-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
First cut at CloudBuild config (#146)
- Loading branch information
Showing
11 changed files
with
185 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Cloudbuild Triggers and Steps | ||
|
||
This directory contains a terragrunt file that can be deployed using `terragrunt apply` | ||
(see links in the [deployment dir](/deployment/README.md) to install necessary tools) to | ||
define the necessary triggers and steps in GCB. | ||
|
||
These steps will: | ||
1. Trigger on a change to the `main` branch of the trillian-tessera repo | ||
2. Build the `example-gcp` docker image from the `main` branch | ||
3. Publish this docker image in artifact repository | ||
|
||
The first time this is run for a pair of {GCP Project, GitHub Repo} you will get an error | ||
message such as the following: | ||
|
||
``` | ||
Error: Error creating Trigger: googleapi: Error 400: Repository mapping does not exist. Please visit $URL to connect a repository to your project | ||
``` | ||
|
||
This is a manual one-time step that needs to be followed to integrate GCB and the GitHub | ||
project. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
include "root" { | ||
path = find_in_parent_folders() | ||
expose = true | ||
} | ||
|
||
inputs = merge( | ||
include.root.locals, | ||
{ | ||
} | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
terraform { | ||
source = "${get_repo_root()}/deployment/modules/gcp/cloudbuild" | ||
} | ||
|
||
locals { | ||
project_id = "trillian-tessera" | ||
region = "us-central1" | ||
env = path_relative_to_include() | ||
} | ||
|
||
remote_state { | ||
backend = "gcs" | ||
|
||
config = { | ||
project = local.project_id | ||
location = local.region | ||
bucket = "${local.project_id}-cloudbuild-${local.env}-terraform-state" | ||
prefix = "${path_relative_to_include()}-terraform.tfstate" | ||
|
||
gcs_bucket_labels = { | ||
name = "terraform_state_storage" | ||
} | ||
} | ||
} |
File renamed without changes.
2 changes: 1 addition & 1 deletion
2
deployment/live/example-gcp/terragrunt.hcl → ...yment/live/gcp/example-gcp/terragrunt.hcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
terraform { | ||
required_providers { | ||
google = { | ||
source = "hashicorp/google" | ||
version = "5.41.0" | ||
} | ||
} | ||
} | ||
|
||
provider "google" { | ||
project = var.project_id | ||
region = var.region | ||
} | ||
|
||
# This will be configured by terragrunt when deploying | ||
terraform { | ||
backend "gcs" {} | ||
} | ||
|
||
resource "google_artifact_registry_repository" "docker" { | ||
repository_id = "docker-${var.env}" | ||
location = var.region | ||
description = "Tessera example docker images" | ||
format = "DOCKER" | ||
} | ||
|
||
locals { | ||
artifact_repo = "${var.region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.docker.name}" | ||
example_gcp_docker_image = "${local.artifact_repo}/example-gcp" | ||
} | ||
|
||
resource "google_cloudbuild_trigger" "docker" { | ||
name = "build-docker-${var.env}" | ||
service_account = google_service_account.cloudbuild_service_account.id | ||
location = var.region | ||
|
||
github { | ||
owner = "transparency-dev" | ||
name = "trillian-tessera" | ||
push { | ||
branch = "^main$" | ||
} | ||
} | ||
|
||
build { | ||
step { | ||
name = "gcr.io/cloud-builders/docker" | ||
args = [ | ||
"build", | ||
"-t", "${local.example_gcp_docker_image}:$SHORT_SHA", | ||
"-t", "${local.example_gcp_docker_image}:latest", | ||
"-f", "./cmd/example-gcp/Dockerfile", | ||
"." | ||
] | ||
} | ||
step { | ||
name = "gcr.io/cloud-builders/docker" | ||
args = [ | ||
"push", | ||
"--all-tags", | ||
local.example_gcp_docker_image | ||
] | ||
} | ||
options { | ||
logging = "CLOUD_LOGGING_ONLY" | ||
} | ||
} | ||
} | ||
|
||
resource "google_service_account" "cloudbuild_service_account" { | ||
account_id = "cloudbuild-${var.env}-sa" | ||
display_name = "Service Account for CloudBuild (${var.env})" | ||
} | ||
|
||
resource "google_project_iam_member" "act_as" { | ||
project = var.project_id | ||
role = "roles/iam.serviceAccountUser" | ||
member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" | ||
} | ||
|
||
resource "google_project_iam_member" "logs_writer" { | ||
project = var.project_id | ||
role = "roles/logging.logWriter" | ||
member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" | ||
} | ||
|
||
resource "google_project_iam_member" "artifact_registry_writer" { | ||
project = var.project_id | ||
role = "roles/artifactregistry.writer" | ||
member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" | ||
} | ||
|
||
resource "google_project_iam_member" "cloudrun_deployer" { | ||
project = var.project_id | ||
role = "roles/run.developer" | ||
member = "serviceAccount:${google_service_account.cloudbuild_service_account.email}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
output "artifact_registry_id" { | ||
description = "The ID of the created artifact registry for docker images" | ||
value = google_artifact_registry_repository.docker.id | ||
} | ||
|
||
output "artifact_registry_name" { | ||
description = "The name of the created artifact registry for docker images" | ||
value = google_artifact_registry_repository.docker.name | ||
} | ||
|
||
output "cloudbuild_trigger_id" { | ||
description = "The ID of the created trigger for building images" | ||
value = google_cloudbuild_trigger.docker.id | ||
} | ||
|
||
output "docker_image" { | ||
description = "The address of the docker image that will be built" | ||
value = local.example_gcp_docker_image | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
variable "project_id" { | ||
description = "The project ID to host the builds in" | ||
type = string | ||
} | ||
|
||
variable "region" { | ||
description = "The region to host the builds in" | ||
type = string | ||
} | ||
|
||
variable "env" { | ||
description = "Unique identifier for the env, e.g. ci or prod" | ||
type = string | ||
} |
File renamed without changes.
File renamed without changes.
File renamed without changes.