diff --git a/fast/assets/templates/workflow-github.yaml b/fast/assets/templates/workflow-github.yaml index 0b73601b5..378ea1762 100644 --- a/fast/assets/templates/workflow-github.yaml +++ b/fast/assets/templates/workflow-github.yaml @@ -30,7 +30,7 @@ env: SSH_AUTH_SOCK: /tmp/ssh_agent.sock TF_PROVIDERS_FILE: ${tf_providers_files.apply} TF_PROVIDERS_FILE_PLAN: ${tf_providers_files.plan} - TF_VERSION: 1.6.5 + TF_VERSION: 1.7.4 jobs: fast-pr: @@ -49,7 +49,7 @@ jobs: steps: - id: checkout name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # set up SSH key authentication to the modules repository @@ -106,7 +106,7 @@ jobs: - id: tf-setup name: Set up Terraform - uses: hashicorp/setup-terraform@v2.0.3 + uses: hashicorp/setup-terraform@v3 with: terraform_version: $${{env.TF_VERSION}} @@ -142,7 +142,7 @@ jobs: - id: pr-comment name: Post comment to Pull Request continue-on-error: true - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' env: PLAN: $${{steps.tf-plan.outputs.stdout}}\n$${{steps.tf-plan.outputs.stderr}} @@ -183,7 +183,7 @@ jobs: - id: pr-short-comment name: Post comment to Pull Request (abbreviated) - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' with: script: | diff --git a/fast/assets/templates/workflow-sourcerepo.yaml b/fast/assets/templates/workflow-sourcerepo.yaml deleted file mode 100644 index 88c04fac5..000000000 --- a/fast/assets/templates/workflow-sourcerepo.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2024 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -steps: - - name: alpine:3 - id: tf-download - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - mkdir -p /builder/home/.local/bin - wget https://releases.hashicorp.com/terraform/$${_TF_VERSION}/terraform_$${_TF_VERSION}_linux_amd64.zip - unzip terraform_$${_TF_VERSION}_linux_amd64.zip -d /builder/home/.local/bin - rm terraform_$${_TF_VERSION}_linux_amd64.zip - chmod 755 /builder/home/.local/bin/terraform - - name: alpine:3 - id: tf-check-format - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform fmt -recursive -check /workspace/ - - name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine - id: tf-files - entrypoint: bash - args: - - -eEuo - - pipefail - - -c - - |- - /google-cloud-sdk/bin/gsutil cp \ - gs://$${_FAST_OUTPUTS_BUCKET}/providers/$${_TF_PROVIDERS_FILE} ./ - /google-cloud-sdk/bin/gsutil cp -r \ - gs://$${_FAST_OUTPUTS_BUCKET}/tfvars ./ - for f in $${_TF_VAR_FILES}; do - ln -s tfvars/$f ./ - done - - name: alpine:3 - id: tf-init - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform init -no-color - - name: alpine:3 - id: tf-check-validate - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform validate -no-color - - name: alpine:3 - id: tf-plan - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform plan -no-color -input=false -out plan.out - # store artifact and ask for approval here if needed - - name: alpine:3 - id: tf-apply - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform apply -no-color -input=false -auto-approve plan.out -options: - env: - - PATH=/usr/local/bin:/usr/bin:/bin:/builder/home/.local/bin - logging: CLOUD_LOGGING_ONLY -substitutions: - _FAST_OUTPUTS_BUCKET: ${outputs_bucket} - _TF_PROVIDERS_FILE: ${tf_providers_file.apply} - _TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} - _TF_VERSION: 1.4.4 diff --git a/fast/extras/0-cicd-github/main.tf b/fast/extras/0-cicd-github/main.tf index bf58c10b4..e0657233a 100644 --- a/fast/extras/0-cicd-github/main.tf +++ b/fast/extras/0-cicd-github/main.tf @@ -18,6 +18,7 @@ locals { _repository_files = flatten([ for k, v in var.repositories : [ for f in concat( + [for f in fileset(path.module, "${v.populate_from}/*.png") : f], [for f in fileset(path.module, "${v.populate_from}/*.svg") : f], [for f in fileset(path.module, "${v.populate_from}/*.md") : f], (v.populate_samples ? [for f in fileset(path.module, "${v.populate_from}/*.sample") : f] : []), @@ -167,7 +168,7 @@ resource "github_repository_file" "default" { "/source(\\s*)=\\s*\"../../../modules/([^/\"]+)\"/", "source$1= \"git@github.com:${local.modules_repo}.git//${local.module_prefix}$2${local.modules_ref}\"" # " ) - : file(each.value.file) + : try(file(each.value.file), filebase64(each.value.file)) ) commit_message = "${var.commit_config.message} (${each.value.name})" commit_author = var.commit_config.author diff --git a/fast/stages/0-bootstrap/templates/workflow-github.yaml b/fast/stages/0-bootstrap/templates/workflow-github.yaml index bbe90a8f1..bec19b711 100644 --- a/fast/stages/0-bootstrap/templates/workflow-github.yaml +++ b/fast/stages/0-bootstrap/templates/workflow-github.yaml @@ -142,7 +142,7 @@ jobs: - id: pr-comment name: Post comment to Pull Request continue-on-error: true - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' env: PLAN: $${{steps.tf-plan.outputs.stdout}}\n$${{steps.tf-plan.outputs.stderr}} @@ -183,7 +183,7 @@ jobs: - id: pr-short-comment name: Post comment to Pull Request (abbreviated) - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' with: script: | diff --git a/fast/stages/0-bootstrap/templates/workflow-sourcerepo.yaml b/fast/stages/0-bootstrap/templates/workflow-sourcerepo.yaml deleted file mode 100644 index 012ff93e7..000000000 --- a/fast/stages/0-bootstrap/templates/workflow-sourcerepo.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2024 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -steps: - - name: alpine:3 - id: tf-download - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - mkdir -p /builder/home/.local/bin - wget https://releases.hashicorp.com/terraform/$${_TF_VERSION}/terraform_$${_TF_VERSION}_linux_amd64.zip - unzip terraform_$${_TF_VERSION}_linux_amd64.zip -d /builder/home/.local/bin - rm terraform_$${_TF_VERSION}_linux_amd64.zip - chmod 755 /builder/home/.local/bin/terraform - - name: alpine:3 - id: tf-check-format - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform fmt -recursive -check /workspace/ - - name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine - id: tf-files - entrypoint: bash - args: - - -eEuo - - pipefail - - -c - - |- - /google-cloud-sdk/bin/gsutil cp \ - gs://$${_FAST_OUTPUTS_BUCKET}/providers/$${_TF_PROVIDERS_FILE} ./ - /google-cloud-sdk/bin/gsutil cp -r \ - gs://$${_FAST_OUTPUTS_BUCKET}/tfvars ./ - for f in $${_TF_VAR_FILES}; do - ln -s tfvars/$f ./ - done - - name: alpine:3 - id: tf-init - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform init -no-color - - name: alpine:3 - id: tf-check-validate - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform validate -no-color - - name: alpine:3 - id: tf-plan - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform plan -no-color -input=false -out plan.out - # store artifact and ask for approval here if needed - - name: alpine:3 - id: tf-apply - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform apply -no-color -input=false -auto-approve plan.out -options: - env: - - PATH=/usr/local/bin:/usr/bin:/bin:/builder/home/.local/bin - logging: CLOUD_LOGGING_ONLY -substitutions: - _FAST_OUTPUTS_BUCKET: ${outputs_bucket} - _TF_PROVIDERS_FILE: ${tf_providers_files.apply} - _TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} - _TF_VERSION: 1.7.6 diff --git a/fast/stages/1-resman/templates/workflow-github.yaml b/fast/stages/1-resman/templates/workflow-github.yaml index 460bbf90d..378ea1762 100644 --- a/fast/stages/1-resman/templates/workflow-github.yaml +++ b/fast/stages/1-resman/templates/workflow-github.yaml @@ -142,7 +142,7 @@ jobs: - id: pr-comment name: Post comment to Pull Request continue-on-error: true - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' env: PLAN: $${{steps.tf-plan.outputs.stdout}}\n$${{steps.tf-plan.outputs.stderr}} @@ -183,7 +183,7 @@ jobs: - id: pr-short-comment name: Post comment to Pull Request (abbreviated) - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' with: script: | diff --git a/fast/stages/1-resman/templates/workflow-sourcerepo.yaml b/fast/stages/1-resman/templates/workflow-sourcerepo.yaml deleted file mode 100644 index 012ff93e7..000000000 --- a/fast/stages/1-resman/templates/workflow-sourcerepo.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2024 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -steps: - - name: alpine:3 - id: tf-download - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - mkdir -p /builder/home/.local/bin - wget https://releases.hashicorp.com/terraform/$${_TF_VERSION}/terraform_$${_TF_VERSION}_linux_amd64.zip - unzip terraform_$${_TF_VERSION}_linux_amd64.zip -d /builder/home/.local/bin - rm terraform_$${_TF_VERSION}_linux_amd64.zip - chmod 755 /builder/home/.local/bin/terraform - - name: alpine:3 - id: tf-check-format - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform fmt -recursive -check /workspace/ - - name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine - id: tf-files - entrypoint: bash - args: - - -eEuo - - pipefail - - -c - - |- - /google-cloud-sdk/bin/gsutil cp \ - gs://$${_FAST_OUTPUTS_BUCKET}/providers/$${_TF_PROVIDERS_FILE} ./ - /google-cloud-sdk/bin/gsutil cp -r \ - gs://$${_FAST_OUTPUTS_BUCKET}/tfvars ./ - for f in $${_TF_VAR_FILES}; do - ln -s tfvars/$f ./ - done - - name: alpine:3 - id: tf-init - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform init -no-color - - name: alpine:3 - id: tf-check-validate - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform validate -no-color - - name: alpine:3 - id: tf-plan - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform plan -no-color -input=false -out plan.out - # store artifact and ask for approval here if needed - - name: alpine:3 - id: tf-apply - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform apply -no-color -input=false -auto-approve plan.out -options: - env: - - PATH=/usr/local/bin:/usr/bin:/bin:/builder/home/.local/bin - logging: CLOUD_LOGGING_ONLY -substitutions: - _FAST_OUTPUTS_BUCKET: ${outputs_bucket} - _TF_PROVIDERS_FILE: ${tf_providers_files.apply} - _TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} - _TF_VERSION: 1.7.6 diff --git a/fast/stages/1-tenant-factory/templates/workflow-github.yaml b/fast/stages/1-tenant-factory/templates/workflow-github.yaml index bbe90a8f1..378ea1762 100644 --- a/fast/stages/1-tenant-factory/templates/workflow-github.yaml +++ b/fast/stages/1-tenant-factory/templates/workflow-github.yaml @@ -39,7 +39,7 @@ jobs: github.event.action == 'closed' && github.event.pull_request.merged == true || github.event.action == 'opened' || - github.event.action == 'synchronize' + github.event.action == 'synchronize' permissions: contents: read id-token: write @@ -142,7 +142,7 @@ jobs: - id: pr-comment name: Post comment to Pull Request continue-on-error: true - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' env: PLAN: $${{steps.tf-plan.outputs.stdout}}\n$${{steps.tf-plan.outputs.stderr}} @@ -183,7 +183,7 @@ jobs: - id: pr-short-comment name: Post comment to Pull Request (abbreviated) - uses: actions/github-script@v6 + uses: actions/github-script@v7 if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' with: script: | diff --git a/fast/stages/1-tenant-factory/templates/workflow-sourcerepo.yaml b/fast/stages/1-tenant-factory/templates/workflow-sourcerepo.yaml deleted file mode 100644 index 012ff93e7..000000000 --- a/fast/stages/1-tenant-factory/templates/workflow-sourcerepo.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2024 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -steps: - - name: alpine:3 - id: tf-download - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - mkdir -p /builder/home/.local/bin - wget https://releases.hashicorp.com/terraform/$${_TF_VERSION}/terraform_$${_TF_VERSION}_linux_amd64.zip - unzip terraform_$${_TF_VERSION}_linux_amd64.zip -d /builder/home/.local/bin - rm terraform_$${_TF_VERSION}_linux_amd64.zip - chmod 755 /builder/home/.local/bin/terraform - - name: alpine:3 - id: tf-check-format - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform fmt -recursive -check /workspace/ - - name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine - id: tf-files - entrypoint: bash - args: - - -eEuo - - pipefail - - -c - - |- - /google-cloud-sdk/bin/gsutil cp \ - gs://$${_FAST_OUTPUTS_BUCKET}/providers/$${_TF_PROVIDERS_FILE} ./ - /google-cloud-sdk/bin/gsutil cp -r \ - gs://$${_FAST_OUTPUTS_BUCKET}/tfvars ./ - for f in $${_TF_VAR_FILES}; do - ln -s tfvars/$f ./ - done - - name: alpine:3 - id: tf-init - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform init -no-color - - name: alpine:3 - id: tf-check-validate - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform validate -no-color - - name: alpine:3 - id: tf-plan - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform plan -no-color -input=false -out plan.out - # store artifact and ask for approval here if needed - - name: alpine:3 - id: tf-apply - entrypoint: sh - args: - - -eEuo - - pipefail - - -c - - |- - terraform apply -no-color -input=false -auto-approve plan.out -options: - env: - - PATH=/usr/local/bin:/usr/bin:/bin:/builder/home/.local/bin - logging: CLOUD_LOGGING_ONLY -substitutions: - _FAST_OUTPUTS_BUCKET: ${outputs_bucket} - _TF_PROVIDERS_FILE: ${tf_providers_files.apply} - _TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} - _TF_VERSION: 1.7.6