feat: add hello world testing (#326)

GoogleCloudPlatform · Jan 23, 2025 · 74af8c0 · 74af8c0
1 parent e57b7a6
commit 74af8c0
Show file tree

Hide file tree

Showing 31 changed files with 990 additions and 14 deletions.
diff --git a/2-multitenant/modules/env_baseline/main.tf b/2-multitenant/modules/env_baseline/main.tf
@@ -26,6 +26,7 @@ locals {
   subnets_to_cidr = {
     for idx, subnet_key in keys(data.google_compute_subnetwork.default) : subnet_key => local.available_cidr_ranges[idx]
   }
+
 }
 
 resource "google_project_service_identity" "compute_sa" {
@@ -242,6 +243,61 @@ module "gke-standard" {
 
 }
 
+resource "google_container_node_pool" "arm_node_pool" {
+  count = var.cluster_type != "AUTOPILOT" ? 1 : 0
+
+  name     = "arm-node-pool"
+  project  = local.cluster_project_id
+  cluster  = module.gke-standard["0"].name
+  location = module.gke-standard["0"].location
+
+  node_count = 1
+
+  // locations with t2a nodes
+  node_locations = [
+    "us-central1-a",
+    "us-central1-b",
+    "us-central1-f"
+  ]
+
+  autoscaling {
+    min_node_count  = 1
+    max_node_count  = 100
+    location_policy = "BALANCED"
+  }
+
+  management {
+    auto_repair  = true
+    auto_upgrade = true
+  }
+
+  upgrade_settings {
+    strategy        = "SURGE"
+    max_surge       = 1
+    max_unavailable = 0
+  }
+
+  node_config {
+    machine_type    = "t2a-standard-4"
+    disk_size_gb    = 100
+    disk_type       = "pd-standard"
+    image_type      = "COS_CONTAINERD"
+    local_ssd_count = 0
+    oauth_scopes    = ["https://www.googleapis.com/auth/cloud-platform"]
+    preemptible     = false
+
+    shielded_instance_config {
+      enable_integrity_monitoring = true
+      enable_secure_boot          = false
+    }
+
+    workload_metadata_config {
+      mode = "GKE_METADATA"
+    }
+  }
+}
+
+
 module "gke-autopilot" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
   version = "~> 35.0"

diff --git a/2-multitenant/terraform.tfvars b/2-multitenant/terraform.tfvars
@@ -33,4 +33,7 @@ apps = {
     }
     "acronym" = "cs",
   }
+  "default-example" : {
+    "acronym" = "de",
+  }
 }
diff --git a/4-appfactory/terraform.example.tfvars b/4-appfactory/terraform.example.tfvars
@@ -69,9 +69,9 @@ cloudbuildv2_repository_config = {
       repository_name = "hello-world-i-r"
       repository_url  = "https://gitlab.com/<replace-with-user-or-group>/hello-world-i-r.git"
     }
-    # The Secret ID format is: projects/PROJECT_NUMBER/secrets/SECRET_NAME
-    gitlab_authorizer_credential_secret_id      = "REPLACE_WITH_READ_API_SECRET_ID"
-    gitlab_read_authorizer_credential_secret_id = "REPLACE_WITH_READ_USER_SECRET_ID"
-    gitlab_webhook_secret_id                    = "REPLACE_WITH_WEBHOOK_SECRET_ID"
   }
+  # The Secret ID format is: projects/PROJECT_NUMBER/secrets/SECRET_NAME
+  gitlab_authorizer_credential_secret_id      = "REPLACE_WITH_READ_API_SECRET_ID"
+  gitlab_read_authorizer_credential_secret_id = "REPLACE_WITH_READ_USER_SECRET_ID"
+  gitlab_webhook_secret_id                    = "REPLACE_WITH_WEBHOOK_SECRET_ID"
 }
diff --git a/6-appsource/hello-world/Dockerfile b/6-appsource/hello-world/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.23 as builder
+FROM golang:1.22 as builder
 WORKDIR /code
 COPY main.go .
 COPY go.mod .

diff --git a/6-appsource/hello-world/cloudbuild.yaml b/6-appsource/hello-world/cloudbuild.yaml
@@ -13,16 +13,16 @@
 # limitations under the License.
 
 steps:
-  - name: 'gcr.io/cloud-builders/docker:24.0.9'
-    args: ['run', '--privileged', 'linuxkit/binfmt:v0.7']
+  - name: 'gcr.io/cloud-builders/docker:20.10.3'
+    args: ['run', '--privileged', 'multiarch/qemu-user-static@sha256:fe60359c92e86a43cc87b3d906006245f77bfc0565676b80004cc666e4feb9f0']
     id: 'initialize-qemu'
-  - name: 'gcr.io/cloud-builders/docker:24.0.9'
+  - name: 'gcr.io/cloud-builders/docker:20.10.3'
     args: ['buildx', 'create', '--name', 'multiarch', "--use"]
     id: 'create-builder-and-use'
-  - name: 'gcr.io/cloud-builders/docker:24.0.9'
+  - name: 'gcr.io/cloud-builders/docker:20.10.3'
     args: ['buildx', 'inspect', '--bootstrap']
     id: 'show-target-build-platforms'
-  - name: 'gcr.io/cloud-builders/docker:24.0.9'
+  - name: 'gcr.io/cloud-builders/docker:20.10.3'
     entrypoint: sh
     args:
       - "-c"

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -177,6 +177,18 @@ steps:
       - appinfra-apply
       - fleetscope-verify
 
+  - id: hello-world-app-deployment
+    name: "gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS"
+    args:
+      [
+        "/bin/bash",
+        "-c",
+        "cft test run TestSourceHelloWorld --stage verify --verbose",
+      ]
+    waitFor:
+      - appinfra-apply
+      - fleetscope-verify
+
   - id: cymbal-bank-e2e
     name: "gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS"
     args:
@@ -191,6 +203,13 @@ steps:
     waitFor:
       - cymbal-shop-app-deployment
 
+  - id: hello-world-e2e
+    name: "gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS"
+    args:
+      ["/bin/bash", "-c", "cft test run TestHelloWorldE2E --stage verify --verbose"]
+    waitFor:
+      - hello-world-app-deployment
+
   - id: appinfra-teardown
     name: "gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS"
     args:
@@ -202,6 +221,7 @@ steps:
     waitFor:
       - cymbal-bank-e2e
       - cymbal-shop-e2e
+      - hello-world-e2e
       - appinfra-verify
       - appfactory-verify
       - fleetscope-verify

diff --git a/examples/default-example/4-appfactory/terraform.tfvars b/examples/default-example/4-appfactory/terraform.tfvars
@@ -0,0 +1,84 @@
+applications = {
+  "cymbal-bank" = {
+    "balancereader" = {
+      create_infra_project = false
+      create_admin_project = true
+    }
+    "contacts" = {
+      create_infra_project = false
+      create_admin_project = true
+    }
+    "frontend" = {
+      create_infra_project = false
+      create_admin_project = true
+    }
+    "ledgerwriter" = {
+      create_infra_project = true
+      create_admin_project = true
+    }
+    "transactionhistory" = {
+      create_infra_project = false
+      create_admin_project = true
+    }
+    "userservice" = {
+      create_infra_project = true
+      create_admin_project = true
+    }
+  }
+  "cymbal-shop" = {
+    "cymbalshop" = {
+      create_infra_project = false
+      create_admin_project = true
+    },
+  }
+  "default-example" = {
+    "hello-world" = {
+      create_infra_project = false
+      create_admin_project = true
+    }
+  }
+}
+
+cloudbuildv2_repository_config = {
+  repo_type = "GITLABv2"
+  repositories = {
+    balancereader = {
+      repository_name = "balancereader-i-r"
+      repository_url  = "https://gitlab.com/user/balancereader-i-r.git"
+    }
+    contacts = {
+      repository_name = "contacts-i-r"
+      repository_url  = "https://gitlab.com/user/contacts-i-r.git"
+    }
+    frontend = {
+      repository_name = "frontend-i-r"
+      repository_url  = "https://gitlab.com/user/frontend-i-r.git"
+    }
+    ledgerwriter = {
+      repository_name = "ledgerwriter-i-r"
+      repository_url  = "https://gitlab.com/user/ledgerwriter-i-r.git"
+    }
+    transactionhistory = {
+      repository_name = "transactionhistory-i-r"
+      repository_url  = "https://gitlab.com/user/transactionhistory-i-r.git"
+    }
+    userservice = {
+      repository_name = "userservice-i-r"
+      repository_url  = "https://gitlab.com/user/userservice-i-r.git"
+    }
+    cymbalshop = {
+      repository_name = "cymbalshop-i-r"
+      repository_url  = "https://gitlab.com/user/cymbalshop-i-r.git"
+    }
+    hello-world = {
+      repository_name = "hello-world"
+      repository_url  = "https://gitlab.com/user/hello-world-i-r.git"
+    }
+  }
+  # The Secret ID format is: projects/PROJECT_NUMBER/secrets/SECRET_NAME
+  gitlab_authorizer_credential_secret_id      = "REPLACE_WITH_READ_API_SECRET_ID"
+  gitlab_read_authorizer_credential_secret_id = "REPLACE_WITH_READ_USER_SECRET_ID"
+  gitlab_webhook_secret_id                    = "REPLACE_WITH_WEBHOOK_SECRET_ID"
+  # If you are using a self-hosted instance, you may change the URL below accordingly
+  gitlab_enterprise_host_uri = "https://gitlab.com"
+}
diff --git a/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/backend.tf b/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/backend.tf
@@ -0,0 +1,22 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  backend "gcs" {
+    bucket = "UPDATE_INFRA_REPO_STATE"
+    prefix = "terraform/appinfra/default-example/hello-world/shared"
+  }
+}
diff --git a/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/main.tf b/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/main.tf
@@ -0,0 +1,42 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  application_name = "default-example"
+  service_name     = "hello-world"
+  team_name        = "default"
+  repo_name        = "eab-${local.application_name}-${local.service_name}"
+  repo_branch      = "main"
+}
+
+module "app" {
+  source = "../../modules/cicd-pipeline"
+
+  project_id                 = local.app_admin_project
+  region                     = var.region
+  env_cluster_membership_ids = local.cluster_membership_ids
+  cluster_service_accounts   = { for i, sa in local.cluster_service_accounts : (i) => "serviceAccount:${sa}" }
+
+  service_name           = local.service_name
+  team_name              = local.team_name
+  repo_name              = local.repo_name
+  repo_branch            = local.repo_branch
+  app_build_trigger_yaml = "cloudbuild.yaml"
+
+  buckets_force_destroy = var.buckets_force_destroy
+
+  cloudbuildv2_repository_config = var.cloudbuildv2_repository_config
+}
diff --git a/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/outputs.tf b/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/outputs.tf
@@ -0,0 +1,30 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "clouddeploy_targets_names" {
+  description = "Cloud deploy targets names."
+  value       = module.app.clouddeploy_targets_names
+}
+
+output "service_repository_name" {
+  description = "The Source Repository name."
+  value       = module.app.service_repository_name
+}
+
+output "service_repository_project_id" {
+  description = "The Source Repository project id."
+  value       = module.app.service_repository_project_id
+}
diff --git a/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/remote.tf b/examples/default-example/5-appinfra/default-example/hello-world/envs/shared/remote.tf
@@ -0,0 +1,48 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  cluster_membership_ids = { for state in data.terraform_remote_state.multitenant : (state.outputs.env) => { "cluster_membership_ids" = (state.outputs.cluster_membership_ids) } }
+  cluster_service_accounts = zipmap(
+    flatten(
+      [for item in data.terraform_remote_state.multitenant : keys(item.outputs.cluster_service_accounts)]
+    ),
+    flatten(
+      [for item in data.terraform_remote_state.multitenant : values(item.outputs.cluster_service_accounts)]
+    )
+  )
+  app_admin_project = data.terraform_remote_state.appfactory.outputs.app-group["default-example.hello-world"].app_admin_project_id
+}
+
+data "terraform_remote_state" "multitenant" {
+  for_each = toset(var.environment_names)
+
+  backend = "gcs"
+
+  config = {
+    bucket = var.remote_state_bucket
+    prefix = "terraform/multi_tenant/${each.value}"
+  }
+}
+
+data "terraform_remote_state" "appfactory" {
+  backend = "gcs"
+
+  config = {
+    bucket = var.remote_state_bucket
+    prefix = "terraform/appfactory/shared"
+  }
+}