To provision all the GCP resources we use terraform with terraform Google provider.
We use Google Cloud Storage buckets to store and version terraform state (*.tfstate) for each of the environments in their own GCP project.
The bucket needs to be bootstrapped for each new environment by hand.
PROJECT_ID=$(gcloud config get-value project)
gsutil mb gs://${PROJECT_ID}-terraform-state
Enable versioning on the bucket to keep the history of your deployments.
gsutil versioning set on gs://${PROJECT_ID}-terraform-state
More details here.
In case of failure (e.g. pipeline agent hangs unexpectedly) you might need to run
terraform force-unlock <UUID>
to force-unlock the state.
gcloud auth login && gcloud auth application-default login
cd dev
terraform init
terraform apply
terraform providers lock -platform=linux_arm64 -platform=linux_amd64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=windows_amd64