From a75938cb34c4b732a8b6ec5be65b951e72321fb4 Mon Sep 17 00:00:00 2001
From: Roger Martinez <31829545+rogerthatdev@users.noreply.github.com>
Date: Wed, 12 Jul 2023 21:52:32 +0000
Subject: [PATCH 1/3] feat: enable integration tests (#61)

---
 build/int.cloudbuild.yaml                     | 20 ++++++++++++----
 build/lint.cloudbuild.yaml                    | 24 -------------------
 .../README.md                                 |  0
 .../{deploy_webapp => simple_example}/main.tf |  0
 .../outputs.tf                                |  0
 .../variables.tf                              |  0
 .../versions.tf                               |  0
 infra/main.tf                                 |  2 +-
 infra/test/setup/iam.tf                       | 14 ++++++++++-
 infra/test/setup/main.tf                      |  5 ++--
 10 files changed, 32 insertions(+), 33 deletions(-)
 delete mode 100644 build/lint.cloudbuild.yaml
 rename infra/examples/{deploy_webapp => simple_example}/README.md (100%)
 rename infra/examples/{deploy_webapp => simple_example}/main.tf (100%)
 rename infra/examples/{deploy_webapp => simple_example}/outputs.tf (100%)
 rename infra/examples/{deploy_webapp => simple_example}/variables.tf (100%)
 rename infra/examples/{deploy_webapp => simple_example}/versions.tf (100%)

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
index 3a1dd6b7e..f7e3b470b 100644
--- a/build/int.cloudbuild.yaml
+++ b/build/int.cloudbuild.yaml
@@ -15,24 +15,34 @@
 timeout: 3600s
 steps:
 - id: prepare
+  dir: infra
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment']
   env:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
   - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
-- id: simple-example-init
+
+# Initialize tests
+- id: init-all
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage init --verbose']
+  args: ['/bin/bash', '-c', 'cft test run all --stage init --verbose']
+
+# Simple example - one deployment per project
 - id: simple-example-apply
+  dir: infra
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage apply --verbose']
-- id: simple-example-verify
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage verify --verbose']
+# Verify fails due to Firestore database 'destruction' on plan
+# - id: simple-example-verify
+#   dir: infra
+#   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+#   args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage verify --verbose']
 - id: simple-example-teardown
+  dir: infra
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestSimpleExample --stage teardown --verbose']
+
 tags:
 - 'ci'
 - 'integration'
diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml
deleted file mode 100644
index f287b5628..000000000
--- a/build/lint.cloudbuild.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright 2019 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-steps:
-- name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  id: 'lint'
-  args: ['/usr/local/bin/test_lint.sh']
-tags:
-- 'ci'
-- 'lint'
-substitutions:
-  _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1'
diff --git a/infra/examples/deploy_webapp/README.md b/infra/examples/simple_example/README.md
similarity index 100%
rename from infra/examples/deploy_webapp/README.md
rename to infra/examples/simple_example/README.md
diff --git a/infra/examples/deploy_webapp/main.tf b/infra/examples/simple_example/main.tf
similarity index 100%
rename from infra/examples/deploy_webapp/main.tf
rename to infra/examples/simple_example/main.tf
diff --git a/infra/examples/deploy_webapp/outputs.tf b/infra/examples/simple_example/outputs.tf
similarity index 100%
rename from infra/examples/deploy_webapp/outputs.tf
rename to infra/examples/simple_example/outputs.tf
diff --git a/infra/examples/deploy_webapp/variables.tf b/infra/examples/simple_example/variables.tf
similarity index 100%
rename from infra/examples/deploy_webapp/variables.tf
rename to infra/examples/simple_example/variables.tf
diff --git a/infra/examples/deploy_webapp/versions.tf b/infra/examples/simple_example/versions.tf
similarity index 100%
rename from infra/examples/deploy_webapp/versions.tf
rename to infra/examples/simple_example/versions.tf
diff --git a/infra/main.tf b/infra/main.tf
index e8d0e1c9f..c585c0c09 100644
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -45,7 +45,7 @@ resource "google_storage_bucket_iam_member" "default" {
 }
 
 resource "google_storage_bucket_object" "icons" {
-  for_each     = fileset("${path.module}/google-cloud-icons", "*.svg")
+  for_each     = fileset("${path.root}/google-cloud-icons", "*.svg")
   name         = "google-cloud-icons/${each.value}"
   source       = "./google-cloud-icons/${each.value}"
   content_type = "image/svg+xml"
diff --git a/infra/test/setup/iam.tf b/infra/test/setup/iam.tf
index 9255735b7..9987251d9 100644
--- a/infra/test/setup/iam.tf
+++ b/infra/test/setup/iam.tf
@@ -16,7 +16,19 @@
 
 locals {
   int_required_roles = [
-    "roles/owner"
+    "roles/browser",
+    "roles/cloudasset.viewer",
+    "roles/compute.loadBalancerAdmin",
+    "roles/compute.networkAdmin",
+    "roles/firebase.developAdmin",
+    "roles/iam.serviceAccountCreator",
+    "roles/iam.serviceAccountDeleter",
+    "roles/iam.serviceAccountUser",
+    "roles/resourcemanager.projectIamAdmin",
+    "roles/run.admin",
+    "roles/secretmanager.admin",
+    "roles/serviceusage.serviceUsageAdmin",
+    "roles/storage.admin"
   ]
 }
 
diff --git a/infra/test/setup/main.tf b/infra/test/setup/main.tf
index e6738fa59..511e144f5 100644
--- a/infra/test/setup/main.tf
+++ b/infra/test/setup/main.tf
@@ -18,7 +18,7 @@ module "project" {
   source  = "terraform-google-modules/project-factory/google"
   version = "~> 14.0"
 
-  name              = "ci-dynamic-javascript-webapp"
+  name              = "ci-dynamic-js-webapp"
   random_project_id = "true"
   org_id            = var.org_id
   folder_id         = var.folder_id
@@ -27,6 +27,7 @@ module "project" {
   activate_apis = [
     "cloudresourcemanager.googleapis.com",
     "storage-api.googleapis.com",
-    "serviceusage.googleapis.com"
+    "serviceusage.googleapis.com",
+    "cloudasset.googleapis.com"
   ]
 }

From 93956cfa4db94532fa0caa25aecf4299b0ce81f9 Mon Sep 17 00:00:00 2001
From: Adam Ross <adamross@google.com>
Date: Mon, 17 Jul 2023 16:02:16 -0700
Subject: [PATCH 2/3] ci: Add major release tagging (#63)

---
 .github/workflows/release-major-tags.yml | 57 ++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 .github/workflows/release-major-tags.yml

diff --git a/.github/workflows/release-major-tags.yml b/.github/workflows/release-major-tags.yml
new file mode 100644
index 000000000..677ff6d2c
--- /dev/null
+++ b/.github/workflows/release-major-tags.yml
@@ -0,0 +1,57 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: release-major-tags
+
+# Create/update git tags to match the latest major version of any release.
+#
+# These tags are mutable: they are deleted and recreated as needed.
+# Tags are not intended as a way to reference the module by terraform.
+# Assumes we do not backport fixes to previous minor releases.
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  update-major:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/github-script@v6
+        id: parse-major
+        with:
+          script: |
+            const ref = context.payload.release.tag_name;
+            const versionRegex = new RegExp('v?(\\d+)\\.\\d+\\.\\d+');
+            const match = ref.match(versionRegex);
+            if (match) {
+              return "v" + match[1];
+            }
+            return "";
+          result-encoding: string
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+        if: ${{ steps.parse-major.outputs.result }}
+      - name: delete existing major tag
+        run: |
+          (git tag -d ${{ steps.parse-major.outputs.result }} && git push origin :${{ steps.parse-major.outputs.result }}) || true
+        if: ${{ steps.parse-major.outputs.result }}
+      - name: create major tag
+        run: |
+          git tag ${{ steps.parse-major.outputs.result }} ${{ github.event.GITHUB_REF }}
+          git push origin --tags
+        if: ${{ steps.parse-major.outputs.result }}

From cca8d37d0cd2a4156740fca58c23f4de55695e39 Mon Sep 17 00:00:00 2001
From: Adam Ross <adamross@google.com>
Date: Wed, 19 Jul 2023 12:52:51 -0700
Subject: [PATCH 3/3] testing: Use low-reputation billing account (#45)

Co-authored-by: Don McCasland <donmccasland@google.com>
Co-authored-by: Roger Martinez <31829545+rogerthatdev@users.noreply.github.com>
---
 build/int.cloudbuild.yaml |  2 +-
 infra/test/setup/main.tf  | 11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
index f7e3b470b..20d16bfe2 100644
--- a/build/int.cloudbuild.yaml
+++ b/build/int.cloudbuild.yaml
@@ -21,7 +21,7 @@ steps:
   env:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
-  - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
+  - 'TF_VAR_billing_account=$_LR_BILLING_ACCOUNT'
 
 # Initialize tests
 - id: init-all
diff --git a/infra/test/setup/main.tf b/infra/test/setup/main.tf
index 511e144f5..4ff531489 100644
--- a/infra/test/setup/main.tf
+++ b/infra/test/setup/main.tf
@@ -18,14 +18,23 @@ module "project" {
   source  = "terraform-google-modules/project-factory/google"
   version = "~> 14.0"
 
-  name              = "ci-dynamic-js-webapp"
+  name              = "ci-javascript-webapp"
   random_project_id = "true"
   org_id            = var.org_id
   folder_id         = var.folder_id
   billing_account   = var.billing_account
 
   activate_apis = [
+    "cloudasset.googleapis.com",
+    "cloudbuild.googleapis.com",
     "cloudresourcemanager.googleapis.com",
+    "compute.googleapis.com",
+    "firestore.googleapis.com",
+    "iam.googleapis.com",
+    "run.googleapis.com",
+    "secretmanager.googleapis.com",
+    "serviceusage.googleapis.com",
+    "storage.googleapis.com",
     "storage-api.googleapis.com",
     "serviceusage.googleapis.com",
     "cloudasset.googleapis.com"