# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. timeout: 1200s substitutions: _POLICY_REPO: '/workspace/policy-library' # add path to policies as per https://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/user_guide.md#how-to-set-up-constraints-with-policy-library # _DOCKER_TAG_VERSION_TERRAFORM: 'latest' steps: - id: 'setup' name: gcr.io/google.com/cloudsdktool/google-cloud-cli:$_DOCKER_TAG_VERSION_GCLOUD entrypoint: /bin/bash args: - -c - | tf_sa_email=${_TF_SA_EMAIL} if [[ -n ${tf_sa_email} ]]; then echo "Setting up gcloud for impersonation" gcloud config set auth/impersonate_service_account $tf_sa_email fi echo "Adding bucket information to backends" for i in `find -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/' $i; done # [START tf-plan_validate_all] - id: 'tf plan validate all' name: gcr.io/google.com/cloudsdktool/google-cloud-cli:$_DOCKER_TAG_VERSION_GCLOUD entrypoint: /bin/bash args: - -c - | gcloud components install terraform-tools beta --quiet wget https://releases.hashicorp.com/terraform/${_DOCKER_TAG_VERSION_TERRAFORM}/terraform_${_DOCKER_TAG_VERSION_TERRAFORM}_linux_amd64.zip unzip terraform_${_DOCKER_TAG_VERSION_TERRAFORM}_linux_amd64.zip mv terraform /usr/bin/terraform ./tf-wrapper.sh plan_validate_all ${BRANCH_NAME} ${_POLICY_REPO} ${PROJECT_ID} CLOUDSOURCE artifacts: objects: location: 'gs://${_ARTIFACT_BUCKET_NAME}/terraform/cloudbuild/plan/${BUILD_ID}' paths: ['cloudbuild-connection-tf-plan.yaml', 'tmp_plan/*.tfplan'] logsBucket: 'gs://${_LOG_BUCKET_NAME}' options: worker_pool: '${_PRIVATE_POOL}' env: - 'TF_IN_AUTOMATION=true'