# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. steps: - id: 'branch name' name: 'alpine' entrypoint: 'sh' args: - '-c' - | echo "***********************" echo "$BRANCH_NAME" echo "***********************" - id: 'tf init' name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' - | git config --global url."https://$$GITHUB_USER:$$GITHUB_TOKEN@github.com".insteadOf "https://github.com" if [ -d "env/$BRANCH_NAME/" ]; then cd env/$BRANCH_NAME terraform init else for dir in env/*/ do cd ${dir} env=${dir%*/} env=${env#*/} echo "" echo "*************** TERRAFORM INIT ******************" echo "******* At environment: ${env} ********" echo "*************************************************" terraform init -no-color || exit 1 cd ../../ done fi secretEnv: - GITHUB_TOKEN - GITHUB_USER - id: 'tf plan' name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' - | export TF_VAR_github_user=$$GITHUB_USER export TF_VAR_github_email=$$GITHUB_EMAIL export TF_VAR_github_org=$$GITHUB_ORG export TF_VAR_project_id=$PROJECT_ID export TF_VAR_org_id=$$GCP_ORG export TF_VAR_folder_id=$$GCP_FOLDER export TF_VAR_billing_account=$$GCP_BILLINGAC git config --global url."https://$$GITHUB_USER:$$GITHUB_TOKEN@github.com".insteadOf "https://github.com" if [ -d "env/$BRANCH_NAME/" ]; then cd env/$BRANCH_NAME terraform plan else for dir in env/*/ do cd ${dir} env=${dir%*/} env=${env#*/} echo "" echo "*************** TERRAFOM PLAN ******************" echo "******* At environment: ${env} ********" echo "*************************************************" terraform plan -no-color || exit 1 cd ../../ done fi secretEnv: - GITHUB_USER - GITHUB_EMAIL - GITHUB_ORG - GCP_ORG - GCP_FOLDER - GCP_BILLINGAC - id: 'tf apply' name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' - | export TF_VAR_github_user=$$GITHUB_USER export TF_VAR_github_email=$$GITHUB_EMAIL export TF_VAR_github_org=$$GITHUB_ORG export TF_VAR_project_id=$PROJECT_ID export TF_VAR_org_id=$$GCP_ORG export TF_VAR_folder_id=$$GCP_FOLDER export TF_VAR_billing_account=$$GCP_BILLINGAC git config --global url."https://$$GITHUB_USER:$$GITHUB_TOKEN@github.com".insteadOf "https://github.com" if [ -d "env/$BRANCH_NAME/" ]; then cd env/$BRANCH_NAME terraform apply -auto-approve -no-color else echo "***************************** SKIPPING APPLYING *******************************" echo "Branch '$BRANCH_NAME' does not represent an oficial environment." echo "*******************************************************************************" fi secretEnv: - GITHUB_USER - GITHUB_EMAIL - GITHUB_ORG - GCP_ORG - GCP_FOLDER - GCP_BILLINGAC timeout: 1200s availableSecrets: secretManager: - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-token/versions/latest env: GITHUB_TOKEN - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-user/versions/latest env: GITHUB_USER - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-email/versions/latest env: GITHUB_EMAIL - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-org/versions/latest env: GITHUB_ORG - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/gcp-org/versions/latest env: GCP_ORG - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/gcp-folder/versions/latest env: GCP_FOLDER - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/gcp-billingac/versions/latest env: GCP_BILLINGAC options: logging: CLOUD_LOGGING_ONLY