forked from GoogleCloudPlatform/gke-poc-toolkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild.yaml
125 lines (113 loc) · 4.4 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
availableSecrets:
secretManager:
- versionName: projects/927114482793/secrets/GKE-POC-TOOLKIT-GH-TOKEN/versions/latest
env: GH_TOKEN
steps:
- name: 'alpine'
id: 'branch name'
entrypoint: 'sh'
args:
- '-c'
- |
echo "***********************"
echo "$BRANCH_NAME"
echo "***********************"
# [START tf-fmt]
- name: 'hashicorp/terraform:0.13.0'
id: 'tf fmt'
entrypoint: 'sh'
args:
- '-c'
- |
if [ -d "terraform/" ]; then
for dir in terraform/*
do
cd ${dir}
env=${dir%*/}
env=${env#*/}
echo ""
echo "******* Executing Terraform Format against environment: ${env}"
terraform fmt -diff -check=true -write=false
if [ $? -ne 0 ]; then
apk add curl
echo "{\"body\": \"Please run the \`terraform fmt\` command against the **/terraform/${env}** directory and then resubmit the Pull Request. It is required that \`terraform fmt\` be executed against all Terraform configuration files in order to provide consistency across the repo.\"}" > /workspace/api_payload.txt && \
curl -s -H "Authorization: token $$GH_TOKEN" -X POST -d @/workspace/api_payload.txt "https://api.github.com/repos/GoogleCloudPlatform/gke-poc-toolkit/issues/$_PR_NUMBER/comments"
exit 1
fi
cd ../../
done
fi
secretEnv: ['GH_TOKEN']
# [END tf-fmt]
# [END tf-init]
- name: 'hashicorp/terraform:0.13.0'
id: 'tf init'
entrypoint: 'sh'
args:
- '-c'
- |
if [ -d "terraform/" ]; then
for dir in terraform/*
do
cd ${dir}
env=${dir%*/}
env=${env#*/}
echo ""
echo "******* Executing Terraform Init against environment: ${env}"
terraform init || {
apk add curl
echo "{\"body\": \"An error was detected executing \`terraform init\` against the **/terraform/${env}** directory. Please run \`terraform init\` locally against that directory to resolve any errors and then resubmit the Pull Request.\"}" > /workspace/api_payload.txt && \
curl -s -H "Authorization: token $$GH_TOKEN" -X POST -d @/workspace/api_payload.txt "https://api.github.com/repos/GoogleCloudPlatform/gke-poc-toolkit/issues/$_PR_NUMBER/comments"
exit 1
}
cd ../../
done
fi
secretEnv: ['GH_TOKEN']
# [END tf-init]
# [START tf-plan]
- name: 'hashicorp/terraform:0.13.0'
id: 'tf plan'
entrypoint: 'sh'
args:
- '-c'
- |
if [ -d "terraform/" ]; then
for dir in terraform/*
do
cd ${dir}
env=${dir%*/}
env=${env#*/}
echo ""
echo "******* Executing Terraform Plan against environment: ${env}"
# Changing bastion members to GKE Service Account Email for validation purposes.
sed -i s/data.google_client_openid_userinfo.me.email/local.gke_service_account_email/g main.tf
# Remove provider.tf for testing purposes - requires an existing deployment.
if [ -f "provider.tf" ]; then
rm provider.tf
fi
terraform plan -var 'project_id=cloud-build-github-trigger' -var 'governance_project_id=cloud-build-github-trigger' || {
apk add curl
echo "{\"body\": \"An error was detected executing \`terraform plan\` against the **/terraform/${env}** directory. Please run \`terraform plan\` locally against that directory to resolve any errors and then resubmit the Pull Request.\"}" > /workspace/api_payload.txt && \
curl -s -H "Authorization: token $$GH_TOKEN" -X POST -d @/workspace/api_payload.txt "https://api.github.com/repos/GoogleCloudPlatform/gke-poc-toolkit/issues/$_PR_NUMBER/comments"
exit 1
}
cd ../../
done
fi
secretEnv: ['GH_TOKEN']
# [END tf-plan]
# [START completion-comment]
- name: 'alpine'
id: 'comment - ready for review'
entrypoint: 'sh'
args:
- '-c'
- |
echo ""
echo "*************** PRECHECKS COMPLETE ******************"
apk add curl
echo "{\"body\": \"Prechecks Complete - Ready for review\"}" > /workspace/api_payload.txt && \
curl -s -H "Authorization: token $$GH_TOKEN" -X POST -d @/workspace/api_payload.txt "https://api.github.com/repos/GoogleCloudPlatform/gke-poc-toolkit/issues/$_PR_NUMBER/comments"
secretEnv: ['GH_TOKEN']
# [END completion-comment]