chore: add Aspect Workflows CI (on GCP + CircleCI)

.aspect/workflows/README.md

@@ -0,0 +1,23 @@
+# Aspect Workflows demonstration deployment
+
+This deployment of [Aspect Workflows](https://www.aspect.build/workflows) is configured to run on GCP + CircleCI.
+
+You can see this Aspect Workflows demonstration deployment live at https://app.circleci.com/pipelines/github/aspect-build/bazel-lib.
+
+The three components of the configuration are,
+
+1. Aspect Workflows terraform module
+1. Aspect Workflows configuration yaml
+1. CircleCI pipeline configuration
+
+## Aspect Workflows terraform module
+
+This is found under the [.aspect/workflows/terraform](./terraform) directory.
+
+## Aspect Workflows configuration yaml
+
+This is the [config.yaml](./config.yaml) file in this directory.
+
+## CircleCI pipeline configuration
+
+This is the [.circleci/config.yml](../../.circleci/config.yml) file.

.aspect/workflows/terraform/README.md

@@ -0,0 +1,7 @@
+# Aspect Workflows demonstration deployment terraform
+
+The terraform configuration found here is for a clean GCP project with only Aspect Workflows deployed.
+
+- `main.tf` : terraform backend configuration
+- `vpc.tf` : VPC configuration
+- `workflows.tf` : Aspect Workflows terraform module & VM image configuration

.aspect/workflows/terraform/main.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_version = "~> 1.4.0"
+
+  backend "gcs" {
+    bucket = "aw-deployment-terraform-state-bazel-lib"
+    prefix = "terraform/state"
+  }
+}
+
+provider "google" {
+  project = "aw-deployment-bazel-lib"
+  region  = "us-west2"
+}

.aspect/workflows/terraform/vpc.tf

@@ -0,0 +1,40 @@
+resource "google_compute_network" "workflows_network" {
+  name                    = "workflows-network"
+  auto_create_subnetworks = false
+  routing_mode            = "REGIONAL"
+}
+
+resource "google_compute_subnetwork" "workflows_subnet" {
+  name          = "workflows-subnet"
+  ip_cidr_range = "10.2.0.0/16"
+  network       = google_compute_network.workflows_network.id
+}
+
+resource "google_compute_firewall" "ssh" {
+  name        = "allow-ssh"
+  description = "Enable SSHing into VM instances"
+  allow {
+    ports    = ["22"]
+    protocol = "tcp"
+  }
+  direction     = "INGRESS"
+  network       = google_compute_network.workflows_network.id
+  priority      = 1000
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_router" "router" {
+  name    = "router"
+  network = google_compute_network.workflows_network.id
+
+  bgp {
+    asn = 64514
+  }
+}
+
+resource "google_compute_router_nat" "nat" {
+  name                               = "router-nat"
+  router                             = google_compute_router.router.name
+  nat_ip_allocate_option             = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+}

.aspect/workflows/terraform/workflows.tf

@@ -0,0 +1,76 @@
+data "google_compute_image" "runner_image" {
+  # Aspect's GCP aspect-workflows-images project provides public Aspect Workflows GCP images for
+  # getting started during the trial period. We recommend that all Workflows users build their own
+  # GCP images and keep up-to date with patches. See
+  # https://docs.aspect.build/v/workflows/install/packer for more info and/or
+  # https://github.com/aspect-build/workflows-images for example packer scripts and BUILD targets
+  # for building GCP images for Workflows.
+  project = "aspect-workflows-images"
+  name    = "aspect-workflows-debian-minimal-1-0-0"
+}
+
+module "aspect_workflows" {
+  # Aspect Workflows terraform module
+  source = "gcs::https://storage.googleapis.com/storage/v1/aspect-artifacts/5.7.0-rc9/workflows-gcp/terraform-gcp-aspect-workflows.zip"
+
+  # Network properties
+  network    = google_compute_network.workflows_network.id
+  subnetwork = google_compute_subnetwork.workflows_subnet.id
+
+  # Number of nodes in the kubernetes cluster where the remote cache &
+  # observability services run.
+  cluster_standard_node_count = 3
+
+  # Remote cache configuration
+  remote = {
+    cache_size_gb          = 384
+    cache_shards           = 3
+    replicate_cache        = false
+    load_balancer_replicas = 1
+  }
+
+  # CI properties
+  hosts = ["cci"]
+
+  # Warming set definitions
+  warming_sets = {
+    default  = {}
+  }
+
+  # Resource types for use by runner groups
+  resource_types = {
+    default = {
+      # Aspect Workflows requires machine types that have local SSD drives. See
+      # https://cloud.google.com/compute/docs/machine-resource#machine_type_comparison for full list
+      # of machine types availble on GCP.
+      machine_type    = "n1-standard-4"
+      image_id        = data.google_compute_image.runner_image.id
+      use_preemptible = true
+    }
+  }
+
+  # CircleCI runner group definitions
+  cci_runner_groups = {
+    # The default runner group is use for the main build & test workflows.
+    default = {
+      agent_idle_timeout_min = 5
+      job_max_run_time_min   = 5 * 60
+      max_runners            = 10
+      min_runners            = 0
+      resource_type          = "default"
+      warming                = true
+    }
+    # The warming runner group is used for the periodic warming job that creates
+    # warming archives for use by other runner groups.
+    warming = {
+      agent_idle_timeout_min = 1
+      job_max_run_time_min   = 5 * 60
+      max_runners            = 1
+      min_runners            = 0
+      resource_type          = "default"
+    }
+  }
+
+  # This varies by each customer. This one is dedicated to bazel-lib.
+  pagerduty_integration_key = "23a940f08d58430fc012ef9bb3fed2e0"
+}

.circleci/config.yml

@@ -23,7 +23,7 @@ orbs:
   # CCI doesn't allow us to use a relative path in the monorepo, so we have to refer to an
   # already-published orb in their registry.
   # Run `bazel run --stamp //rosetta/cci-orb:publish` to produce a new version.
-  bazel: aspect-build/workflows@dev:5.6.0-rc9
+  bazel: aspect-build/workflows@dev:5.7.0-rc9
 
 workflows:
   bazel-setup:

.gitignore

@@ -1,2 +1,3 @@
 bazel-*
+**/.terraform/*
 test-out/