# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [START cloudbuild_config] steps: - id: 'Prepare config' # This step builds the final manifests for the app # using kustomize and the configuration files # available in the repository. name: 'gcr.io/google.com/cloudsdktool/cloud-sdk' entrypoint: '/bin/sh' args: ['-c', 'mkdir hydrated-manifests && kubectl kustomize config/prod > hydrated-manifests/prod.yaml'] - id: 'Download policies' # This step fetches the policies from the Anthos Config Management repository # and consolidates every resource in a single file. name: 'gcr.io/kpt-dev/kpt' entrypoint: '/bin/sh' args: ['-c', 'kpt pkg get https://github.com/GoogleCloudPlatform/anthos-config-management-samples.git/ci-app/acm-repo/cluster@main constraints && kpt fn source constraints/ hydrated-manifests/ > hydrated-manifests/kpt-manifests.yaml'] - id: 'Validate against policies' # This step validates that all resources comply with all policies. name: 'gcr.io/kpt-fn/gatekeeper:v0.2' args: ['--input', 'hydrated-manifests/kpt-manifests.yaml'] # [END cloudbuild_config]