A terraform container builder that checks for new terraform versions and builds them automatically and pushe s to your Google Container Registry
- Install GCloud SDK or run in Google Cloud shell
- Make sure your gcloud cli is authenticated on GCP by running
gcloud init - Make sure you are in a project, in cloud shell type
gcloud config set project [PROJECT_ID], if running locally then set the environment variableDEVSHELL_PROJECT_IDto your project - Run the setup.sh file (have a read through it to understand the elements)
The steps are as follows:
- source repository configuration
- get the current project from
cloud shellenvironment, if you're not using cloud shell then make sure you are using an authenticated gcloud environment and set the$DEVSHELL_PROJECT_IDenvironment variable - creates a source reposity in the current project called
terraform-builder - sets up the git authentication to push this directory into that source repository
- sets the google remote as the newly created repo
- pushes the code into the repo
- cloud build
- the build checks for a new version on the Hashicorp site against the container registry where the terraform builder will/does reside
- sets up a build trigger in cloud build which is either triggered by a commit (unlikely because we want to trigger off a schedule which checks changes on the Hashicorp website)
- if you look at the cloudbuild.yaml file, you'll see that it clones the cloud-builder-community repo and triggers the terraform build.
- set a pubsub topic which we'll then use to trigger a cloud function
- set up a service account with limited scope for the cloud function to run as
- set the role of the cloud function service account as cloud build editor. The minimum I could find, maybe custom roles could make this tighter
- deploy the cloud function using the cloud functions directory of the uploaded repo and set it to listen to the pubsub topic.
- set a scheduled job to run every morning to trigger the pipeline