCS bucket + least-privilege project-scoped custom IAM role for @swamp/gcs-datastore, then switch the current repo to use GCS.

infraCreate the GCS bucket and the custom IAM role.

1.provisionswamp-gcs-datastore-provisioner.provision— Run the provisioner model to create/verify the bucket + scoped custom role. Instance `swamp-gcs-datastore-provisioner` must be pre-created with globalArguments wired to the workflow inputs: bucket_name: ${{ inputs.bucket_name }} project_id: ${{ inputs.project_id }} location: ${{ inputs.location }} prefix: ${{ inputs.prefix }} role_id: ${{ inputs.role_id }} (No `name` globalArg — state is keyed on bucket_name.)

configurePoint this repo's datastore at the new bucket.

1.run-setupswamp-gcs-datastore-setup.execute— Run `swamp datastore setup extension @swamp/gcs-datastore`.