feat: Add ability to define custom list of branches to trigger apply …

…and custom cloudbuild YAML for terraform builds (#41)
terraform-google-modules · Jul 6, 2020 · 02467c8 · 02467c8
1 parent fa923a5
commit 02467c8
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -27,12 +27,6 @@ and this project adheres to
 
 * Upgrade to Project Factory 7.0 ([#9](https://www.github.com/terraform-google-modules/terraform-google-bootstrap/issues/9)) ([b0bb86b](https://www.github.com/terraform-google-modules/terraform-google-bootstrap/commit/b0bb86b666fc7e434f646ef35f7eaba6dc98e2d7))
 
-## [Unreleased]
-
-### Added
-
-- The `grant_billing_user` variable. [#18]
-
 ## [0.3.0] - 2019-12-18
 
 ### Fixed

diff --git a/modules/cloudbuild/README.md b/modules/cloudbuild/README.md
@@ -54,6 +54,8 @@ Functional examples and sample Cloud Build definitions are included in the [exam
 | activate\_apis | List of APIs to enable in the Cloudbuild project. | list(string) | `<list>` | no |
 | billing\_account | The ID of the billing account to associate projects with. | string | n/a | yes |
 | cloud\_source\_repos | List of Cloud Source Repo's to create with CloudBuild triggers. | list(string) | `<list>` | no |
+| cloudbuild\_apply\_filename | Path and name of Cloud Build YAML definition used for terraform apply. | string | `"cloudbuild-tf-apply.yaml"` | no |
+| cloudbuild\_plan\_filename | Path and name of Cloud Build YAML definition used for terraform plan. | string | `"cloudbuild-tf-plan.yaml"` | no |
 | default\_region | Default region to create resources where applicable. | string | `"us-central1"` | no |
 | folder\_id | The ID of a folder to host this project | string | `""` | no |
 | group\_org\_admins | Google Group for GCP Organization Administrators | string | n/a | yes |
@@ -63,6 +65,7 @@ Functional examples and sample Cloud Build definitions are included in the [exam
 | sa\_enable\_impersonation | Allow org_admins group to impersonate service account & enable APIs required. | bool | `"false"` | no |
 | skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud is already available outside the module) | bool | `"true"` | no |
 | storage\_bucket\_labels | Labels to apply to the storage bucket. | map(string) | `<map>` | no |
+| terraform\_apply\_branches | List of git branches configured to run terraform apply Cloud Build trigger. All other branches will run plan by default. | list(string) | `<list>` | no |
 | terraform\_sa\_email | Email for terraform service account. | string | n/a | yes |
 | terraform\_sa\_name | Fully-qualified name of the terraform service account. | string | n/a | yes |
 | terraform\_state\_bucket | Default state bucket, used in Cloud Build substitutions. | string | n/a | yes |

diff --git a/modules/cloudbuild/main.tf b/modules/cloudbuild/main.tf
@@ -19,6 +19,8 @@ locals {
   cloudbuild_apis             = ["cloudbuild.googleapis.com", "sourcerepo.googleapis.com", "cloudkms.googleapis.com"]
   impersonation_enabled_count = var.sa_enable_impersonation == true ? 1 : 0
   activate_apis               = distinct(var.activate_apis)
+  apply_branches_regex        = "(${join("|", var.terraform_apply_branches)})"
+  plan_branches_regex         = "[^${join("|", var.terraform_apply_branches)}]"
 }
 
 resource "random_id" "suffix" {
@@ -171,7 +173,7 @@ resource "google_cloudbuild_trigger" "master_trigger" {
   description = "${each.value} - terraform apply on push to master."
 
   trigger_template {
-    branch_name = "master"
+    branch_name = local.apply_branches_regex
     repo_name   = each.value
   }
 
@@ -183,9 +185,10 @@ resource "google_cloudbuild_trigger" "master_trigger" {
     _STATE_BUCKET_NAME    = var.terraform_state_bucket
     _ARTIFACT_BUCKET_NAME = google_storage_bucket.cloudbuild_artifacts.name
     _SEED_PROJECT_ID      = module.cloudbuild_project.project_id
+    _TF_ACTION            = "apply"
   }
 
-  filename = "cloudbuild-tf-apply.yaml"
+  filename = var.cloudbuild_apply_filename
   depends_on = [
     google_sourcerepo_repository.gcp_repo,
   ]
@@ -201,7 +204,7 @@ resource "google_cloudbuild_trigger" "non_master_trigger" {
   description = "${each.value} - terraform plan on all branches except master."
 
   trigger_template {
-    branch_name = "[^master]"
+    branch_name = local.plan_branches_regex
     repo_name   = each.value
   }
 
@@ -213,9 +216,10 @@ resource "google_cloudbuild_trigger" "non_master_trigger" {
     _STATE_BUCKET_NAME    = var.terraform_state_bucket
     _ARTIFACT_BUCKET_NAME = google_storage_bucket.cloudbuild_artifacts.name
     _SEED_PROJECT_ID      = module.cloudbuild_project.project_id
+    _TF_ACTION            = "plan"
   }
 
-  filename = "cloudbuild-tf-plan.yaml"
+  filename = var.cloudbuild_plan_filename
   depends_on = [
     google_sourcerepo_repository.gcp_repo,
   ]

diff --git a/modules/cloudbuild/variables.tf b/modules/cloudbuild/variables.tf
@@ -136,3 +136,24 @@ variable "skip_gcloud_download" {
   type        = bool
   default     = true
 }
+
+variable "cloudbuild_plan_filename" {
+  description = "Path and name of Cloud Build YAML definition used for terraform plan."
+  type        = string
+  default     = "cloudbuild-tf-plan.yaml"
+}
+
+variable "cloudbuild_apply_filename" {
+  description = "Path and name of Cloud Build YAML definition used for terraform apply."
+  type        = string
+  default     = "cloudbuild-tf-apply.yaml"
+}
+
+variable "terraform_apply_branches" {
+  description = "List of git branches configured to run terraform apply Cloud Build trigger. All other branches will run plan by default."
+  type        = list(string)
+
+  default = [
+    "master"
+  ]
+}