Merge branch 'main' into renovate/terraform-google-modules-project-fa…

…ctory-google-13.x

.github/workflows/release-major-tags.yml

@@ -0,0 +1,57 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: release-major-tags
+
+# Create/update git tags to match the latest major version of any release.
+#
+# These tags are mutable: they are deleted and recreated as needed.
+# Tags are not intended as a way to reference the module by terraform.
+# Assumes we do not backport fixes to previous minor releases.
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  update-major:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/github-script@v6
+        id: parse-major
+        with:
+          script: |
+            const ref = context.payload.release.tag_name;
+            const versionRegex = new RegExp('v?(\\d+)\\.\\d+\\.\\d+');
+            const match = ref.match(versionRegex);
+            if (match) {
+              return "v" + match[1];
+            }
+            return "";
+          result-encoding: string
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+        if: ${{ steps.parse-major.outputs.result }}
+      - name: delete existing major tag
+        run: |
+          (git tag -d ${{ steps.parse-major.outputs.result }} && git push origin :${{ steps.parse-major.outputs.result }}) || true
+        if: ${{ steps.parse-major.outputs.result }}
+      - name: create major tag
+        run: |
+          git tag ${{ steps.parse-major.outputs.result }} ${{ github.event.GITHUB_REF }}
+          git push origin --tags
+        if: ${{ steps.parse-major.outputs.result }}

build/int.cloudbuild.yaml

@@ -15,24 +15,34 @@
 timeout: 3600s
 steps:
 - id: prepare
+  dir: infra
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment']
   env:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
-  - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
-- id: simple-example-init
+  - 'TF_VAR_billing_account=$_LR_BILLING_ACCOUNT'
+
+# Initialize tests
+- id: init-all
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage init --verbose']
+  args: ['/bin/bash', '-c', 'cft test run all --stage init --verbose']
+
+# Simple example - one deployment per project
 - id: simple-example-apply
+  dir: infra
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage apply --verbose']
-- id: simple-example-verify
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage verify --verbose']
+# Verify fails due to Firestore database 'destruction' on plan
+# - id: simple-example-verify
+#   dir: infra
+#   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+#   args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage verify --verbose']
 - id: simple-example-teardown
+  dir: infra
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage teardown --verbose']
+
 tags:
 - 'ci'
 - 'integration'

infra/main.tf

@@ -45,7 +45,7 @@ resource "google_storage_bucket_iam_member" "default" {
 }
 
 resource "google_storage_bucket_object" "icons" {
-  for_each     = fileset("${path.module}/google-cloud-icons", "*.svg")
+  for_each     = fileset("${path.root}/google-cloud-icons", "*.svg")
   name         = "google-cloud-icons/${each.value}"
   source       = "./google-cloud-icons/${each.value}"
   content_type = "image/svg+xml"

infra/test/setup/iam.tf

@@ -16,7 +16,19 @@
 
 locals {
   int_required_roles = [
-    "roles/owner"
+    "roles/browser",
+    "roles/cloudasset.viewer",
+    "roles/compute.loadBalancerAdmin",
+    "roles/compute.networkAdmin",
+    "roles/firebase.developAdmin",
+    "roles/iam.serviceAccountCreator",
+    "roles/iam.serviceAccountDeleter",
+    "roles/iam.serviceAccountUser",
+    "roles/resourcemanager.projectIamAdmin",
+    "roles/run.admin",
+    "roles/secretmanager.admin",
+    "roles/serviceusage.serviceUsageAdmin",
+    "roles/storage.admin"
   ]
 }
 

infra/test/setup/main.tf

@@ -18,15 +18,25 @@ module "project" {
   source  = "terraform-google-modules/project-factory/google"
   version = "~> 14.0"
 
-  name              = "ci-dynamic-javascript-webapp"
+  name              = "ci-javascript-webapp"
   random_project_id = "true"
   org_id            = var.org_id
   folder_id         = var.folder_id
   billing_account   = var.billing_account
 
   activate_apis = [
+    "cloudasset.googleapis.com",
+    "cloudbuild.googleapis.com",
     "cloudresourcemanager.googleapis.com",
+    "compute.googleapis.com",
+    "firestore.googleapis.com",
+    "iam.googleapis.com",
+    "run.googleapis.com",
+    "secretmanager.googleapis.com",
+    "serviceusage.googleapis.com",
+    "storage.googleapis.com",
     "storage-api.googleapis.com",
-    "serviceusage.googleapis.com"
+    "serviceusage.googleapis.com",
+    "cloudasset.googleapis.com"
   ]
 }