Merge branch 'feat/component' into 'master'

feat: migrate to CI/CD component See merge request to-be-continuous/gcloud!53

Merge branch 'feat/component' into 'master'
86701e81 · Cédric OLIVIER · bad5c989 · 59b4a6dc · 86701e81 · 86701e81
Commit 86701e81 authored 1 year ago by Cédric OLIVIER
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,7 +10,7 @@ include:
    file: '/templates/validation.yml'
  - project: 'to-be-continuous/bash'
    ref: '3.3'
-    file: 'templates/gitlab-ci-bash.yml'
+    file: '/templates/gitlab-ci-bash.yml'
  - project: 'to-be-continuous/semantic-release'
    ref: '3.7'
    file: '/templates/gitlab-ci-semrel.yml'

--- a/README.md
+++ b/README.md
--- a/bumpversion.sh
+++ b/bumpversion.sh
@@ -27,13 +27,13 @@ if [[ "$curVer" ]]; then
  log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."

  # replace in README
-  sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next
+  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
  mv -f README.md.next README.md

  # replace in template and variants
  for tmpl in templates/*.yml
  do
-    sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"
+    sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"
    mv -f "$tmpl.next" "$tmpl"
  done
 else

--- a/kicker.json
+++ b/kicker.json
@@ -3,6 +3,8 @@
  "description": "Deploy your application to the [Google Cloud](https://cloud.google.com/) platform",
  "template_path": "templates/gitlab-ci-gcloud.yml",
  "kind": "hosting",
+  "prefix": "gcp",
+  "is_component": true,
  "variables": [
    {
      "name": "GCP_CLI_IMAGE",
@@ -56,7 +58,7 @@
        },
        {
          "name": "GCP_REVIEW_APP_NAME",
-          "description": "The application name for review env (only define if different from global)",
+          "description": "The application name for review env (only define to override default)",
          "advanced": true
        },
        {
@@ -72,7 +74,7 @@
        },
        {
          "name": "GCP_REVIEW_KEY_FILE",
-          "description": "Service Account key file to authenticate on review env (only define if different from global)",
+          "description": "Service Account key file to authenticate on review env (only define to override default)",
          "secret": true
        }
      ]
@@ -89,7 +91,7 @@
        },
        {
          "name": "GCP_INTEG_APP_NAME",
-          "description": "The application name for integration env (only define if different from global)",
+          "description": "The application name for integration env (only define to override default)",
          "advanced": true
        },
        {
@@ -100,7 +102,7 @@
        },
        {
          "name": "GCP_INTEG_KEY_FILE",
-          "description": "Service Account key file to authenticate on integration env (only define if different from global)",
+          "description": "Service Account key file to authenticate on integration env (only define to override default)",
          "secret": true
        }
      ]
@@ -117,7 +119,7 @@
        },
        {
          "name": "GCP_STAGING_APP_NAME",
-          "description": "The application name for staging env (only define if different from global)",
+          "description": "The application name for staging env (only define to override default)",
          "advanced": true
        },
        {
@@ -128,7 +130,7 @@
        },
        {
          "name": "GCP_STAGING_KEY_FILE",
-          "description": "Service Account key file to authenticate on staging env (only define if different from global)",
+          "description": "Service Account key file to authenticate on staging env (only define to override default)",
          "secret": true
        }
      ]
@@ -145,7 +147,7 @@
        },
        {
          "name": "GCP_PROD_APP_NAME",
-          "description": "The application name for production env (only define if different from global)",
+          "description": "The application name for production env (only define to override default)",
          "advanced": true
        },
        {
@@ -163,7 +165,7 @@
        },
        {
          "name": "GCP_PROD_KEY_FILE",
-          "description": "Service Account key file to authenticate on production env (only define if different from global)",
+          "description": "Service Account key file to authenticate on production env (only define to override default)",
          "secret": true
        }
      ]
@@ -193,7 +195,7 @@
        },
        {
          "name": "GCP_REVIEW_OIDC_PROVIDER",
-          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment\n\n_(only define if different from global)_",
+          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment\n\n_(only define to override default)_",
          "advanced": true
        },
        {
@@ -203,7 +205,7 @@
        },
        {
          "name": "GCP_INTEG_OIDC_PROVIDER",
-          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment\n\n_(only define if different from global)_",
+          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment\n\n_(only define to override default)_",
          "advanced": true
        },
        {
@@ -213,7 +215,7 @@
        },
        {
          "name": "GCP_STAGING_OIDC_PROVIDER",
-          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment\n\n_(only define if different from global)_",
+          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment\n\n_(only define to override default)_",
          "advanced": true
        },
        {
@@ -223,7 +225,7 @@
        },
        {
          "name": "GCP_PROD_OIDC_PROVIDER",
-          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment\n\n_(only define if different from global)_",
+          "description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment\n\n_(only define to override default)_",
          "advanced": true
        },
        {

--- a/logo.png
+++ b/logo.png
--- a/templates/gitlab-ci-gcloud-oidc.yml
+++ b/templates/gitlab-ci-gcloud-oidc.yml
 # =====================================================================================================================
 # === OIDC authentication template variant
 # =====================================================================================================================
+spec:
+  inputs:
+    oidc-aud:
+      description: The `aud` claim for the JWT
+      default: $CI_SERVER_URL
+    oidc-provider:
+      description: Global Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)
+      default: ''
+    oidc-account:
+      description: Global Service Account to which impersonate with OpenID Connect authentication
+      default: ''
+    review-oidc-provider:
+      description: |-
+        Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment
+
+        _(only define to override default)_
+      default: ''
+    review-oidc-account:
+      description: Service Account to which impersonate with OpenID Connect authentication on `review` environment
+      default: ''
+    integ-oidc-provider:
+      description: |-
+        Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment
+
+        _(only define to override default)_
+      default: ''
+    integ-oidc-account:
+      description: Service Account to which impersonate with OpenID Connect authentication on `integration` environment
+      default: ''
+    staging-oidc-provider:
+      description: |-
+        Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment
+
+        _(only define to override default)_
+      default: ''
+    staging-oidc-account:
+      description: Service Account to which impersonate with OpenID Connect authentication on `staging` environment
+      default: ''
+    prod-oidc-provider:
+      description: |-
+        Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment
+
+        _(only define to override default)_
+      default: ''
+    prod-oidc-account:
+      description: Service Account to which impersonate with OpenID Connect authentication on `production` environment
+      default: ''
+---
 variables:
-  GCP_OIDC_AUD: "$CI_SERVER_URL"
+  GCP_OIDC_AUD: $[[ inputs.oidc-aud ]]
+
+  GCP_OIDC_PROVIDER: $[[ inputs.oidc-provider ]]
+  GCP_OIDC_ACCOUNT: $[[ inputs.oidc-account ]]
+  GCP_REVIEW_OIDC_PROVIDER: $[[ inputs.review-oidc-provider ]]
+  GCP_REVIEW_OIDC_ACCOUNT: $[[ inputs.review-oidc-account ]]
+  GCP_INTEG_OIDC_PROVIDER: $[[ inputs.integ-oidc-provider ]]
+  GCP_INTEG_OIDC_ACCOUNT: $[[ inputs.integ-oidc-account ]]
+  GCP_STAGING_OIDC_PROVIDER: $[[ inputs.staging-oidc-provider ]]
+  GCP_STAGING_OIDC_ACCOUNT: $[[ inputs.staging-oidc-account ]]
+  GCP_PROD_OIDC_PROVIDER: $[[ inputs.prod-oidc-provider ]]
+  GCP_PROD_OIDC_ACCOUNT: $[[ inputs.prod-oidc-account ]]

 .gcp-base:
  id_tokens:

--- a/templates/gitlab-ci-gcloud-vault.yml
+++ b/templates/gitlab-ci-gcloud-vault.yml
 # =====================================================================================================================
 # === Vault template variant
 # =====================================================================================================================
+spec:
+  inputs:
+    vault-oidc-aud:
+      description: The `aud` claim for the JWT
+      default: $CI_SERVER_URL
+    vault-base-url:
+      description: The Vault server base API url
+      default: ''
+---
 variables:
  # variabilized vault-secrets-provider image
-  TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"
+  TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master
  # variables have to be explicitly declared in the YAML to be exported to the service
-  VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
-  VAULT_ROLE_ID: "$VAULT_ROLE_ID"
-  VAULT_SECRET_ID: "$VAULT_SECRET_ID"
-  VAULT_OIDC_AUD: "$CI_SERVER_URL"
+  VAULT_JWT_TOKEN: $VAULT_JWT_TOKEN
+  VAULT_ROLE_ID: $VAULT_ROLE_ID
+  VAULT_SECRET_ID: $VAULT_SECRET_ID
+  VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
+
+  VAULT_BASE_URL: $[[ inputs.vault-base-url ]]

 .gcp-base:
  services:

--- a/templates/gitlab-ci-gcloud.yml
+++ b/templates/gitlab-ci-gcloud.yml
@@ -14,6 +14,78 @@
 # Floor, Boston, MA  02110-1301, USA.
 # =========================================================================================
 # default workflow rules: Merge Request pipelines
+spec:
+  inputs:
+    cli-image:
+      description: The Docker image used to run Google Cloud CLI commands
+      default: gcr.io/google.com/cloudsdktool/cloud-sdk:latest
+    workload-identity-provider:
+      description: |-
+        Default [Workload Identity Provider](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) associated with GitLab to authenticate
+
+        (has format `projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_ID`)
+      default: ''
+    service-account:
+      description: Default Service Account to which impersonate with WIF authentication
+      default: ''
+    base-app-name:
+      description: Base application name
+      default: $CI_PROJECT_NAME
+    environment-url:
+      description: |-
+        The default environments url _(only define for static environment URLs declaration)_
+
+        _supports late variable expansion (ex: `https://%{environment_name}.gcloud.acme.com`)_
+      default: ''
+    scripts-dir:
+      description: Directory where Google Cloud scripts (deploy & cleanup) are located
+      default: .
+    review-project:
+      description: Google Cloud project ID for review env
+      default: ''
+    review-app-name:
+      description: The application name for review env (only define to override default)
+      default: ''
+    review-autostop-duration:
+      description: The amount of time before GitLab will automatically stop `review` environments
+      default: 4 hours
+    review-environment-url:
+      description: The review environments url _(only define for static environment URLs declaration and if different from default)_
+      default: ''
+    integ-project:
+      description: Google Cloud project ID for integration env
+      default: ''
+    integ-app-name:
+      description: The application name for integration env (only define to override default)
+      default: ''
+    integ-environment-url:
+      description: The integration environment url _(only define for static environment URLs declaration and if different from default)_
+      default: ''
+    staging-project:
+      description: Google Cloud project ID for staging env
+      default: ''
+    staging-app-name:
+      description: The application name for staging env (only define to override default)
+      default: ''
+    staging-environment-url:
+      description: The staging environment url _(only define for static environment URLs declaration and if different from default)_
+      default: ''
+    prod-project:
+      description: Google Cloud project ID for production env
+      default: ''
+    prod-app-name:
+      description: The application name for production env (only define to override default)
+      default: ''
+    prod-environment-url:
+      description: The production environment url _(only define for static environment URLs declaration and if different from default)_
+      default: ''
+    prod-deploy-strategy:
+      description: Defines the deployment to production strategy.
+      options:
+      - manual
+      - auto
+      default: manual
+---
 workflow:
  rules:
    # prevent branch pipeline when an MR is open (prefer MR pipeline)
@@ -37,25 +109,39 @@ workflow:

 variables:
  # variabilized tracking image
-  TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
+  TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master

  # Default Docker image (can be overridden)
-  GCP_CLI_IMAGE: "gcr.io/google.com/cloudsdktool/cloud-sdk:latest"
+  GCP_CLI_IMAGE: $[[ inputs.cli-image ]]

-  GCP_SCRIPTS_DIR: "."
+  GCP_SCRIPTS_DIR: $[[ inputs.scripts-dir ]]
  
-  GCP_BASE_APP_NAME: "$CI_PROJECT_NAME"
-  # deprecated, backward compatibility
-  GCP_REVIEW_ENVIRONMENT_SCHEME: "https"
-  GCP_REVIEW_AUTOSTOP_DURATION: "4 hours"
+  GCP_BASE_APP_NAME: $[[ inputs.base-app-name ]]
+  GCP_REVIEW_AUTOSTOP_DURATION: $[[ inputs.review-autostop-duration ]]

  # default: one-click deploy
-  GCP_PROD_DEPLOY_STRATEGY: manual
+  GCP_PROD_DEPLOY_STRATEGY: $[[ inputs.prod-deploy-strategy ]]

  # default production ref name (pattern)
-  PROD_REF: '/^(master|main)$/'
+  PROD_REF: /^(master|main)$/
  # default integration ref name (pattern)
-  INTEG_REF: '/^develop$/'
+  INTEG_REF: /^develop$/
+
+  GCP_WORKLOAD_IDENTITY_PROVIDER: $[[ inputs.workload-identity-provider ]]
+  GCP_SERVICE_ACCOUNT: $[[ inputs.service-account ]]
+  GCP_ENVIRONMENT_URL: $[[ inputs.environment-url ]]
+  GCP_REVIEW_PROJECT: $[[ inputs.review-project ]]
+  GCP_REVIEW_APP_NAME: $[[ inputs.review-app-name ]]
+  GCP_REVIEW_ENVIRONMENT_URL: $[[ inputs.review-environment-url ]]
+  GCP_INTEG_PROJECT: $[[ inputs.integ-project ]]
+  GCP_INTEG_APP_NAME: $[[ inputs.integ-app-name ]]
+  GCP_INTEG_ENVIRONMENT_URL: $[[ inputs.integ-environment-url ]]
+  GCP_STAGING_PROJECT: $[[ inputs.staging-project ]]
+  GCP_STAGING_APP_NAME: $[[ inputs.staging-app-name ]]
+  GCP_STAGING_ENVIRONMENT_URL: $[[ inputs.staging-environment-url ]]
+  GCP_PROD_PROJECT: $[[ inputs.prod-project ]]
+  GCP_PROD_APP_NAME: $[[ inputs.prod-app-name ]]
+  GCP_PROD_ENVIRONMENT_URL: $[[ inputs.prod-environment-url ]]

 stages:
  - build
@@ -314,7 +400,7 @@ stages:
    export environment_type=$ENV_TYPE
    export environment_name=${ENV_APP_NAME:-${GCP_BASE_APP_NAME}${ENV_APP_SUFFIX}}
    export gcp_project_id=$ENV_PROJECT
-    environment_url=${ENV_URL:-${GCP_ENVIRONMENT_URL:-$ENV_URL_LEGACY}}
+    environment_url=${ENV_URL:-$GCP_ENVIRONMENT_URL}

    # backwards compatibility
    export env=$environment_type
@@ -465,8 +551,6 @@ gcp-review:
    ENV_OIDC_ACCOUNT: "$GCP_REVIEW_OIDC_ACCOUNT"
    ENV_KEY_FILE: "$GCP_REVIEW_KEY_FILE"
    ENV_URL: "${GCP_REVIEW_ENVIRONMENT_URL}"
-    # deprecated, backward compatibility
-    ENV_URL_LEGACY: "${GCP_REVIEW_ENVIRONMENT_SCHEME}://${CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${GCP_REVIEW_ENVIRONMENT_DOMAIN}"
  environment:
    name: review/$CI_COMMIT_REF_NAME
    on_stop: gcp-cleanup-review