# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. steps: - name: 'hashicorp/terraform:1.0.0' args: - '-c' - | git config --global url."https://$$GITHUB_USER:$$GITHUB_TOKEN@github.com".insteadOf "https://github.com" if [ -d "env/${BRANCH_NAME}/" ]; then cd env/${BRANCH_NAME} terraform init else for dir in env/*/ do cd ${dir} env=${dir%*/} env=${env#*/} echo "" echo "*************** TERRAFORM INIT ******************" echo "******* At environment: ${env} ********" echo "*************************************************" terraform init -no-color || exit 1 cd ../../ done fi id: tf init entrypoint: sh secretEnv: - GITHUB_TOKEN - GITHUB_USER - name: 'hashicorp/terraform:1.0.0' args: - '-c' - | export TF_VAR_github_token=$$GITHUB_TOKEN export TF_VAR_github_user=$$GITHUB_USER export TF_VAR_github_email=$$GITHUB_EMAIL export TF_VAR_github_org=$$GITHUB_ORG export TF_VAR_project_id=$PROJECT_ID export TF_VAR_org_id=$$GCP_ORG export TF_VAR_folder_id=$$GCP_FOLDER export TF_VAR_billing_account=$$GCP_BILLINGAC export TF_VAR_acm_repo=$$ACM_REPO export TF_VAR_subnet_01_region=$$INFRA_REGION export TF_VAR_subnet_02_region=$$INFRA_SEC_REGION export TF_VAR_app_factory_project_id=$$APP_FACTORY_PROJECT_ID export TF_VAR_app_factory_project_num=$$APP_FACTORY_PROJECT_NUM export TF_VAR_secrets_project_id=$$SECRETS_PROJECT git config --global url."https://$$GITHUB_USER:$$GITHUB_TOKEN@github.com".insteadOf "https://github.com" if [ -d "env/${BRANCH_NAME}/" ]; then cd env/${BRANCH_NAME} terraform plan else for dir in env/*/ do cd ${dir} env=${dir%*/} env=${env#*/} echo "" echo "*************** TERRAFOM PLAN ******************" echo "******* At environment: ${env} ********" echo "*************************************************" terraform plan -no-color || exit 1 cd ../../ done fi id: tf plan entrypoint: sh secretEnv: - GITHUB_TOKEN - GITHUB_USER - GITHUB_EMAIL - GITHUB_ORG - GCP_ORG - GCP_FOLDER - GCP_BILLINGAC - ACM_REPO - INFRA_PROJECT_ID - INFRA_REGION - INFRA_SEC_REGION - APP_FACTORY_PROJECT_ID - APP_FACTORY_PROJECT_NUM - SECRETS_PROJECT - name: 'hashicorp/terraform:1.0.0' args: - '-c' - | export TF_VAR_github_token=$$GITHUB_TOKEN export TF_VAR_github_user=$$GITHUB_USER export TF_VAR_github_email=$$GITHUB_EMAIL export TF_VAR_github_org=$$GITHUB_ORG export TF_VAR_project_id=$PROJECT_ID export TF_VAR_org_id=$$GCP_ORG export TF_VAR_folder_id=$$GCP_FOLDER export TF_VAR_billing_account=$$GCP_BILLINGAC export TF_VAR_acm_repo=$$ACM_REPO export TF_VAR_subnet_01_region=$$INFRA_REGION export TF_VAR_subnet_02_region=$$INFRA_SEC_REGION export TF_VAR_app_factory_project_id=$$APP_FACTORY_PROJECT_ID export TF_VAR_app_factory_project_num=$$APP_FACTORY_PROJECT_NUM export TF_VAR_secrets_project_id=$$SECRETS_PROJECT git config --global url."https://$$GITHUB_USER:$$GITHUB_TOKEN@github.com".insteadOf "https://github.com" if [ -d "env/${BRANCH_NAME}/" ]; then cd env/${BRANCH_NAME} terraform apply -auto-approve -no-color else echo "***************************** SKIPPING APPLYING *******************************" echo "Branch '$BRANCH_NAME' does not represent an official environment." echo "*******************************************************************************" fi id: tf apply entrypoint: sh secretEnv: - GITHUB_TOKEN - GITHUB_USER - GITHUB_EMAIL - GITHUB_ORG - GCP_ORG - GCP_FOLDER - GCP_BILLINGAC - ACM_REPO - INFRA_PROJECT_ID - INFRA_REGION - INFRA_SEC_REGION - APP_FACTORY_PROJECT_ID - APP_FACTORY_PROJECT_NUM - SECRETS_PROJECT timeout: 3600s availableSecrets: secretManager: - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-token/versions/latest env: GITHUB_TOKEN - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-user/versions/latest env: GITHUB_USER - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-email/versions/latest env: GITHUB_EMAIL - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/github-org/versions/latest env: GITHUB_ORG - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/gcp-org/versions/latest env: GCP_ORG - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/gcp-folder/versions/latest env: GCP_FOLDER - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/gcp-billingac/versions/latest env: GCP_BILLINGAC - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/acm-repo/versions/latest env: ACM_REPO - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/infra-project-id/versions/latest env: INFRA_PROJECT_ID - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/infra-region/versions/latest env: INFRA_REGION - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/infra-sec-region/versions/latest env: INFRA_SEC_REGION - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/application-factory-id/versions/latest env: APP_FACTORY_PROJECT_ID - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/application-factory-number/versions/latest env: APP_FACTORY_PROJECT_NUM - versionName: projects/YOUR_SECRET_PROJECT_ID/secrets/secrets-project/versions/latest env: SECRETS_PROJECT