From ce70539504fc1019cd0bec0b1d3647179d2e5429 Mon Sep 17 00:00:00 2001 From: pasha-gh <26295020+pasha-gh@users.noreply.github.com> Date: Wed, 8 Sep 2021 15:28:23 +0000 Subject: [PATCH] Enable worker pool support in the CICD recipe (#1023) * Enable worker pool support in the CICD recipe. Allows CICD to access private resources such as GKE clusters with private endpoints. #996 --- docs/tfengine/schemas/cicd.md | 4 +++ .../devops/cicd/configs/tf-apply.yaml | 5 ++++ .../devops/cicd/configs/tf-plan.yaml | 5 ++++ .../devops/cicd/configs/tf-validate.yaml | 5 ++++ .../generated/devops/cicd/triggers.tf | 4 +++ .../cicd/configs/tf-apply.yaml | 5 ++++ .../cicd/configs/tf-plan.yaml | 5 ++++ .../cicd/configs/tf-validate.yaml | 5 ++++ .../folder_foundation/cicd/triggers.tf | 4 +++ .../multi_envs/cicd/configs/tf-apply.yaml | 5 ++++ .../multi_envs/cicd/configs/tf-plan.yaml | 5 ++++ .../multi_envs/cicd/configs/tf-validate.yaml | 5 ++++ .../generated/multi_envs/cicd/triggers.tf | 8 ++++++ .../org_foundation/cicd/configs/tf-apply.yaml | 5 ++++ .../org_foundation/cicd/configs/tf-plan.yaml | 5 ++++ .../cicd/configs/tf-validate.yaml | 5 ++++ .../generated/org_foundation/cicd/triggers.tf | 3 +++ .../generated/team/cicd/configs/tf-apply.yaml | 5 ++++ .../generated/team/cicd/configs/tf-plan.yaml | 5 ++++ .../team/cicd/configs/tf-validate.yaml | 5 ++++ .../tfengine/generated/team/cicd/triggers.tf | 3 +++ examples/tfengine/modules/foundation.hcl | 5 ++++ examples/tfengine/multi_envs.hcl | 10 +++++++ .../components/cicd/configs/tf-apply.yaml | 5 ++++ .../components/cicd/configs/tf-plan.yaml | 5 ++++ .../components/cicd/configs/tf-validate.yaml | 5 ++++ .../tfengine/components/cicd/triggers.tf | 10 +++++++ templates/tfengine/recipes/cicd.hcl | 27 +++++++++++++++++++ 28 files changed, 168 insertions(+) diff --git a/docs/tfengine/schemas/cicd.md b/docs/tfengine/schemas/cicd.md index 0719957e1..fd47abe59 100755 --- a/docs/tfengine/schemas/cicd.md +++ b/docs/tfengine/schemas/cicd.md @@ -26,6 +26,10 @@ | envs.triggers.validate | Config block for the presubmit validation Cloud Build trigger. If specified, create the trigger and grant the Cloud Build Service Account necessary permissions to perform the build. | object | false | - | - | | envs.triggers.validate.run_on_push | Whether or not to be automatically triggered from a PR/push to branch. Default to true. | boolean | false | - | - | | envs.triggers.validate.run_on_schedule | Whether or not to be automatically triggered according a specified schedule. The schedule is specified using [unix-cron format](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules#defining_the_job_schedule) at Eastern Standard Time (EST). Default to none. | string | false | - | - | +| envs.worker_pool | Optional Cloud Build private worker pool configuration. Required for CICD to access resources in a private network, e.g. GKE clusters with a private endpoint. | object | false | - | - | +| envs.worker_pool.location | GCP region of the worker pool. Example: us-central1. | string | true | - | - | +| envs.worker_pool.name | Name of the worker pool. | string | true | - | - | +| envs.worker_pool.project | The project worker pool belongs. | string | true | - | - | | github | Config for GitHub Cloud Build triggers. | object | false | - | - | | github.name | GitHub repo name. | string | false | - | - | | github.owner | GitHub repo owner. | string | false | - | - | diff --git a/examples/tfengine/generated/devops/cicd/configs/tf-apply.yaml b/examples/tfengine/generated/devops/cicd/configs/tf-apply.yaml index 452272138..14822be2e 100644 --- a/examples/tfengine/generated/devops/cicd/configs/tf-apply.yaml +++ b/examples/tfengine/generated/devops/cicd/configs/tf-apply.yaml @@ -19,6 +19,7 @@ timeout: 21600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init", "-a", "plan", "-a", "apply -auto-approve"] dir: "${_TERRAFORM_ROOT}" id: Apply + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/devops/cicd/configs/tf-plan.yaml b/examples/tfengine/generated/devops/cicd/configs/tf-plan.yaml index 23d13b882..ab8fb6ab7 100644 --- a/examples/tfengine/generated/devops/cicd/configs/tf-plan.yaml +++ b/examples/tfengine/generated/devops/cicd/configs/tf-plan.yaml @@ -19,6 +19,7 @@ timeout: 1200s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -38,3 +39,7 @@ steps: args: ["./cicd/configs/tf-deletion-check.sh", "./cicd/configs/tf-deletion-allowlist.txt"] dir: "${_TERRAFORM_ROOT}" id: Resource deletion check + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/devops/cicd/configs/tf-validate.yaml b/examples/tfengine/generated/devops/cicd/configs/tf-validate.yaml index 690e204d8..e0e0e9298 100644 --- a/examples/tfengine/generated/devops/cicd/configs/tf-validate.yaml +++ b/examples/tfengine/generated/devops/cicd/configs/tf-validate.yaml @@ -19,6 +19,7 @@ timeout: 600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init -backend=false", "-a", "validate"] dir: "${_TERRAFORM_ROOT}" id: Validate + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/devops/cicd/triggers.tf b/examples/tfengine/generated/devops/cicd/triggers.tf index 18204b036..181ecfaf6 100644 --- a/examples/tfengine/generated/devops/cicd/triggers.tf +++ b/examples/tfengine/generated/devops/cicd/triggers.tf @@ -36,6 +36,7 @@ resource "google_cloudbuild_trigger" "validate_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "" + _WORKER_POOL = "" } depends_on = [ @@ -65,6 +66,7 @@ resource "google_cloudbuild_trigger" "plan_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "" + _WORKER_POOL = "" } depends_on = [ @@ -97,6 +99,7 @@ resource "google_cloudbuild_trigger" "plan_scheduled_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "" + _WORKER_POOL = "" } depends_on = [ @@ -149,6 +152,7 @@ resource "google_cloudbuild_trigger" "apply_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "" + _WORKER_POOL = "" } depends_on = [ diff --git a/examples/tfengine/generated/folder_foundation/cicd/configs/tf-apply.yaml b/examples/tfengine/generated/folder_foundation/cicd/configs/tf-apply.yaml index 452272138..14822be2e 100644 --- a/examples/tfengine/generated/folder_foundation/cicd/configs/tf-apply.yaml +++ b/examples/tfengine/generated/folder_foundation/cicd/configs/tf-apply.yaml @@ -19,6 +19,7 @@ timeout: 21600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init", "-a", "plan", "-a", "apply -auto-approve"] dir: "${_TERRAFORM_ROOT}" id: Apply + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/folder_foundation/cicd/configs/tf-plan.yaml b/examples/tfengine/generated/folder_foundation/cicd/configs/tf-plan.yaml index 23d13b882..ab8fb6ab7 100644 --- a/examples/tfengine/generated/folder_foundation/cicd/configs/tf-plan.yaml +++ b/examples/tfengine/generated/folder_foundation/cicd/configs/tf-plan.yaml @@ -19,6 +19,7 @@ timeout: 1200s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -38,3 +39,7 @@ steps: args: ["./cicd/configs/tf-deletion-check.sh", "./cicd/configs/tf-deletion-allowlist.txt"] dir: "${_TERRAFORM_ROOT}" id: Resource deletion check + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/folder_foundation/cicd/configs/tf-validate.yaml b/examples/tfengine/generated/folder_foundation/cicd/configs/tf-validate.yaml index 690e204d8..e0e0e9298 100644 --- a/examples/tfengine/generated/folder_foundation/cicd/configs/tf-validate.yaml +++ b/examples/tfengine/generated/folder_foundation/cicd/configs/tf-validate.yaml @@ -19,6 +19,7 @@ timeout: 600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init -backend=false", "-a", "validate"] dir: "${_TERRAFORM_ROOT}" id: Validate + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/folder_foundation/cicd/triggers.tf b/examples/tfengine/generated/folder_foundation/cicd/triggers.tf index b3ec95e9c..866b27ddb 100644 --- a/examples/tfengine/generated/folder_foundation/cicd/triggers.tf +++ b/examples/tfengine/generated/folder_foundation/cicd/triggers.tf @@ -36,6 +36,7 @@ resource "google_cloudbuild_trigger" "validate_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit example-prod-networks monitor folders" + _WORKER_POOL = "" } depends_on = [ @@ -65,6 +66,7 @@ resource "google_cloudbuild_trigger" "plan_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit example-prod-networks monitor folders" + _WORKER_POOL = "" } depends_on = [ @@ -97,6 +99,7 @@ resource "google_cloudbuild_trigger" "plan_scheduled_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit example-prod-networks monitor folders" + _WORKER_POOL = "" } depends_on = [ @@ -149,6 +152,7 @@ resource "google_cloudbuild_trigger" "apply_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit example-prod-networks monitor folders" + _WORKER_POOL = "" } depends_on = [ diff --git a/examples/tfengine/generated/multi_envs/cicd/configs/tf-apply.yaml b/examples/tfengine/generated/multi_envs/cicd/configs/tf-apply.yaml index 452272138..14822be2e 100644 --- a/examples/tfengine/generated/multi_envs/cicd/configs/tf-apply.yaml +++ b/examples/tfengine/generated/multi_envs/cicd/configs/tf-apply.yaml @@ -19,6 +19,7 @@ timeout: 21600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init", "-a", "plan", "-a", "apply -auto-approve"] dir: "${_TERRAFORM_ROOT}" id: Apply + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/multi_envs/cicd/configs/tf-plan.yaml b/examples/tfengine/generated/multi_envs/cicd/configs/tf-plan.yaml index 23d13b882..ab8fb6ab7 100644 --- a/examples/tfengine/generated/multi_envs/cicd/configs/tf-plan.yaml +++ b/examples/tfengine/generated/multi_envs/cicd/configs/tf-plan.yaml @@ -19,6 +19,7 @@ timeout: 1200s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -38,3 +39,7 @@ steps: args: ["./cicd/configs/tf-deletion-check.sh", "./cicd/configs/tf-deletion-allowlist.txt"] dir: "${_TERRAFORM_ROOT}" id: Resource deletion check + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/multi_envs/cicd/configs/tf-validate.yaml b/examples/tfengine/generated/multi_envs/cicd/configs/tf-validate.yaml index 690e204d8..e0e0e9298 100644 --- a/examples/tfengine/generated/multi_envs/cicd/configs/tf-validate.yaml +++ b/examples/tfengine/generated/multi_envs/cicd/configs/tf-validate.yaml @@ -19,6 +19,7 @@ timeout: 600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init -backend=false", "-a", "validate"] dir: "${_TERRAFORM_ROOT}" id: Validate + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/multi_envs/cicd/triggers.tf b/examples/tfengine/generated/multi_envs/cicd/triggers.tf index 3563c8d63..5261b1b53 100644 --- a/examples/tfengine/generated/multi_envs/cicd/triggers.tf +++ b/examples/tfengine/generated/multi_envs/cicd/triggers.tf @@ -33,6 +33,7 @@ resource "google_cloudbuild_trigger" "validate_shared" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit folders" + _WORKER_POOL = "" } depends_on = [ @@ -60,6 +61,7 @@ resource "google_cloudbuild_trigger" "plan_shared" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit folders" + _WORKER_POOL = "" } depends_on = [ @@ -88,6 +90,7 @@ resource "google_cloudbuild_trigger" "apply_shared" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit folders" + _WORKER_POOL = "" } depends_on = [ @@ -117,6 +120,7 @@ resource "google_cloudbuild_trigger" "validate_dev" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "dev/data" + _WORKER_POOL = "" } depends_on = [ @@ -144,6 +148,7 @@ resource "google_cloudbuild_trigger" "apply_dev" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "dev/data" + _WORKER_POOL = "" } depends_on = [ @@ -173,6 +178,7 @@ resource "google_cloudbuild_trigger" "validate_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "prod/data" + _WORKER_POOL = "" } depends_on = [ @@ -200,6 +206,7 @@ resource "google_cloudbuild_trigger" "plan_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "prod/data" + _WORKER_POOL = "" } depends_on = [ @@ -228,6 +235,7 @@ resource "google_cloudbuild_trigger" "apply_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "prod/data" + _WORKER_POOL = "" } depends_on = [ diff --git a/examples/tfengine/generated/org_foundation/cicd/configs/tf-apply.yaml b/examples/tfengine/generated/org_foundation/cicd/configs/tf-apply.yaml index 452272138..14822be2e 100644 --- a/examples/tfengine/generated/org_foundation/cicd/configs/tf-apply.yaml +++ b/examples/tfengine/generated/org_foundation/cicd/configs/tf-apply.yaml @@ -19,6 +19,7 @@ timeout: 21600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init", "-a", "plan", "-a", "apply -auto-approve"] dir: "${_TERRAFORM_ROOT}" id: Apply + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/org_foundation/cicd/configs/tf-plan.yaml b/examples/tfengine/generated/org_foundation/cicd/configs/tf-plan.yaml index 23d13b882..ab8fb6ab7 100644 --- a/examples/tfengine/generated/org_foundation/cicd/configs/tf-plan.yaml +++ b/examples/tfengine/generated/org_foundation/cicd/configs/tf-plan.yaml @@ -19,6 +19,7 @@ timeout: 1200s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -38,3 +39,7 @@ steps: args: ["./cicd/configs/tf-deletion-check.sh", "./cicd/configs/tf-deletion-allowlist.txt"] dir: "${_TERRAFORM_ROOT}" id: Resource deletion check + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/org_foundation/cicd/configs/tf-validate.yaml b/examples/tfengine/generated/org_foundation/cicd/configs/tf-validate.yaml index 690e204d8..e0e0e9298 100644 --- a/examples/tfengine/generated/org_foundation/cicd/configs/tf-validate.yaml +++ b/examples/tfengine/generated/org_foundation/cicd/configs/tf-validate.yaml @@ -19,6 +19,7 @@ timeout: 600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init -backend=false", "-a", "validate"] dir: "${_TERRAFORM_ROOT}" id: Validate + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/org_foundation/cicd/triggers.tf b/examples/tfengine/generated/org_foundation/cicd/triggers.tf index ab51a652b..fb43c5bbb 100644 --- a/examples/tfengine/generated/org_foundation/cicd/triggers.tf +++ b/examples/tfengine/generated/org_foundation/cicd/triggers.tf @@ -36,6 +36,7 @@ resource "google_cloudbuild_trigger" "validate_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit example-prod-networks monitor org_policies folders" + _WORKER_POOL = "" } depends_on = [ @@ -65,6 +66,7 @@ resource "google_cloudbuild_trigger" "plan_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit example-prod-networks monitor org_policies folders" + _WORKER_POOL = "" } depends_on = [ @@ -95,6 +97,7 @@ resource "google_cloudbuild_trigger" "apply_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "groups audit example-prod-networks monitor org_policies folders" + _WORKER_POOL = "" } depends_on = [ diff --git a/examples/tfengine/generated/team/cicd/configs/tf-apply.yaml b/examples/tfengine/generated/team/cicd/configs/tf-apply.yaml index 452272138..14822be2e 100644 --- a/examples/tfengine/generated/team/cicd/configs/tf-apply.yaml +++ b/examples/tfengine/generated/team/cicd/configs/tf-apply.yaml @@ -19,6 +19,7 @@ timeout: 21600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init", "-a", "plan", "-a", "apply -auto-approve"] dir: "${_TERRAFORM_ROOT}" id: Apply + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/team/cicd/configs/tf-plan.yaml b/examples/tfengine/generated/team/cicd/configs/tf-plan.yaml index 23d13b882..ab8fb6ab7 100644 --- a/examples/tfengine/generated/team/cicd/configs/tf-plan.yaml +++ b/examples/tfengine/generated/team/cicd/configs/tf-plan.yaml @@ -19,6 +19,7 @@ timeout: 1200s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -38,3 +39,7 @@ steps: args: ["./cicd/configs/tf-deletion-check.sh", "./cicd/configs/tf-deletion-allowlist.txt"] dir: "${_TERRAFORM_ROOT}" id: Resource deletion check + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/team/cicd/configs/tf-validate.yaml b/examples/tfengine/generated/team/cicd/configs/tf-validate.yaml index 690e204d8..e0e0e9298 100644 --- a/examples/tfengine/generated/team/cicd/configs/tf-validate.yaml +++ b/examples/tfengine/generated/team/cicd/configs/tf-validate.yaml @@ -19,6 +19,7 @@ timeout: 600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools-light@sha256:d881ce4ff2a73fa0877dd357af798a431a601b2ccfe5a140837bcb883cd3f011" @@ -37,3 +38,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init -backend=false", "-a", "validate"] dir: "${_TERRAFORM_ROOT}" id: Validate + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/examples/tfengine/generated/team/cicd/triggers.tf b/examples/tfengine/generated/team/cicd/triggers.tf index ffaeb4158..e181ee9f7 100644 --- a/examples/tfengine/generated/team/cicd/triggers.tf +++ b/examples/tfengine/generated/team/cicd/triggers.tf @@ -36,6 +36,7 @@ resource "google_cloudbuild_trigger" "validate_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "project_secrets project_networks project_apps project_data additional_iam_members" + _WORKER_POOL = "" } depends_on = [ @@ -65,6 +66,7 @@ resource "google_cloudbuild_trigger" "plan_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "project_secrets project_networks project_apps project_data additional_iam_members" + _WORKER_POOL = "" } depends_on = [ @@ -95,6 +97,7 @@ resource "google_cloudbuild_trigger" "apply_prod" { substitutions = { _TERRAFORM_ROOT = "terraform" _MANAGED_DIRS = "project_secrets project_networks project_apps project_data additional_iam_members" + _WORKER_POOL = "" } depends_on = [ diff --git a/examples/tfengine/modules/foundation.hcl b/examples/tfengine/modules/foundation.hcl index 6287ff10c..84bc28fa1 100644 --- a/examples/tfengine/modules/foundation.hcl +++ b/examples/tfengine/modules/foundation.hcl @@ -142,6 +142,11 @@ template "cicd" { "project_data", "additional_iam_members", ] + worker_pool = { + project = "{{.prefix}}-{{.env}}-devops" + location = "us-east1" + name = "cicd-pool" + } } ] } diff --git a/examples/tfengine/multi_envs.hcl b/examples/tfengine/multi_envs.hcl index 4ed8f576e..c72417979 100644 --- a/examples/tfengine/multi_envs.hcl +++ b/examples/tfengine/multi_envs.hcl @@ -154,6 +154,11 @@ template "cicd" { managed_dirs = [ "dev/data", ] + worker_pool = { + project = "example-devops" + location = "us-east1" + name = "cicd-pool-one" + } }, { name = "prod" @@ -168,6 +173,11 @@ template "cicd" { managed_dirs = [ "prod/data", ] + worker_pool = { + project = "example-devops" + location = "us-east1" + name = "cicd-pool-two" + } } ] } diff --git a/templates/tfengine/components/cicd/configs/tf-apply.yaml b/templates/tfengine/components/cicd/configs/tf-apply.yaml index d14e6d1b4..ae357e450 100644 --- a/templates/tfengine/components/cicd/configs/tf-apply.yaml +++ b/templates/tfengine/components/cicd/configs/tf-apply.yaml @@ -20,6 +20,7 @@ timeout: 21600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "{{$cft}}" @@ -38,3 +39,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init", "-a", "plan", "-a", "apply -auto-approve"] dir: "${_TERRAFORM_ROOT}" id: Apply + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/templates/tfengine/components/cicd/configs/tf-plan.yaml b/templates/tfengine/components/cicd/configs/tf-plan.yaml index 188d795a9..4da839161 100644 --- a/templates/tfengine/components/cicd/configs/tf-plan.yaml +++ b/templates/tfengine/components/cicd/configs/tf-plan.yaml @@ -20,6 +20,7 @@ timeout: 1200s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "{{$cft}}" @@ -39,3 +40,7 @@ steps: args: ["./cicd/configs/tf-deletion-check.sh", "./cicd/configs/tf-deletion-allowlist.txt"] dir: "${_TERRAFORM_ROOT}" id: Resource deletion check + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/templates/tfengine/components/cicd/configs/tf-validate.yaml b/templates/tfengine/components/cicd/configs/tf-validate.yaml index f9fdfd234..52171966f 100644 --- a/templates/tfengine/components/cicd/configs/tf-validate.yaml +++ b/templates/tfengine/components/cicd/configs/tf-validate.yaml @@ -20,6 +20,7 @@ timeout: 600s substitutions: _TERRAFORM_ROOT: "." _MANAGED_DIRS: "" + _WORKER_POOL: "" steps: - name: "{{$cft}}" @@ -38,3 +39,7 @@ steps: args: ["./cicd/configs/run.sh", "-d", "${_MANAGED_DIRS}", "-a", "init -backend=false", "-a", "validate"] dir: "${_TERRAFORM_ROOT}" id: Validate + +options: + pool: + name: "${_WORKER_POOL}" diff --git a/templates/tfengine/components/cicd/triggers.tf b/templates/tfengine/components/cicd/triggers.tf index c6efdaf28..37e4c5d19 100644 --- a/templates/tfengine/components/cicd/triggers.tf +++ b/templates/tfengine/components/cicd/triggers.tf @@ -30,6 +30,11 @@ {{- $managed_dirs = trimSpace (printf "%s %s" $managed_dirs .)}} {{- end}} +{{- $worker_pool := ""}} +{{- if has . "worker_pool"}} + {{- $worker_pool := printf "projects/%s/locations/%s/workerPools/%s" .worker_pool.project .worker_pool.location .worker_pool.name}} +{{- end}} + {{- if has .triggers "validate"}} resource "google_cloudbuild_trigger" "validate_{{.name}}" { @@ -64,6 +69,7 @@ resource "google_cloudbuild_trigger" "validate_{{.name}}" { substitutions = { _TERRAFORM_ROOT = "{{$terraform_root}}" _MANAGED_DIRS = "{{$managed_dirs}}" + _WORKER_POOL = "{{$worker_pool}}" } depends_on = [ @@ -108,6 +114,7 @@ resource "google_cloudbuild_trigger" "validate_scheduled_{{.name}}" { substitutions = { _TERRAFORM_ROOT = "{{$terraform_root}}" _MANAGED_DIRS = "{{$managed_dirs}}" + _WORKER_POOL = "{{$worker_pool}}" } depends_on = [ @@ -176,6 +183,7 @@ resource "google_cloudbuild_trigger" "plan_{{.name}}" { substitutions = { _TERRAFORM_ROOT = "{{$terraform_root}}" _MANAGED_DIRS = "{{$managed_dirs}}" + _WORKER_POOL = "{{$worker_pool}}" } depends_on = [ @@ -220,6 +228,7 @@ resource "google_cloudbuild_trigger" "plan_scheduled_{{.name}}" { substitutions = { _TERRAFORM_ROOT = "{{$terraform_root}}" _MANAGED_DIRS = "{{$managed_dirs}}" + _WORKER_POOL = "{{$worker_pool}}" } depends_on = [ @@ -288,6 +297,7 @@ resource "google_cloudbuild_trigger" "apply_{{.name}}" { substitutions = { _TERRAFORM_ROOT = "{{$terraform_root}}" _MANAGED_DIRS = "{{$managed_dirs}}" + _WORKER_POOL = "{{$worker_pool}}" } depends_on = [ diff --git a/templates/tfengine/recipes/cicd.hcl b/templates/tfengine/recipes/cicd.hcl index 750abb717..e95ae830b 100644 --- a/templates/tfengine/recipes/cicd.hcl +++ b/templates/tfengine/recipes/cicd.hcl @@ -259,6 +259,33 @@ schema = { } } } + worker_pool = { + description = <