feat: bootstrap phase (#8)

Co-authored-by: Andrew Peabody <[email protected]>

Author: gtsorbo

.github/conventional-commit-lint.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022-2023 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

.github/release-please.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

.github/trusted-contribution.yml

@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

.github/workflows/lint.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

.github/workflows/stale.yml

@@ -1,4 +1,4 @@
-# Copyright 2022-2024 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

1-bootstrap/README.md

@@ -0,0 +1,31 @@
+# EAB: Bootstrap phase
+
+The bootstrap phase establishes the 3 initial pipelines of the Enterprise Application blueprint. These pipelines are:
+- the Multitenant Infrastructure pipeline
+- the Application Factory
+- the Fleet-Scope pipeline
+
+Each pipeline has the following associated resources:
+- 2 Cloud Build triggers
+  - 1 trigger to run Terraform Plan commands upon changes to a non-main git branch
+  - 1 trigger to run Terraform Apply commands upon changes to the main git branch
+- 3 Cloud Storage buckets
+  - Terraform State bucket, to store the current state
+  - Build Artifacts bucket, to store any artifacts generated during the build process, such as `.tfplan` files
+  - Build Logs bucket, to store the logs from the build process
+- 1 service account for executing the Cloud Build build process
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | Project ID for initial resources | `any` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| state\_buckets | n/a |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

1-bootstrap/main.tf

@@ -0,0 +1,62 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  cb_config = {
+    "multitenant" = {
+      repo_name     = "eab-multitenant",
+      bucket_prefix = "mt"
+      roles = [
+        "roles/container.admin"
+      ]
+    }
+    "applicationfactory" = {
+      repo_name     = "eab-applicationfactory",
+      bucket_prefix = "af"
+      roles = [
+      ]
+    }
+    "fleetscope" = {
+      repo_name     = "eab-fleetscope",
+      bucket_prefix = "fs"
+      roles = [
+      ]
+    }
+  }
+}
+
+resource "google_sourcerepo_repository" "gcp_repo" {
+  for_each = local.cb_config
+
+  project = var.project_id
+  name    = each.value.repo_name
+}
+
+module "tf_cloudbuild_workspace" {
+  for_each = local.cb_config
+  source   = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
+  version  = "~> 7.0"
+
+  project_id               = var.project_id
+  tf_repo_uri              = google_sourcerepo_repository.gcp_repo[each.key].url
+  tf_repo_type             = "CLOUD_SOURCE_REPOSITORIES"
+  artifacts_bucket_name    = "${each.value.bucket_prefix}-build-${var.project_id}"
+  create_state_bucket_name = "${each.value.bucket_prefix}-state-${var.project_id}"
+  log_bucket_name          = "${each.value.bucket_prefix}-logs-${var.project_id}"
+
+  cloudbuild_plan_filename  = "cloudbuild-tf-plan.yaml"
+  cloudbuild_apply_filename = "cloudbuild-tf-apply.yaml"
+}

outputs.tf renamed to 1-bootstrap/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,6 @@
  * limitations under the License.
  */
 
-output "bucket_name" {
-  description = "Name of the bucket"
-  value       = google_storage_bucket.main.name
+output "state_buckets" {
+  value = { for key, value in module.tf_cloudbuild_workspace : key => value.state_bucket }
 }

examples/simple_example/variables.tf renamed to 1-bootstrap/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,6 +15,5 @@
  */
 
 variable "project_id" {
-  description = "The ID of the project in which to provision resources."
-  type        = string
+  description = "Project ID for initial resources"
 }

versions.tf renamed to 1-bootstrap/versions.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,6 @@ terraform {
   }
 
   provider_meta "google" {
-    module_name = "blueprints/terraform/terraform-google-enterprise-application/v0.0.1"
+    module_name = "blueprints/terraform/terraform-google-enterprise-application:bootstrap/v0.0.1"
   }
 }

Makefile

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

README.md

@@ -1,4 +1,4 @@
-# terraform-google-enterprise-application
+# Enterprise Application blueprint
 
 ## Description
 ### Tagline
@@ -48,18 +48,6 @@ Functional examples are included in the
 [examples](./examples/) directory.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| bucket\_name | The name of the bucket to create | `string` | n/a | yes |
-| project\_id | The project ID to deploy to | `string` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| bucket\_name | Name of the bucket |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

build/int.cloudbuild.yaml

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,18 +21,20 @@ steps:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
   - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
-- id: simple-example-init
+
+# Bootstrap
+- id: bootstrap-init
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage init --verbose']
-- id: simple-example-apply
+  args: ['/bin/bash', '-c', 'cft test run TestBootstrap --stage init --verbose']
+- id: bootstrap-apply
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage apply --verbose']
-- id: simple-example-verify
+  args: ['/bin/bash', '-c', 'cft test run TestBootstrap --stage apply --verbose']
+- id: bootstrap-verify
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage verify --verbose']
-- id: simple-example-teardown
+  args: ['/bin/bash', '-c', 'cft test run TestBootstrap --stage verify --verbose']
+- id: bootstrap-teardown
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage teardown --verbose']
+  args: ['/bin/bash', '-c', 'cft test run TestBootstrap --stage teardown --verbose']
 tags:
 - 'ci'
 - 'integration'

examples/README.md

@@ -0,0 +1 @@
+# Usage Examples

examples/simple_example/README.md

@@ -0,0 +1,34 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package bootstrap
+
+import (
+	"testing"
+
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestBootstrap(t *testing.T) {
+	bootstrap := tft.NewTFBlueprintTest(t,
+		         tft.WithTFDir("../../../1-bootstrap"),
+	)
+
+	bootstrap.DefineVerify(func(assert *assert.Assertions) {
+		bootstrap.DefaultVerify(assert)
+
+	})
+	bootstrap.Test()
+}