From 36e8a91240197c09c864a4a6c3543c69d902abe5 Mon Sep 17 00:00:00 2001
From: Aiden Grossman <aidengrossman@google.com>
Date: Fri, 7 Nov 2025 21:00:16 +0000
Subject: [PATCH] [CI] Add Bazel Object Cache Bucket

So the handful of bazel jobs that we run a week will have a cache to read/write
from, which should significantly improve performance.
---
 premerge/gke_cluster/main.tf | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/premerge/gke_cluster/main.tf b/premerge/gke_cluster/main.tf
index 5da235dc3..93069c31a 100644
--- a/premerge/gke_cluster/main.tf
+++ b/premerge/gke_cluster/main.tf
@@ -255,6 +255,27 @@ resource "google_storage_bucket" "object_cache_linux" {
   }
 }
 
+resource "google_storage_bucket" "object_cache_linux_bazel" {
+  name     = format("%s-object-cache-linux-bazel", var.cluster_name)
+  location = var.gcs_bucket_location
+
+  uniform_bucket_level_access = true
+  public_access_prevention    = "enforced"
+
+  soft_delete_policy {
+    retention_duration_seconds = 0
+  }
+
+  lifecycle_rule {
+    action {
+      type = "Delete"
+    }
+    condition {
+      age = 7
+    }
+  }
+}
+
 resource "google_storage_bucket" "object_cache_windows" {
   name     = format("%s-object-cache-windows", var.cluster_name)
   location = var.gcs_bucket_location
@@ -310,6 +331,19 @@ resource "google_storage_bucket_iam_binding" "linux_bucket_binding" {
   ]
 }
 
+resource "google_storage_bucket_iam_binding" "linux_bucket_bazel_binding" {
+  bucket = google_storage_bucket.object_cache_linux_bazel.name
+  role   = "roles/storage.objectUser"
+  members = [
+    format("serviceAccount:%s", google_service_account.object_cache_linux_gsa.email),
+  ]
+
+  depends_on = [
+    google_storage_bucket.object_cache_linux_bazel,
+    google_service_account.object_cache_linux_gsa,
+  ]
+}
+
 resource "google_storage_bucket_iam_binding" "windows_bucket_binding" {
   bucket = google_storage_bucket.object_cache_windows.name
   role   = "roles/storage.objectUser"