-
Notifications
You must be signed in to change notification settings - Fork 1
/
setup.sh
executable file
·82 lines (64 loc) · 3.81 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#setup file for the pipeline, run in cloud shell with your target project set
# git clone https://github.com/paulleroyza/terraform-builder.git
# cd terraform-builder
# $DEVSHELL_PROJECT_ID=<if you are not in cloud shell>
PROJECT_ID=$DEVSHELL_PROJECT_ID
#enable APIs
gcloud services enable sourcerepo.googleapis.com
gcloud services enable cloudbuild.googleapis.com
gcloud services enable cloudfunctions.googleapis.com
gcloud services enable cloudscheduler.googleapis.com
gcloud services enable secretmanager.googleapis.com
gcloud app create --region=us-central
#create the source repo to slave off the github repo
gcloud source repos create terraform-builder
git config --global credential.https://source.developers.google.com.helper gcloud.sh
git remote add google https://source.developers.google.com/p/$DEVSHELL_PROJECT_ID/r/terraform-builder
git push google main
#create the build trigger in cloud build
gcloud alpha builds triggers create cloud-source-repositories \
--build-config=cloudbuild.yaml --repo=terraform-builder \
--branch-pattern=^main$ --description="terraform-builder-trigger"
#disable the trigger, we will run it from cloud functions
gcloud beta builds triggers export terraform-builder-trigger --destination=../cloudbuilder.yaml
echo disabled: True >> ../cloudbuilder.yaml
gcloud beta builds triggers import --source=../cloudbuilder.yaml
# create pub sub
gcloud pubsub topics create terraform-build-topic
# create cloud functions service account
gcloud iam service-accounts create terraform-builder --description="Cloud Function's Service Account to trigger build" --display-name="Terraform Builder"
#give Service account required perms
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:terraform-builder@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/cloudbuild.builds.editor
#create cloud function
gcloud functions deploy terraform-builder \
--source https://source.developers.google.com/projects/$DEVSHELL_PROJECT_ID/repos/terraform-builder/moveable-aliases/main/paths/cloud-function \
--trigger-topic=terraform-build-topic --max-instances=1 \
--memory=128MB --update-labels=terraform-builder=cloudfunction --entry-point=trigger_build \
--runtime=python37 --service-account=terraform-builder@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com \
--timeout=300 --quiet
# create cron schedule
gcloud scheduler jobs create pubsub terrafrom-builder-cron --schedule="57 3 * * *" --topic=terraform-build-topic --message-body="gobuild"
#set up alerting
#set up build notification, set up the topic, this should exist if container registry has ever been used
gcloud pubsub topics create gcr || true #might exist already on the project
#split out notifier
gcloud iam service-accounts create terraform-build-notifier --description="Cloud Function's Service Account for build noficiations" --display-name="Terraform Builder Notifier"
#set up secrets store
gcloud secrets create sendgridapikey \
--replication-policy="automatic" \
--labels=terraform-builder=secrets
gcloud secrets add-iam-policy-binding sendgridapikey \
--member serviceAccount:terraform-build-notifier@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com \
--role="roles/secretmanager.secretAccessor"
#set sendgrid API key here and no, you can't have mine
gcloud secrets versions add sendgridapikey --data-file="../sendgrid_apikey.txt"
gcloud functions deploy build-notifications \
--source https://source.developers.google.com/projects/$DEVSHELL_PROJECT_ID/repos/terraform-builder/moveable-aliases/main/paths/sendmail \
--trigger-topic=gcr --max-instances=1 --set-env-vars=SENDER=$SENDER,RECIPIENT=$RECIPIENT \
--memory=128MB --update-labels=terraform-builder=sendmail --entry-point=sendmail \
--runtime=python37 --service-account=terraform-build-notifier@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com \
--timeout=300 --quiet