From a581a1ed20b45e4a84943bacb39bdde37dad0959 Mon Sep 17 00:00:00 2001 From: Caetano Colin <164910343+caetano-colin@users.noreply.github.com> Date: Tue, 10 Dec 2024 16:49:51 -0300 Subject: [PATCH] feat: add github and gitlab support on 1-bootstrap (#288) Co-authored-by: Andrew Peabody --- 1-bootstrap/README.md | 167 ++++++++++++++++++- 1-bootstrap/main.tf | 42 +++-- 1-bootstrap/variables.tf | 80 ++++++++- 2-multitenant/README.md | 18 +- 3-fleetscope/README.md | 18 +- 3-fleetscope/modules/env_baseline/acm.tf | 1 + 4-appfactory/README.md | 18 +- test/integration/bootstrap/bootstrap_test.go | 4 +- 8 files changed, 326 insertions(+), 22 deletions(-) diff --git a/1-bootstrap/README.md b/1-bootstrap/README.md index 181ff225..75b9b5df 100644 --- a/1-bootstrap/README.md +++ b/1-bootstrap/README.md @@ -22,6 +22,166 @@ Each pipeline has the following associated resources: ## Usage +### Pre-requisites + +#### Secrets Project + +You will need a Google Cloud project with [Secret Manager](https://cloud.google.com/security/products/secret-manager) to store your git credentials, throughout the documentation this will be referenced as `$GIT_SECRET_PROJECT`. + +#### Cloud Build with Github Pre-requisites + +To proceed with GitHub as your git provider you will need: + +- An authenticated GitHub account. The steps in this documentation assumes you have a configured SSH key for cloning and modifying repositories. +- A **private** [GitHub repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-new-repository) for each one of the repositories below: + - Multitenant (`eab-multitenant`) + - Fleetscope (`eab-fleetscope`) + - Application Factory (`eab-applicationfactory`) + + > Note: Default names for the repositories are, in sequence: `eab-multitenant`, `eab-fleetscope` and `eab-applicationfactory`; If you choose other names for your repository make sure you update `terraform.tfvars` the repository names under `cloudbuildv2_repository_config` variable. + +- [Install Cloud Build App on Github](https://github.com/apps/google-cloud-build). After the installation, take note of the application id, it will be used later. +- [Create Personal Access Token on Github with `repo` and `read:user` (or if app is installed in org use `read:org`)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) - After creating the token in Secret Manager, you will use the secret id in the `terraform.tfvars` file. +- Create a secret for the Github Cloud Build App ID: + + ```bash + APP_ID_VALUE= + printf $APP_ID_VALUE | gcloud secrets create github-app-id --project=$GIT_SECRET_PROJECT --data-file=- + ``` + +- Take note of the secret id, it will be used in `terraform.tfvars` later on: + + ```bash + gcloud secrets describe github-app-id --project=$GIT_SECRET_PROJECT --format="value(name)" + ``` + +- Create a secret for the Github Personal Access Token: + + ```bash + GITHUB_TOKEN= + printf $GITHUB_TOKEN | gcloud secrets create github-pat --project=$GIT_SECRET_PROJECT --data-file=- + ``` + +- Take note of the secret id, it will be used in `terraform.tfvars` later on: + + ```bash + gcloud secrets describe github-pat --project=$GIT_SECRET_PROJECT --format="value(name)" + ``` + +- Populate your `terraform.tfvars` file in `1-bootstrap` with the Cloud Build 2nd Gen configuration variable, here is an example: + + ```hcl + cloudbuildv2_repository_config = { + repo_type = "GITHUBv2" + + repositories = { + multitenant = { + repository_name = "eab-multitenant" + repository_url = "https://github.com/your-org/eab-multitenant.git" + } + + applicationfactory = { + repository_name = "eab-applicationfactory" + repository_url = "https://github.com/your-org/eab-applicationfactory.git" + } + + fleetscope = { + repository_name = "eab-fleetscope" + repository_url = "https://github.com/your-org/eab-fleetscope.git" + } + } + + github_secret_id = "projects/REPLACE_WITH_PRJ_NUMBER/secrets/github-pat" # Personal Access Token Secret + github_app_id_secret_id = "projects/REPLACE_WITH_PRJ_NUMBER/secrets/github-app-id" # App ID value secret + } + ``` + +#### Cloud Build with Gitlab Pre-requisites + +To proceed with Gitlab as your git provider you will need: + +- An authenticated Gitlab account. The steps in this documentation assumes you have a configured SSH key for cloning and modifying repositories. +- A **private** GitLab repository for each one of the repositories below: + - Multitenant (`eab-multitenant`) + - Fleetscope (`eab-fleetscope`) + - Application Factory (`eab-applicationfactory`) + + > Note: Default names for the repositories are, in sequence: `eab-multitenant`, `eab-fleetscope` and `eab-applicationfactory`; If you choose other names for your repository make sure you update `terraform.tfvars` the repository names under `cloudbuildv2_repository_config` variable. + +- An access token with the `api` scope to use for connecting and disconnecting repositories. + +- An access token with the `read_api` scope to ensure Cloud Build repositories can access source code in repositories. + +- Create a secret for the Gitlab API Access Token: + + ```bash + GITLAB_API_TOKEN= + printf $GITLAB_API_TOKEN | gcloud secrets create gitlab-api-token --project=$GIT_SECRET_PROJECT --data-file=- + ``` + +- Take note of the secret id, it will be used in `terraform.tfvars` later on: + + ```bash + gcloud secrets describe gitlab-api-token --project=$GIT_SECRET_PROJECT --format="value(name)" + ``` + +- Create a secret for the Gitlab Read API Access Token: + + ```bash + GITLAB_READ_API_TOKEN= + printf $GITLAB_READ_API_TOKEN | gcloud secrets create gitlab-read-api-token --project=$GIT_SECRET_PROJECT --data-file=- + ``` + +- Take note of the secret id, it will be used in `terraform.tfvars` later on: + + ```bash + gcloud secrets describe gitlab-read-api-token --project=$GIT_SECRET_PROJECT --format="value(name)" + ``` + +- Generate a random 36 character string that will be used as the Webhook Secret: + + ```bash + GITLAB_WEBHOOK= + printf $GITLAB_WEBHOOK | gcloud secrets create gitlab-webhook --project=$GIT_SECRET_PROJECT --data-file=- + ``` + + > NOTE: for testing purposes, you may use the following command to generate the webhook in bash: `GITLAB_WEBHOOK=$(cat /dev/urandom | tr -dc "[:alnum:]" | head -c 36)` + +- Take note of the secret id, it will be used in `terraform.tfvars` later on: + + ```bash + gcloud secrets describe gitlab-webhook --project=$GIT_SECRET_PROJECT --format="value(name)" + ``` + +- Populate your `terraform.tfvars` file in `1-bootstrap` with the Cloud Build 2nd Gen configuration variable, here is an example: + + ```hcl + cloudbuildv2_repository_config = { + repo_type = "GITLABv2" + + repositories = { + multitenant = { + repository_name = "eab-multitenant" + repository_url = "https://gitlab.com/your-group/eab-multitenant.git" + } + + applicationfactory = { + repository_name = "eab-applicationfactory" + repository_url = "https://gitlab.com/your-group/eab-applicationfactory.git" + } + + fleetscope = { + repository_name = "eab-fleetscope" + repository_url = "https://gitlab.com/your-group/eab-fleetscope.git" + } + } + + gitlab_authorizer_credential_secret_id = "projects/REPLACE_WITH_PRJ_NUMBER/secrets/gitlab-api-token" + gitlab_read_authorizer_credential_secret_id = "projects/REPLACE_WITH_PRJ_NUMBER/secrets/gitlab-read-api-token" + gitlab_webhook_secret_id = "projects/REPLACE_WITH_PRJ_NUMBER/secrets/gitlab-webhook" + } + ``` + ### Deploying with Cloud Build #### Deploying on Enterprise Foundation blueprint @@ -56,7 +216,9 @@ example-organization mv terraform.example.tfvars terraform.tfvars ``` -1. Update the `terraform.tfvars` file with your project id. +1. Update the `terraform.tfvars` file with your project id. If you are using Github or Gitlab as your Git provider for Cloud Build, you will need to configure the `cloudbuildv2_repository_config` variable as described in the following sections: + - [Cloud Build with Github Pre-requisites](#cloud-build-with-github-pre-requisites) + - [Cloud Build with Gitlab Pre-requisites](#cloud-build-with-gitlab-pre-requisites) You can now deploy the common environment for these pipelines. @@ -106,12 +268,13 @@ Within the repository, you'll find `backend.tf` files that define the GCS bucket |------|-------------|------|---------|:--------:| | bucket\_force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no | | bucket\_prefix | Name prefix to use for buckets created. | `string` | `"bkt"` | no | +| cloudbuildv2\_repository\_config | Configuration for integrating repositories with Cloud Build v2:
- repo\_type: Specifies the type of repository. Supported types are 'GITHUBv2', 'GITLABv2', and 'CSR'.
- repositories: A map of repositories to be created. The key must match the exact name of the repository. Each repository is defined by:
- repository\_name: The name of the repository.
- repository\_url: The URL of the repository.
- github\_secret\_id: (Optional) The personal access token for GitHub authentication.
- github\_app\_id\_secret\_id: (Optional) The application ID for a GitHub App used for authentication.
- gitlab\_read\_authorizer\_credential\_secret\_id: (Optional) The read authorizer credential for GitLab access.
- gitlab\_authorizer\_credential\_secret\_id: (Optional) The authorizer credential for GitLab access.
- gitlab\_webhook\_secret\_id: (Optional) The secret ID for the GitLab WebHook..
Note: When using GITLABv2, specify `gitlab_read_authorizer_credential` and `gitlab_authorizer_credential` and `gitlab_webhook_secret_id`.
Note: When using GITHUBv2, specify `github_pat` and `github_app_id`.
Note: If 'cloudbuildv2\_repository\_config' variable is not configured, CSR (Cloud Source Repositories) will be used by default. | 
object({
    repo_type = string # Supported values are: GITHUBv2, GITLABv2 and CSR
    # repositories to be created
    repositories = object({
      multitenant = object({
        repository_name = optional(string, "eab-multitenant")
        repository_url  = string
      }),
      applicationfactory = object({
        repository_name = optional(string, "eab-applicationfactory")
        repository_url  = string
      }),
      fleetscope = object({
        repository_name = optional(string, "eab-fleetscope")
        repository_url  = string
      }),
    })
    # Credential Config for each repository type
    github_secret_id                            = optional(string)
    github_app_id_secret_id                     = optional(string)
    gitlab_read_authorizer_credential_secret_id = optional(string)
    gitlab_authorizer_credential_secret_id      = optional(string)
    gitlab_webhook_secret_id                    = optional(string)
  })
| 
{
  "repo_type": "CSR",
  "repositories": {
    "applicationfactory": {
      "repository_url": ""
    },
    "fleetscope": {
      "repository_url": ""
    },
    "multitenant": {
      "repository_url": ""
    }
  }
}
| no | | common\_folder\_id | Folder ID in which to create all application admin projects, must be prefixed with 'folders/' | `string` | n/a | yes | | envs | Environments | 
map(object({
    billing_account    = string
    folder_id          = string
    network_project_id = string
    network_self_link  = string
    org_id             = string
    subnets_self_links = list(string)
  }))
| n/a | yes | | location | Location for build buckets. | `string` | `"us-central1"` | no | | project\_id | Project ID for initial resources | `string` | n/a | yes | | tf\_apply\_branches | List of git branches configured to run terraform apply Cloud Build trigger. All other branches will run plan by default. | `list(string)` | 
[
  "development",
  "nonproduction",
  "production"
]
| no | -| trigger\_location | Location of for Cloud Build triggers created in the workspace. If using private pools should be the same location as the pool. | `string` | `"global"` | no | +| trigger\_location | Location of for Cloud Build triggers created in the workspace. If using private pools should be the same location as the pool. | `string` | `"us-central1"` | no | ## Outputs diff --git a/1-bootstrap/main.tf b/1-bootstrap/main.tf index 8f5d5125..235e0d03 100644 --- a/1-bootstrap/main.tf +++ b/1-bootstrap/main.tf @@ -17,34 +17,52 @@ locals { cb_config = { "multitenant" = { - repo_name = "eab-multitenant", bucket_infix = "mt" roles = [ "roles/container.admin" ] } "applicationfactory" = { - repo_name = "eab-applicationfactory", bucket_infix = "af" roles = ["roles/resourcemanager.projectIamAdmin"] } "fleetscope" = { - repo_name = "eab-fleetscope", bucket_infix = "fs" roles = [] } } + use_csr = var.cloudbuildv2_repository_config.repo_type == "CSR" + csr_repos = local.use_csr ? { for k, v in var.cloudbuildv2_repository_config.repositories : k => v.repository_name } : {} cb_service_accounts_emails = { for k, v in module.tf_cloudbuild_workspace : k => reverse(split("/", v.cloudbuild_sa))[0] } } resource "google_sourcerepo_repository" "gcp_repo" { - for_each = local.cb_config + for_each = local.csr_repos project = var.project_id - name = each.value.repo_name + name = each.value create_ignore_already_exists = true } +module "cloudbuild_repositories" { + count = local.use_csr ? 0 : 1 + + source = "terraform-google-modules/bootstrap/google//modules/cloudbuild_repo_connection" + version = "~> 10.0" + + project_id = var.project_id + + connection_config = { + connection_type = var.cloudbuildv2_repository_config.repo_type + github_secret_id = var.cloudbuildv2_repository_config.github_secret_id + github_app_id_secret_id = var.cloudbuildv2_repository_config.github_app_id_secret_id + gitlab_read_authorizer_credential_secret_id = var.cloudbuildv2_repository_config.gitlab_read_authorizer_credential_secret_id + gitlab_authorizer_credential_secret_id = var.cloudbuildv2_repository_config.gitlab_authorizer_credential_secret_id + gitlab_webhook_secret_id = var.cloudbuildv2_repository_config.gitlab_webhook_secret_id + } + cloud_build_repositories = var.cloudbuildv2_repository_config.repositories +} + module "tfstate_bucket" { source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket" version = "~> 8.0" @@ -56,19 +74,19 @@ module "tfstate_bucket" { } module "tf_cloudbuild_workspace" { + for_each = var.cloudbuildv2_repository_config.repositories + source = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace" version = "~> 10.0" - for_each = local.cb_config - project_id = var.project_id location = var.location - tf_repo_uri = google_sourcerepo_repository.gcp_repo[each.key].url - tf_repo_type = "CLOUD_SOURCE_REPOSITORIES" + tf_repo_uri = local.use_csr ? google_sourcerepo_repository.gcp_repo[each.key].url : module.cloudbuild_repositories[0].cloud_build_repositories_2nd_gen_repositories[each.key].id + tf_repo_type = local.use_csr ? "CLOUD_SOURCE_REPOSITORIES" : "CLOUDBUILD_V2_REPOSITORY" trigger_location = var.trigger_location - artifacts_bucket_name = "${var.bucket_prefix}-${var.project_id}-${each.value.bucket_infix}-build" - log_bucket_name = "${var.bucket_prefix}-${var.project_id}-${each.value.bucket_infix}-logs" + artifacts_bucket_name = "${var.bucket_prefix}-${var.project_id}-${local.cb_config[each.key].bucket_infix}-build" + log_bucket_name = "${var.bucket_prefix}-${var.project_id}-${local.cb_config[each.key].bucket_infix}-logs" create_state_bucket = false state_bucket_self_link = module.tfstate_bucket.bucket.self_link @@ -78,7 +96,7 @@ module "tf_cloudbuild_workspace" { cloudbuild_sa_roles = { "roles" = { project_id = var.project_id - roles = each.value.roles } + roles = local.cb_config[each.key].roles } } substitutions = { diff --git a/1-bootstrap/variables.tf b/1-bootstrap/variables.tf index 01818e60..ff8a76b1 100644 --- a/1-bootstrap/variables.tf +++ b/1-bootstrap/variables.tf @@ -40,7 +40,7 @@ variable "location" { variable "trigger_location" { description = "Location of for Cloud Build triggers created in the workspace. If using private pools should be the same location as the pool." type = string - default = "global" + default = "us-central1" } variable "tf_apply_branches" { @@ -70,3 +70,81 @@ variable "common_folder_id" { error_message = "The folder ID must be prefixed with 'folders/'." } } + +variable "cloudbuildv2_repository_config" { + description = <<-EOT + Configuration for integrating repositories with Cloud Build v2: + - repo_type: Specifies the type of repository. Supported types are 'GITHUBv2', 'GITLABv2', and 'CSR'. + - repositories: A map of repositories to be created. The key must match the exact name of the repository. Each repository is defined by: + - repository_name: The name of the repository. + - repository_url: The URL of the repository. + - github_secret_id: (Optional) The personal access token for GitHub authentication. + - github_app_id_secret_id: (Optional) The application ID for a GitHub App used for authentication. + - gitlab_read_authorizer_credential_secret_id: (Optional) The read authorizer credential for GitLab access. + - gitlab_authorizer_credential_secret_id: (Optional) The authorizer credential for GitLab access. + - gitlab_webhook_secret_id: (Optional) The secret ID for the GitLab WebHook.. + Note: When using GITLABv2, specify `gitlab_read_authorizer_credential` and `gitlab_authorizer_credential` and `gitlab_webhook_secret_id`. + Note: When using GITHUBv2, specify `github_pat` and `github_app_id`. + Note: If 'cloudbuildv2_repository_config' variable is not configured, CSR (Cloud Source Repositories) will be used by default. + EOT + type = object({ + repo_type = string # Supported values are: GITHUBv2, GITLABv2 and CSR + # repositories to be created + repositories = object({ + multitenant = object({ + repository_name = optional(string, "eab-multitenant") + repository_url = string + }), + applicationfactory = object({ + repository_name = optional(string, "eab-applicationfactory") + repository_url = string + }), + fleetscope = object({ + repository_name = optional(string, "eab-fleetscope") + repository_url = string + }), + }) + # Credential Config for each repository type + github_secret_id = optional(string) + github_app_id_secret_id = optional(string) + gitlab_read_authorizer_credential_secret_id = optional(string) + gitlab_authorizer_credential_secret_id = optional(string) + gitlab_webhook_secret_id = optional(string) + }) + + # If cloudbuildv2 is not configured, then auto-creation with CSR will be used + default = { + repo_type = "CSR" + repositories = { + multitenant = { + repository_url = "" + }, + fleetscope = { + repository_url = "" + } + applicationfactory = { + repository_url = "" + } + } + } + + validation { + condition = ( + var.cloudbuildv2_repository_config.repo_type == "GITHUBv2" ? ( + var.cloudbuildv2_repository_config.github_secret_id != null && + var.cloudbuildv2_repository_config.github_app_id_secret_id != null && + var.cloudbuildv2_repository_config.gitlab_read_authorizer_credential_secret_id == null && + var.cloudbuildv2_repository_config.gitlab_authorizer_credential_secret_id == null && + var.cloudbuildv2_repository_config.gitlab_webhook_secret_id == null + ) : var.cloudbuildv2_repository_config.repo_type == "GITLABv2" ? ( + var.cloudbuildv2_repository_config.github_secret_id == null && + var.cloudbuildv2_repository_config.github_app_id_secret_id == null && + var.cloudbuildv2_repository_config.gitlab_read_authorizer_credential_secret_id != null && + var.cloudbuildv2_repository_config.gitlab_authorizer_credential_secret_id != null && + var.cloudbuildv2_repository_config.gitlab_webhook_secret_id != null + ) : var.cloudbuildv2_repository_config.repo_type == "CSR" ? true : false + ) + error_message = "You must specify a valid repo_type ('GITHUBv2', 'GITLABv2', or 'CSR'). For 'GITHUBv2', all 'github_' prefixed variables must be defined and no 'gitlab_' prefixed variables should be defined. For 'GITLABv2', all 'gitlab_' prefixed variables must be defined and no 'github_' prefixed variables should be defined." + } + +} diff --git a/2-multitenant/README.md b/2-multitenant/README.md index 54b9aafd..744cf6fe 100644 --- a/2-multitenant/README.md +++ b/2-multitenant/README.md @@ -34,6 +34,8 @@ The steps below assume that you are checked out on the same level as `terraform- > NOTE: If you don't have the foundation codebase, you can clone it by running the following command: `git clone --branch v4.1.0 https://github.com/terraform-google-modules/terraform-example-foundation.git` +Please note that some steps in this documentation are specific to the selected Git provider. These steps are clearly marked at the beginning of each instruction. For example, if a step applies only to GitHub users, it will be labeled with "(GitHub only)." + 1. Retrieve Multi-tenant administration project variable value from 1-bootstrap: ```bash @@ -42,13 +44,25 @@ The steps below assume that you are checked out on the same level as `terraform- echo multitenant_admin_project=$multitenant_admin_project ``` -1. (CSR) Clone the infrastructure pipeline repository: +1. (CSR Only) Clone the infrastructure pipeline repository: ```bash gcloud source repos clone eab-multitenant --project=$multitenant_admin_project ``` -1. Initialize the git repository, copy `2-multitenant` code into the repository, cloudbuild yaml files and terraform wrapper script: +1. (Github Only) When using Github with Cloud Build, clone the repository with the following command. + + ```bash + git clone git@github.com:/eab-multitenant.git + ``` + +1. (Gitlab Only) When using Gitlab with Cloud Build, clone the repository with the following command. + + ```bash + git clone git@gitlab.com:/eab-multitenant.git + ``` + +1. Initialize the git repository, copy `2-multitenant` code into the repository, Cloud Build yaml files and terraform wrapper script: ```bash cd eab-multitenant diff --git a/3-fleetscope/README.md b/3-fleetscope/README.md index 60f644c0..6a72d2a2 100644 --- a/3-fleetscope/README.md +++ b/3-fleetscope/README.md @@ -38,6 +38,8 @@ The steps below assume that you are checked out on the same level as `terraform- └── . ``` +Please note that some steps in this documentation are specific to the selected Git provider. These steps are clearly marked at the beginning of each instruction. For example, if a step applies only to GitHub users, it will be labeled with "(GitHub only)." + 1. Retrieve Multi-tenant administration project variable value from 1-bootstrap: ```bash @@ -46,13 +48,25 @@ The steps below assume that you are checked out on the same level as `terraform- echo multitenant_admin_project=$multitenant_admin_project ``` -1. (CSR) Clone the infrastructure pipeline repository: +1. (CSR Only) Clone the infrastructure pipeline repository: ```bash gcloud source repos clone eab-fleetscope --project=$multitenant_admin_project ``` -1. Initialize the git repository, copy `3-fleetscope` code into the repository, cloudbuild yaml files and terraform wrapper script: +1. (Github Only) When using Github with Cloud Build, clone the repository with the following command. + + ```bash + git clone git@github.com:/eab-fleetscope.git + ``` + +1. (Gitlab Only) When using Gitlab with Cloud Build, clone the repository with the following command. + + ```bash + git clone git@gitlab.com:/eab-fleetscope.git + ``` + +1. Initialize the git repository, copy `3-fleetscope` code into the repository, Cloud Build yaml files and terraform wrapper script: ```bash cd eab-fleetscope diff --git a/3-fleetscope/modules/env_baseline/acm.tf b/3-fleetscope/modules/env_baseline/acm.tf index b2b7bc99..27ed1fe2 100644 --- a/3-fleetscope/modules/env_baseline/acm.tf +++ b/3-fleetscope/modules/env_baseline/acm.tf @@ -70,6 +70,7 @@ resource "google_gke_hub_feature_membership" "acm_feature_member" { enabled = true source_format = "unstructured" git { + // TODO: Update to use another credential type https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/reference/rootsync-reposync-fields sync_repo = google_sourcerepo_repository.acm_repo.url secret_type = "gcpserviceaccount" gcp_service_account_email = google_service_account.root_reconciler.email diff --git a/4-appfactory/README.md b/4-appfactory/README.md index 4895d5cf..cd967146 100644 --- a/4-appfactory/README.md +++ b/4-appfactory/README.md @@ -42,6 +42,8 @@ The steps below assume that you are checked out on the same level as `terraform- └── . ``` +Please note that some steps in this documentation are specific to the selected Git provider. These steps are clearly marked at the beginning of each instruction. For example, if a step applies only to GitHub users, it will be labeled with "(GitHub only)." + 1. Retrieve Multi-tenant administration project variable value from 1-bootstrap: ```bash @@ -50,13 +52,25 @@ The steps below assume that you are checked out on the same level as `terraform- echo multitenant_admin_project=$multitenant_admin_project ``` -1. (CSR) Clone the infrastructure pipeline repository: +1. (CSR Only) Clone the infrastructure pipeline repository: ```bash gcloud source repos clone eab-applicationfactory --project=$multitenant_admin_project ``` -1. Initialize the git repository, copy `4-appfactory` code into the repository, cloudbuild yaml files and terraform wrapper script: +1. (Github Only) When using Github with Cloud Build, clone the repository with the following command. + + ```bash + git clone git@github.com:/eab-applicationfactory.git + ``` + +1. (Gitlab Only) When using Gitlab with Cloud Build, clone the repository with the following command. + + ```bash + git clone git@gitlab.com:/eab-applicationfactory.git + ``` + +1. Initialize the git repository, copy `4-appfactory` code into the repository, Cloud Build yaml files and terraform wrapper script: ```bash cd eab-applicationfactory diff --git a/test/integration/bootstrap/bootstrap_test.go b/test/integration/bootstrap/bootstrap_test.go index 44e96f96..a0ab40e3 100644 --- a/test/integration/bootstrap/bootstrap_test.go +++ b/test/integration/bootstrap/bootstrap_test.go @@ -34,6 +34,8 @@ import ( func TestBootstrap(t *testing.T) { + triggerRegion := "us-central1" + vars := map[string]interface{}{ "bucket_force_destroy": true, } @@ -125,7 +127,7 @@ func TestBootstrap(t *testing.T) { fmt.Sprintf("trigger_template.branch_name='%s' trigger_template.repo_name='%s' AND name='%s-apply'", branchesRegex, repo, repo), fmt.Sprintf("trigger_template.branch_name='%s' trigger_template.repo_name='%s' AND name='%s-plan'", branchesRegex, repo, repo), } { - cbOpts := gcloud.WithCommonArgs([]string{"--project", projectID, "--filter", filter, "--format", "json"}) + cbOpts := gcloud.WithCommonArgs([]string{"--project", projectID, "--filter", filter, "--format", "json", "--region", triggerRegion}) cbTriggers := gcloud.Run(t, "beta builds triggers list", cbOpts).Array() assert.Equal(1, len(cbTriggers), fmt.Sprintf("cloud builds trigger with filter %s should exist", filter)) }