added CI pipeline for vm module

bohdanyurov-gl · May 22, 2019 · 99d91fc · 99d91fc
1 parent 6b8b714
commit 99d91fc
Show file tree

Hide file tree

Showing 3 changed files with 233 additions and 0 deletions.
diff --git a/infra/concourse/pipelines/terraform-google-vm.yml b/infra/concourse/pipelines/terraform-google-vm.yml
@@ -0,0 +1,133 @@
+resource_types:
+
+  - name: pull-request
+    type: docker-image
+    source:
+      repository: teliaoss/github-pr-resource
+
+resources:
+  - name: pull-request
+    type: pull-request
+    webhook_token: ((vm.github_webhook_token))
+    source:
+      repository: terraform-google-modules/terraform-google-vm
+      access_token: ((github.pr-access-token))
+
+  - name: lint-test-image
+    type: docker-image
+    source:
+      repository: gcr.io/cloud-foundation-cicd/cft/lint
+      username: _json_key
+      password: ((sa.google))
+
+  - name: integration-test-image
+    type: docker-image
+    source:
+      repository: gcr.io/cloud-foundation-cicd/cft/kitchen-terraform
+      tag: 1.2.0
+      username: _json_key
+      password: ((sa.google))
+
+jobs:
+
+  - name: lint-tests
+    public: true
+    plan:
+      - get: pull-request
+        trigger: true
+        version: every
+      - put: notify-lint-test-pending
+        resource: pull-request
+        params:
+          path: pull-request
+          context: lint-tests
+          status: pending
+      - get: lint-test-image
+        trigger: true
+      - task: run
+        image: lint-test-image
+        config:
+          platform: linux
+          inputs:
+            - name: pull-request
+              path: terraform-google-jenkins
+            - name: lint-test-image
+          run:
+            path: make
+            args:
+              - '-s'
+              - check
+            dir: terraform-google-vm
+    on_success:
+      put: notify-lint-test-success
+      resource: pull-request
+      params:
+        path: pull-request
+        context: lint-tests
+        status: success
+    on_failure:
+      put: notify-lint-test-failure
+      resource: pull-request
+      params:
+        path: pull-request
+        context: lint-tests
+        status: failure
+    on_abort:
+      put: notify-lint-test-error
+      resource: pull-request
+      params:
+        path: pull-request
+        context: lint-tests
+        status: error
+
+  - name: integration-tests
+    public: true
+    plan:
+      - get: pull-request
+        trigger: true
+        version: every
+      - put: notify-integration-test-pending
+        resource: pull-request
+        params:
+          path: pull-request
+          context: integration-tests
+          status: pending
+      - get: integration-test-image
+        trigger: true
+      - task: run-tests
+        image: integration-test-image
+        config:
+          platform: linux
+          inputs:
+            - name: pull-request
+              path: terraform-google-vm
+          run:
+            path: make
+            args:
+              - '-s'
+              - test_integration
+            dir: terraform-google-jenkins
+          params:
+            PROJECT_ID: ((vm.phoogle_project_id))
+            SERVICE_ACCOUNT_JSON: ((vm.phoogle_sa))
+    on_success:
+      put: notify-integration-test-success
+      resource: pull-request
+      params:
+        path: pull-request
+        context: integration-tests
+        status: success
+    on_failure:
+      put: notify-integration-test-failure
+      resource: pull-request
+      params:
+        path: pull-request
+        context: integration-tests
+        status: failure
+    on_abort:
+      put: notify-integration-test-error
+      resource: pull-request
+      params:
+        path: pull-request
+        context: integration-tests
+        status: error
diff --git a/infra/terraform/test_fixtures/outputs.tf b/infra/terraform/test_fixtures/outputs.tf
@@ -13,6 +13,7 @@ output "github_webhook_urls" {
     terraform-google-startup-scripts   = "${data.template_file.startup_scripts_github_webhook_url.rendered}"
     terraform-google-event-function    = "${data.template_file.event_function_github_webhook_url.rendered}"
     terraform-google-vpn               = "${data.template_file.vpn_github_webhook_url.rendered}"
+    terraform-google-vm               = "${data.template_file.vm_github_webhook_url.rendered}"
   }
 }
 

diff --git a/infra/terraform/test_fixtures/terraform-google-vm.tf b/infra/terraform/test_fixtures/terraform-google-vm.tf
@@ -0,0 +1,99 @@
+
+cals {
+  vm_required_roles = [
+    "roles/compute.admin",
+    "roles/compute.networkAdmin",
+    "roles/iam.serviceAccountUser",
+  ]
+}
+
+resource "google_project" "vm" {
+  provider = "google.phoogle"
+
+  name            = "phoogle-ci-vm-project"
+  project_id      = "phoogle-ci-vm-project"
+  folder_id       = "${google_folder.phoogle_cloud_foundation_cicd.name}"
+  billing_account = "${module.variables.phoogle_billing_account}"
+}
+
+resource "google_project_services" "vm" {
+  provider = "google.phoogle"
+
+  project = "${google_project.vm.id}"
+
+  services = [
+    "compute.googleapis.com",
+    "storage-api.googleapis.com",
+  ]
+}
+
+resource "google_service_account" "vm" {
+  provider = "google.phoogle"
+
+  project      = "${google_project.vm.id}"
+  account_id   = "phoogle-ci-vm-id"
+  display_name = "phoogle-ci-vm-id"
+
+}
+
+resource "google_project_iam_member" "vm" {
+  provider = "google.phoogle"
+
+  count = "${length(local.vm_required_roles)}"
+
+  project = "${google_project_services.vm.project}"
+  role    = "${element(local.vm_required_roles, count.index)}"
+  member  = "serviceAccount:${google_service_account.vm.email}"
+}
+
+resource "google_project_iam_member" "vm_service_account" {
+  provider = "google.phoogle"
+
+  project = "${google_project.vm.id}"
+
+  role   = "roles/compute.instanceAdmin.v1"
+  member = "serviceAccount:${google_project.vm.number}@cloudservices.gserviceaccount.com"
+}
+
+resource "google_project_iam_member" "vm_service_account_user" {
+  provider = "google.phoogle"
+
+  project = "${google_project.vm.id}"
+
+  role   = "roles/iam.serviceAccountUser"
+  member = "serviceAccount:${google_project.vm.number}@cloudservices.gserviceaccount.com"
+}
+
+resource "google_service_account_key" "vm" {
+  provider = "google.phoogle"
+
+  service_account_id = "${google_service_account.vm.id}"
+}
+
+resource "random_id" "vm_github_webhook_token" {
+  byte_length = 20
+}
+
+data "template_file" "vm_github_webhook_url" {
+  template = "https://concourse.infra.cft.tips/api/v1/teams/cft/pipelines/$${pipeline}/resources/pull-request/check/webhook?webhook_token=$${webhook_token}"
+
+  vars {
+    pipeline      = "terraform-google-vm"
+    webhook_token = "${random_id.vm_github_webhook_token.hex}"
+  }
+}
+
+resource "kubernetes_secret" "vm" {
+  metadata {
+    namespace = "concourse-cft"
+
+    name      = "phoogle-vm"
+  }
+
+  data {
+    github_webhook_token = "${random_id.vm_github_webhook_token.hex}"
+    phoogle_project_id   = "${google_project.vm.id}"
+    phoogle_sa           = "${base64decode(google_service_account_key.vm.private_key)}"
+  }
+}
+