From cdb8a4701b5c410956d5c85b3d614b33f7f829b7 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:08:22 -0500 Subject: [PATCH 01/23] feat: Add continuous integration workflow for Terraform code --- .github/workflows/ci.yaml | 45 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 .github/workflows/ci.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..364d906 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,45 @@ +name: Continuous Integration +run-name: CI +on: + push: + branches: + - main + - develop + pull_request: + branches: + - main + - develop +jobs: + check-terraform-code: + name: Check Terraform Code + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.8.1 + - name: Terraform Format + run: terraform fmt -check + working-directory: ./infra + - name: Terraform Validate + run: terraform validate + working-directory: ./infra + - name: Terraform Plan + run: terraform plan + working-directory: ./infra + # check-python-code: + # name: Check Python Code + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v2 + # - name: Setup Python + # uses: actions/setup-python@v2 + # with: + # python-version: 3.9 + # - name: Install dependencies + # run: pip install -r requirements.txt + # - name: Run tests + # run: pytest \ No newline at end of file From 890dd3f985b4b74a30bbd9ea6eaf8b9701b615fc Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:08:27 -0500 Subject: [PATCH 02/23] feat: Add continuous deployment workflow for Terraform code --- .github/workflows/cd.yaml | 65 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/cd.yaml diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml new file mode 100644 index 0000000..db8b00d --- /dev/null +++ b/.github/workflows/cd.yaml @@ -0,0 +1,65 @@ +name: Continuous Deployment +run-name: CD +on: + workflow_run: + workflows: ["Continuous Integration"] + types: + - completed + branches: + - main + - develop +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GCP_PROJECT_ID_DEV: ${{ secrets.GCP_PROJECT_ID_DEV }} + GCP_PROJECT_ID_PROD: ${{ secrets.GCP_PROJECT_ID_PROD }} + GCP_REGION: ${{ secrets.GCP_REGION }} + GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} +jobs: + apply: + name: Apply Terraform + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.8.1 + - name: Terraform Init + run: terraform init + working-directory: ./infra + - name: Terraform Plan + id: plan + run: terraform plan -out=tfplan + - name: Terraform Apply + run: terraform apply -auto-approve tfplan + env: + TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID_PROD || env.GCP_PROJECT_ID_DEV }} + TF_VAR_region: ${{ env.GCP_REGION }} + - name: Set GitHub Environment + id: set_environment + uses: actions/github-script@v6 + with: + script: | + const environment = '${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}'; + const context = require('@actions/github').context; + const response = await github.request(`POST /repos/${context.repo.owner}/${context.repo.repo}/deployments`, { + ref: context.ref, + environment: environment, + description: `Deploying to ${environment} environment`, + }); + return response.data.id; + + - name: GitHub Deployment Status + uses: actions/github-script@v6 + with: + script: | + const deployment_id = '${{ steps.set_environment.outputs.result }}'; + await github.request(`POST /repos/${context.repo.owner}/${context.repo.repo}/deployments/${deployment_id}/statuses`, { + state: 'success', + description: 'Deployment completed successfully', + }); + + - name: Terraform Output + run: terraform output \ No newline at end of file From 86760a3ea227550a214cabe093ea2715b0d9030d Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:31:11 -0500 Subject: [PATCH 03/23] refactor: Update environment variables in cd.yaml and ci.yaml --- .github/workflows/cd.yaml | 5 ++--- .github/workflows/ci.yaml | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index db8b00d..8d5dd1b 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -10,8 +10,7 @@ on: - develop env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GCP_PROJECT_ID_DEV: ${{ secrets.GCP_PROJECT_ID_DEV }} - GCP_PROJECT_ID_PROD: ${{ secrets.GCP_PROJECT_ID_PROD }} + GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_REGION: ${{ secrets.GCP_REGION }} GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} jobs: @@ -35,7 +34,7 @@ jobs: run: terraform apply -auto-approve tfplan env: TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} - TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID_PROD || env.GCP_PROJECT_ID_DEV }} + TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID }} TF_VAR_region: ${{ env.GCP_REGION }} - name: Set GitHub Environment id: set_environment diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 364d906..949ef1d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,7 +8,7 @@ on: pull_request: branches: - main - - develop + - develop jobs: check-terraform-code: name: Check Terraform Code From b4f189e5b18387e3df802e2c3c2098bea968a151 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:32:42 -0500 Subject: [PATCH 04/23] refactor: Update environment variables in cd.yaml and ci.yaml --- .github/workflows/ci.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 949ef1d..56697da 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -20,6 +20,8 @@ jobs: uses: hashicorp/setup-terraform@v1 with: terraform_version: 1.8.1 + - name: Terraform Init + run: terraform init - name: Terraform Format run: terraform fmt -check working-directory: ./infra From ab7a3de388cd88eb308e71b241462401118e433b Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:40:44 -0500 Subject: [PATCH 05/23] refactor: Update working directory for Terraform Init step in ci.yaml --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 56697da..4bcef9d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -22,6 +22,7 @@ jobs: terraform_version: 1.8.1 - name: Terraform Init run: terraform init + working-directory: ./infra - name: Terraform Format run: terraform fmt -check working-directory: ./infra From e3e2f8af996ca04a40a039d356c14eab423fad14 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:40:55 -0500 Subject: [PATCH 06/23] refactor: Update setup instructions and CI/CD process - Updated the setup instructions in the README.md file to include pre-requisites and optional tools. - Added information about enabling necessary APIs for local testing. - Updated the CI/CD section in the README.md file to provide details about GitHub Actions workflows. - Added instructions for creating a privileged service account for Terraform. - Mentioned the required roles for the service account. - Added information about the required environments and environment secrets for GitHub Actions. --- README.md | 43 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8825a29..ca61049 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,23 @@ ## Setup -Apis to be enabled: +### Pre-requisites -- Billing API +- [Gcloud CLI](https://cloud.google.com/sdk/docs/install?hl=es-419) +- [Terraform CLI](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) +- [Python 3.9+](https://www.python.org/downloads/) + +####  Optional + +- [Terraform Docs](https://terraform-docs.io/) +- [NodeJS](https://nodejs.org/en/download/package-manager) (Pre-requisite for auto-changelog) +- [Auto-Changelog](https://www.npmjs.com/package/auto-changelog) + +###  Apis to be enabled + +> In case that you want to test from local, You (or a service account) must have enough permissions to enable the following APIs: + +- Billing API (Just in case that you are about to [create a project from scratch](https://developers.google.com/workspace/guides/create-project#google-cloud-console)) - Cloud Functions API - Pub/Sub API - Bigquery API @@ -62,4 +76,27 @@ curl -m 310 -X POST https:// \ curl -m 310 -X POST https:// \ -H "Authorization: bearer $(gcloud auth print-identity-token)" -H "Content-Type: application/json" \ -d '{}' -``` \ No newline at end of file +``` + +## 3. CI/CD + +The CI/CD process is orchestrated by [GitHub Actions](https://docs.github.com/en/actions). You can find the current workflows at `.github/workflows/` folder. + +### 3.1 Create privileged service account for Terraform + +A new service account (and service account key) must be created to grant privileged access to terraform. To do that, see this [documentation](https://cloud.google.com/iam/docs/service-accounts-create) + +Required roles: Admin (See [how to manage access to service accounts](https://cloud.google.com/iam/docs/manage-access-service-accounts)) + +### 3.1 GitHub Actions Pre-Requisites + +You need to create the following environments in your repository: + +- development +- production + +Additionally, the following environment secrets must be created: + +GCP_PROJECT_ID: +GCP_REGION: +GCP_TERRAFORM_SA: \ No newline at end of file From 74493f5d8911a6934f7112611fab0be50b9fd29f Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:43:12 -0500 Subject: [PATCH 07/23] refactor: Update environment variables and working directory in ci.yaml and cd.yaml --- .github/workflows/cd.yaml | 1 + .github/workflows/ci.yaml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 8d5dd1b..607d108 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -17,6 +17,7 @@ jobs: apply: name: Apply Terraform runs-on: ubuntu-latest + environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} steps: - name: Checkout code uses: actions/checkout@v2 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4bcef9d..60d6cb8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,10 +9,16 @@ on: branches: - main - develop +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} + GCP_REGION: ${{ secrets.GCP_REGION }} + GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} jobs: check-terraform-code: name: Check Terraform Code runs-on: ubuntu-latest + environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} steps: - name: Checkout code uses: actions/checkout@v2 From cb4d4169bc6cf63b2a268ee3315efc8fb43ac0d5 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:44:24 -0500 Subject: [PATCH 08/23] refactor: Update environment variables and working directory in ci.yaml and cd.yaml --- .github/workflows/cd.yaml | 4 ++++ .github/workflows/ci.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 607d108..a69298a 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -31,6 +31,10 @@ jobs: - name: Terraform Plan id: plan run: terraform plan -out=tfplan + env: + TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID }} + TF_VAR_region: ${{ env.GCP_REGION }} - name: Terraform Apply run: terraform apply -auto-approve tfplan env: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 60d6cb8..b5177e2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -38,6 +38,10 @@ jobs: - name: Terraform Plan run: terraform plan working-directory: ./infra + env: + TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID }} + TF_VAR_region: ${{ env.GCP_REGION }} # check-python-code: # name: Check Python Code # runs-on: ubuntu-latest From 22f6ac63021ec23175472e480578827387b72f8d Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:55:31 -0500 Subject: [PATCH 09/23] refactor: Update environment variables and working directory in ci.yaml and cd.yaml --- .github/workflows/cd.yaml | 17 +++++++++++++++++ .github/workflows/ci.yaml | 16 ++++++++++++++++ README.md | 2 +- 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index a69298a..a8011d0 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -13,6 +13,7 @@ env: GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_REGION: ${{ secrets.GCP_REGION }} GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }} jobs: apply: name: Apply Terraform @@ -25,6 +26,22 @@ jobs: uses: hashicorp/setup-terraform@v1 with: terraform_version: 1.8.1 + - name: Install Google Cloud SDK + run: | + echo "Installing Google Cloud SDK..." + sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates gnupg + echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list + sudo apt-get install -y curl + curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo tee /usr/share/keyrings/cloud.google.gpg + sudo apt-get update && sudo apt-get install -y google-cloud-sdk + + - name: Authenticate to GCP + env: + GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }} + run: | + echo "${GOOGLE_APPLICATION_CREDENTIALS}" > ${{ github.workspace }}/gcp-key.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json + gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init working-directory: ./infra diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b5177e2..a73d441 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,6 +13,7 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_REGION: ${{ secrets.GCP_REGION }} + GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }} GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} jobs: check-terraform-code: @@ -26,6 +27,21 @@ jobs: uses: hashicorp/setup-terraform@v1 with: terraform_version: 1.8.1 + - name: Install Google Cloud SDK + run: | + echo "Installing Google Cloud SDK..." + sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates gnupg + echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list + sudo apt-get install -y curl + curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo tee /usr/share/keyrings/cloud.google.gpg + sudo apt-get update && sudo apt-get install -y google-cloud-sdk + - name: Authenticate to GCP + env: + GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }} + run: | + echo "${GOOGLE_APPLICATION_CREDENTIALS}" > ${{ github.workspace }}/gcp-key.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json + gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init working-directory: ./infra diff --git a/README.md b/README.md index ca61049..688f133 100644 --- a/README.md +++ b/README.md @@ -99,4 +99,4 @@ Additionally, the following environment secrets must be created: GCP_PROJECT_ID: GCP_REGION: -GCP_TERRAFORM_SA: \ No newline at end of file +GCP_TERRAFORM_SA_KEY: \ No newline at end of file From e6ea945ec1358eba1e1f966efb47011c43e7d574 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 21:57:37 -0500 Subject: [PATCH 10/23] Refactor CI/CD workflows to use the latest version of gcloud Cloud SDK --- .github/workflows/cd.yaml | 11 ++--------- .github/workflows/ci.yaml | 10 ++-------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index a8011d0..4131130 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -26,15 +26,8 @@ jobs: uses: hashicorp/setup-terraform@v1 with: terraform_version: 1.8.1 - - name: Install Google Cloud SDK - run: | - echo "Installing Google Cloud SDK..." - sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates gnupg - echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list - sudo apt-get install -y curl - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo tee /usr/share/keyrings/cloud.google.gpg - sudo apt-get update && sudo apt-get install -y google-cloud-sdk - + - name: Set up gcloud Cloud SDK environment + uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP env: GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a73d441..d6a73de 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -27,14 +27,8 @@ jobs: uses: hashicorp/setup-terraform@v1 with: terraform_version: 1.8.1 - - name: Install Google Cloud SDK - run: | - echo "Installing Google Cloud SDK..." - sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates gnupg - echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list - sudo apt-get install -y curl - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo tee /usr/share/keyrings/cloud.google.gpg - sudo apt-get update && sudo apt-get install -y google-cloud-sdk + - name: Set up gcloud Cloud SDK environment + uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP env: GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }} From c79eb17871035e92b4e3aa678a4610762a1dc2a1 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:03:03 -0500 Subject: [PATCH 11/23] refactor: cd.yaml to include GOOGLE_APPLICATION_CREDENTIALS environment variable --- .github/workflows/cd.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 4131130..a3308d2 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -45,6 +45,7 @@ jobs: TF_VAR_environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} TF_VAR_project_id: ${{ github.ref == 'refs/heads/main' && env.GCP_PROJECT_ID }} TF_VAR_region: ${{ env.GCP_REGION }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }} - name: Terraform Apply run: terraform apply -auto-approve tfplan env: From 163dc97f25b7057726d261f73f76cac042629261 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:12:55 -0500 Subject: [PATCH 12/23] Refactor environment variables and working directory in ci.yaml and cd.yaml --- .github/workflows/cd.yaml | 8 +++----- .github/workflows/ci.yaml | 8 +++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index a3308d2..196b33f 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -13,7 +13,7 @@ env: GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_REGION: ${{ secrets.GCP_REGION }} GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} - GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/credentials.json jobs: apply: name: Apply Terraform @@ -29,11 +29,9 @@ jobs: - name: Set up gcloud Cloud SDK environment uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP - env: - GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }} run: | - echo "${GOOGLE_APPLICATION_CREDENTIALS}" > ${{ github.workspace }}/gcp-key.json - gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json + echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/credentials.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d6a73de..c2242de 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,7 +13,7 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_REGION: ${{ secrets.GCP_REGION }} - GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/credentials.json GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} jobs: check-terraform-code: @@ -30,11 +30,9 @@ jobs: - name: Set up gcloud Cloud SDK environment uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP - env: - GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GCP_CREDENTIALS_JSON }} run: | - echo "${GOOGLE_APPLICATION_CREDENTIALS}" > ${{ github.workspace }}/gcp-key.json - gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json + echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/credentials.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init From 877991041d516b45ba1891859f347de22059f13d Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:15:41 -0500 Subject: [PATCH 13/23] Refactor cd.yaml to fix environment variable interpolation issue --- .github/workflows/cd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 196b33f..2531050 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -30,7 +30,7 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/credentials.json + echo ${{ secrets.GCP_CREDENTIALS_JSON }} > ${{ github.workspace }}/credentials.json gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init From da0a45d84955e76a73a125c2c46ee5dfe28bf20d Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:21:45 -0500 Subject: [PATCH 14/23] Refactor ci.yaml to fix environment variable interpolation issue --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c2242de..3561ad6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -31,7 +31,7 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/credentials.json + echo ${{ secrets.GCP_CREDENTIALS_JSON }} > ${{ github.workspace }}/credentials.json gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init From 72fa694405baf58567b4ded758c3c1db82f44c2d Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:25:50 -0500 Subject: [PATCH 15/23] refactor: ci.yaml to fix environment variable interpolation issue --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3561ad6..c2242de 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -31,7 +31,7 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo ${{ secrets.GCP_CREDENTIALS_JSON }} > ${{ github.workspace }}/credentials.json + echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/credentials.json gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init From c637fe930159fa04475f9bbe9381a38500a6ece1 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:28:34 -0500 Subject: [PATCH 16/23] refactor: environment variable handling in ci.yaml and cd.yaml --- .github/workflows/cd.yaml | 4 ++-- .github/workflows/ci.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 2531050..15afc17 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -30,8 +30,8 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo ${{ secrets.GCP_CREDENTIALS_JSON }} > ${{ github.workspace }}/credentials.json - gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json + echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c2242de..406fd1c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -31,8 +31,8 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/credentials.json - gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json + echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init From c99cfcaf4cb274a25447b3287542df006f2bb856 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:31:15 -0500 Subject: [PATCH 17/23] refactor: environment variable handling in ci.yaml and cd.yaml --- .github/workflows/cd.yaml | 3 ++- .github/workflows/ci.yaml | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 15afc17..bfb1092 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -13,6 +13,7 @@ env: GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_REGION: ${{ secrets.GCP_REGION }} GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }} GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/credentials.json jobs: apply: @@ -30,7 +31,7 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json + echo "${{ env.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 406fd1c..2d1c9ce 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,8 +13,9 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} GCP_REGION: ${{ secrets.GCP_REGION }} - GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/credentials.json GCP_ENVIRONMENT: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }} + GCP_CREDENTIALS_JSON: ${{ secrets.GCP_CREDENTIALS_JSON }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/credentials.json jobs: check-terraform-code: name: Check Terraform Code @@ -31,7 +32,7 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${{ secrets.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json + echo "${{ env.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init From 2b116cb363cab0264b5196f5ea87877a02029495 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:34:35 -0500 Subject: [PATCH 18/23] Refactor ci.yaml to fix environment variable interpolation issue --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2d1c9ce..22a4be2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${{ env.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json + echo "${GCP_CREDENTIALS_JSON}" > ${{ github.workspace }}/gcp-key.json gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init From 2f441e8ee76dcbadf098f7540205715f563598c9 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:38:27 -0500 Subject: [PATCH 19/23] refactor: environment variable handling in ci.yaml and cd.yaml --- .github/workflows/cd.yaml | 4 ++-- .github/workflows/ci.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index bfb1092..fcb2648 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -31,8 +31,8 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${{ env.GCP_CREDENTIALS_JSON }}" > ${{ github.workspace }}/gcp-key.json - gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json + echo "${GCP_CREDENTIALS_JSON}" > ${{ github.workspace }}/credentials.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 22a4be2..51bf7ef 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,8 +32,8 @@ jobs: uses: google-github-actions/setup-gcloud@v2.1.1 - name: Authenticate to GCP run: | - echo "${GCP_CREDENTIALS_JSON}" > ${{ github.workspace }}/gcp-key.json - gcloud auth activate-service-account --key-file=${{ github.workspace }}/gcp-key.json + echo "${GCP_CREDENTIALS_JSON}" > ${{ github.workspace }}/credentials.json + gcloud auth activate-service-account --key-file=${{ github.workspace }}/credentials.json gcloud config set project ${{ env.GCP_PROJECT_ID }} # Reemplaza con tu ID de proyecto - name: Terraform Init run: terraform init From 365c092101621968e5c1de126998da685778b175 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:41:27 -0500 Subject: [PATCH 20/23] Refactor environment variable handling in ci.yaml and cd.yaml --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 688f133..2586546 100644 --- a/README.md +++ b/README.md @@ -99,4 +99,4 @@ Additionally, the following environment secrets must be created: GCP_PROJECT_ID: GCP_REGION: -GCP_TERRAFORM_SA_KEY: \ No newline at end of file +GCP_CREDENTIALS_JSON: \ No newline at end of file From c18c0f7bf2cfbb6e3c791e648169ea63c918b9bc Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:53:08 -0500 Subject: [PATCH 21/23] refactor: environment variable handling in ci.yaml and cd.yaml --- README.md | 9 ++++++--- infra/provider.tf | 4 ++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2586546..027773a 100644 --- a/README.md +++ b/README.md @@ -90,13 +90,16 @@ Required roles: Admin (See [how to manage access to service accounts](https://cl ### 3.1 GitHub Actions Pre-Requisites -You need to create the following environments in your repository: +You need to create the following environments in your repository: - development - production -Additionally, the following environment secrets must be created: +Additionally, the following environment secrets must be created: GCP_PROJECT_ID: GCP_REGION: -GCP_CREDENTIALS_JSON: \ No newline at end of file +GCP_CREDENTIALS_JSON: + +Next, you will need to create a bucket to store the terraform state securely. See the following [documentation](https://cloud.google.com/docs/terraform/resource-management/store-state) to +store the state in a remote backend. \ No newline at end of file diff --git a/infra/provider.tf b/infra/provider.tf index e548e06..cbd9ba2 100644 --- a/infra/provider.tf +++ b/infra/provider.tf @@ -5,6 +5,10 @@ terraform { version = "6.2.0" } } + backend "gcs" { + bucket = "${var.project_id}-terraform-state" + prefix = "terraform/state" + } } provider "google" { From 19851daa168942f13bbc23a9af534a71e3bcb370 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:56:02 -0500 Subject: [PATCH 22/23] refactor: provider.tf to update the GCS bucket name --- infra/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/provider.tf b/infra/provider.tf index cbd9ba2..753a23b 100644 --- a/infra/provider.tf +++ b/infra/provider.tf @@ -6,7 +6,7 @@ terraform { } } backend "gcs" { - bucket = "${var.project_id}-terraform-state" + bucket = "350820-terraform-state" prefix = "terraform/state" } } From a793a6c633346450302247ea7aabd1cbe9234909 Mon Sep 17 00:00:00 2001 From: crinconpcln Date: Wed, 11 Sep 2024 22:57:15 -0500 Subject: [PATCH 23/23] refactor: provider.tf to update the GCS bucket name --- infra/provider.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/provider.tf b/infra/provider.tf index 753a23b..0748e96 100644 --- a/infra/provider.tf +++ b/infra/provider.tf @@ -6,8 +6,8 @@ terraform { } } backend "gcs" { - bucket = "350820-terraform-state" - prefix = "terraform/state" + bucket = "350820-terraform-state" + prefix = "terraform/state" } }