feat: support for gcp

humanitec-architecture · Oct 11, 2023 · 40a153f · 40a153f
1 parent 2d00642
commit 40a153f
Show file tree

Hide file tree

Showing 11 changed files with 170 additions and 10 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -8,9 +8,15 @@ concurrency: ${{ github.ref }}
 
 env:
   IMAGE: backstage
-  AWS_REGION: ${{ vars.AWS_REGION }}
   SCORE_HUMANITEC_VERSION: '0.8.0'
+  # CLOUD_PROVIDER: aws
+  AWS_REGION: ${{ vars.AWS_REGION }}
   AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
+  # CLOUD_PROVIDER: gcp
+  GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+  GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
+  GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
+  GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
 
 jobs:
   deploy:
@@ -24,7 +30,7 @@ jobs:
     env:
       DOCKER_BUILDKIT: "1"
 
-    if: ${{ github.repository_owner != 'humanitec-architecture' }}
+    if: ${{ vars.CLOUD_PROVIDER }}
 
     steps:
       - uses: actions/checkout@v3
@@ -41,24 +47,41 @@ jobs:
         with:
           file_pattern: 'catalog-info.yaml templates/*.yaml'
 
-      - name: configure aws credentials
+
+      - if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
+        name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
           role-to-assume: ${{ env.AWS_ROLE_ARN }}
           aws-region: ${{ env.AWS_REGION }}
 
-      - name: login to aws ecr
+      - if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
+        name: login to aws ecr
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v1
         with:
           mask-password: 'true'
 
-      - name: "set CONTAINER_REGISTRY env var"
+      - if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
+        name: "set CONTAINER_REGISTRY env var"
         run: |
           echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
 
+      - if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
+        name: configure gcp credentials
+        uses: google-github-actions/auth@v1
+        with:
+          workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
+
+      - if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
+        name: login to gcp gar
+        run: |
+          gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
+          echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
+
       - name: Set Tag with SHA
         run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
 

diff --git a/app-config.yaml b/app-config.yaml
@@ -61,3 +61,5 @@ catalog:
 humanitec:
   orgId: ${HUMANITEC_ORG_ID}
   token: ${HUMANITEC_TOKEN}
+
+cloudProvider: ${CLOUD_PROVIDER}
diff --git a/packages/backend/src/actions/get-environment.ts b/packages/backend/src/actions/get-environment.ts
@@ -3,9 +3,10 @@ import { createTemplateAction } from '@backstage/plugin-scaffolder-backend';
 interface EnvironmentAction {
   orgId: string
   awsRegion: string
+  cloudProvider: string
 }
 
-export function createGetEnvironmentAction({ orgId, awsRegion }: EnvironmentAction) {
+export function createGetEnvironmentAction({ orgId, awsRegion, cloudProvider }: EnvironmentAction) {
   return createTemplateAction({
     id: 'backend:get-environment',
     schema: {
@@ -17,13 +18,17 @@ export function createGetEnvironmentAction({ orgId, awsRegion }: EnvironmentActi
           },
           awsRegion: {
             type: 'string'
+          },
+          cloudProvider: {
+            type: 'string'
           }
         }
       }
     },
     handler: async (ctx) => {
       ctx.output('orgId', orgId);
       ctx.output('awsRegion', awsRegion);
+      ctx.output('cloudProvider', cloudProvider);
     },
   });
 }
diff --git a/packages/backend/src/plugins/scaffolder.ts b/packages/backend/src/plugins/scaffolder.ts
@@ -33,6 +33,7 @@ export default async function createPlugin({
     createGetEnvironmentAction({
       orgId: config.getString('humanitec.orgId'),
       awsRegion: process.env.AWS_DEFAULT_REGION || '',
+      cloudProvider: config.getString('cloudProvider'),
     }),
     createHumanitecApp({
       orgId: config.getString('humanitec.orgId'),

diff --git a/score.yaml b/score.yaml
@@ -40,6 +40,7 @@ containers:
       POSTGRES_PORT: ${resources.db.port}
       POSTGRES_USER: ${resources.db.username}
       AWS_DEFAULT_REGION: ${values.AWS_DEFAULT_REGION}
+      CLOUD_PROVIDER: ${values.CLOUD_PROVIDER}
 
     files:
       - target: /app/credentials/github-app-backstage-humanitec-credentials.yaml

diff --git a/templates/node-service/content/.github/workflows/deploy.yaml b/templates/node-service/content/.github/workflows/deploy.yaml
@@ -10,10 +10,21 @@ concurrency:
 env:
 {% endraw %}
   IMAGE: ${{ values.image }}
+{% if values.cloudProvider === "aws" %}
 {% raw %}
   AWS_REGION: ${{ vars.AWS_REGION }}
   AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
 {% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+  GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+  GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
+  GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
+  GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
+{% endraw %}
+{% else %}
+# Unknown cloud provider: ${{ values.cloudProvider }}
+{% endif %}
   SCORE_HUMANITEC_VERSION: '0.8.0'
   APP_NAME: ${{ values.name }}
 
@@ -30,6 +41,9 @@ jobs:
       - name: Set Tag with SHA
         run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
 
+{% endraw %}
+{% if values.cloudProvider === "aws" %}
+{% raw %}
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
@@ -47,6 +61,22 @@ jobs:
           echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+{% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+      - name: configure gcp credentials
+        uses: google-github-actions/auth@v1
+        with:
+          workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
+
+      - name: login to gcp gar
+        run: |
+          gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
+          echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
+{% endraw %}
+{% endif %}
+{% raw %}
 
       - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG
       - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG

diff --git a/templates/node-service/content/.github/workflows/pull_request.yaml b/templates/node-service/content/.github/workflows/pull_request.yaml
@@ -8,8 +8,21 @@ permissions:
 env:
   APP_NAME: ${{ values.name }}
   IMAGE: ${{ values.image }}
-  AWS_REGION: {% raw %}${{ vars.AWS_REGION }}{% endraw %}
-  AWS_ROLE_ARN: {% raw %}${{ vars.AWS_ROLE_ARN }}{% endraw %}
+{% if values.cloudProvider === "aws" %}
+{% raw %}
+  AWS_REGION: ${{ vars.AWS_REGION }}
+  AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
+{% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+  GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+  GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
+  GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
+  GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
+{% endraw %}
+{% else %}
+# Unknown cloud provider: ${{ values.cloudProvider }}
+{% endif %}
 
   BASE_ENVIRONMENT: 'development'
   ENVIRONMENT_TYPE: 'development'
@@ -56,6 +69,9 @@ jobs:
       - name: Set Tag with SHA
         run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
 
+{% endraw %}
+{% if values.cloudProvider === "aws" %}
+{% raw %}
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
@@ -73,6 +89,22 @@ jobs:
           echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+{% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+      - name: configure gcp credentials
+        uses: google-github-actions/auth@v1
+        with:
+          workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
+
+      - name: login to gcp gar
+        run: |
+          gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
+          echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
+{% endraw %}
+{% endif %}
+{% raw %}
 
       - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG
       - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG

diff --git a/templates/node-service/template.yaml b/templates/node-service/template.yaml
@@ -33,6 +33,7 @@ spec:
     - id: create-ecr
       name: Create ECR Rrepository
       action: roadiehq:aws:ecr:create
+      if: ${{ steps.environment.output.cloudProvider == 'aws' }}
       input:
         repoName: ${{ parameters.componentName }}
         region: ${{ steps.environment.output.awsRegion }}
@@ -46,6 +47,7 @@ spec:
           name: ${{ parameters.componentName }}
           image: ${{ parameters.componentName }}
           orgId: ${{ steps.environment.output.orgId }}
+          cloudProvider: ${{ steps.environment.output.cloudProvider }}
 
     - id: publish
       name: Publish

diff --git a/templates/podinfo-example/content/.github/workflows/deploy.yaml b/templates/podinfo-example/content/.github/workflows/deploy.yaml
@@ -10,10 +10,21 @@ concurrency:
 env:
 {% endraw %}
   IMAGE: ${{ values.image }}
+{% if values.cloudProvider === "aws" %}
 {% raw %}
   AWS_REGION: ${{ vars.AWS_REGION }}
   AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
 {% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+  GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+  GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
+  GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
+  GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
+{% endraw %}
+{% else %}
+# Unknown cloud provider: ${{ values.cloudProvider }}
+{% endif %}
   SCORE_HUMANITEC_VERSION: '0.8.0'
   APP_NAME: ${{ values.name }}
 
@@ -30,6 +41,9 @@ jobs:
       - name: Set Tag with SHA
         run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
 
+{% endraw %}
+{% if values.cloudProvider === "aws" %}
+{% raw %}
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
@@ -47,6 +61,22 @@ jobs:
           echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+{% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+      - name: configure gcp credentials
+        uses: google-github-actions/auth@v1
+        with:
+          workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
+
+      - name: login to gcp gar
+        run: |
+          gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
+          echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
+{% endraw %}
+{% endif %}
+{% raw %}
 
       - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG
       - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG

diff --git a/templates/podinfo-example/content/.github/workflows/pull_request.yaml b/templates/podinfo-example/content/.github/workflows/pull_request.yaml
@@ -8,8 +8,21 @@ permissions:
 env:
   APP_NAME: ${{ values.name }}
   IMAGE: ${{ values.image }}
-  AWS_REGION: {% raw %}${{ vars.AWS_REGION }}{% endraw %}
-  AWS_ROLE_ARN: {% raw %}${{ vars.AWS_ROLE_ARN }}{% endraw %}
+{% if values.cloudProvider === "aws" %}
+{% raw %}
+  AWS_REGION: ${{ vars.AWS_REGION }}
+  AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
+{% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+  GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+  GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
+  GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
+  GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
+{% endraw %}
+{% else %}
+# Unknown cloud provider: ${{ values.cloudProvider }}
+{% endif %}
 
   BASE_ENVIRONMENT: 'development'
   ENVIRONMENT_TYPE: 'development'
@@ -56,6 +69,9 @@ jobs:
       - name: Set Tag with SHA
         run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
 
+{% endraw %}
+{% if values.cloudProvider === "aws" %}
+{% raw %}
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
@@ -73,6 +89,22 @@ jobs:
           echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+{% endraw %}
+{% elif values.cloudProvider === "gcp" %}
+{% raw %}
+      - name: configure gcp credentials
+        uses: google-github-actions/auth@v1
+        with:
+          workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
+
+      - name: login to gcp gar
+        run: |
+          gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
+          echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
+{% endraw %}
+{% endif %}
+{% raw %}
 
       - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG
       - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG

diff --git a/templates/podinfo-example/template.yaml b/templates/podinfo-example/template.yaml
@@ -33,6 +33,7 @@ spec:
     - id: create-ecr
       name: Create ECR Rrepository
       action: roadiehq:aws:ecr:create
+      if: ${{ steps.environment.output.cloudProvider == 'aws' }}
       input:
         repoName: ${{ parameters.componentName }}
         region: ${{ steps.environment.output.awsRegion }}
@@ -46,6 +47,7 @@ spec:
           name: ${{ parameters.componentName }}
           image: ${{ parameters.componentName }}
           orgId: ${{ steps.environment.output.orgId }}
+          cloudProvider: ${{ steps.environment.output.cloudProvider }}
 
     - id: publish
       name: Publish