creating cloud build triggers and adding in terraform fmtter/linter

Author: damienjburks

.github/workflows/default.yml

@@ -7,8 +7,13 @@ on:
   workflow_dispatch:
 
 jobs:
-    run-terraform-apply:
-        uses: ./.github/workflows/terraform-apply.yml
-        permissions:
-            contents: read
-        secrets: inherit
+  run-terraform-apply:
+    uses: ./.github/workflows/terraform-apply.yml
+    permissions:
+      contents: read
+    secrets: inherit
+  run-terraform-linter:
+    needs: [run-terraform-apply]
+    uses: ./.github/workflows/terraform-linter.yml
+    permissions:
+      contents: read

.github/workflows/terraform-apply.yml

@@ -39,4 +39,4 @@ jobs:
         id: apply
         with:
           run: ${{ steps.apply-run.outputs.run_id }}
-          comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
+          comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"

.github/workflows/terraform-linter.yml

@@ -0,0 +1,21 @@
+name: Terraform Linting and Formatting
+
+on:
+  workflow_call:
+
+jobs:
+  lint-and-format:
+    name: Lint and Format Terraform Files
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: latest
+
+      - name: Format Terraform files
+        run: terraform fmt -check

TOOLS.md

@@ -11,34 +11,9 @@ resource "google_storage_bucket" "default" {
   uniform_bucket_level_access = true
 }
 
-/*resource "google_container_cluster" "primary" {
-  name     = "dsb-devsecops-cluster"
-  location = var.region
-
-  # Enable GKE features
-  remove_default_node_pool = true
-  deletion_protection = false
-
-  cluster_autoscaling {
-    enabled = false
-  }
-
-  # Specify network and subnetwork
-  network    = "default"
-  subnetwork = "default"
+resource "google_artifact_registry_repository" "default_docker_repo" {
+  repository_id = "dsb-docker-images"
+  format        = "DOCKER"
+  location      = var.region
+  description   = "Repository for all DSB Docker images"
 }
-
-resource "google_container_node_pool" "primary_nodes" {
-  cluster    = google_container_cluster.primary.name
-  location   = google_container_cluster.primary.location
-  node_count = 1  # Single node in the pool - super cheap :)
-  max_pods_per_node = 8
-  
-  node_config {
-    preemptible = true
-    machine_type = "e2-standard-8"
-    oauth_scopes = [
-      "https://www.googleapis.com/auth/cloud-platform",
-    ]
-  }
-}*/

main.tf

@@ -0,0 +1,15 @@
+# Cloud Build Pipeline for gcp-python-fastapi
+# https://github.com/The-DevSec-Blueprint/gcp-python-fastapi/tree/main
+resource "google_cloudbuild_trigger" "build_trigger" {
+  name        = var.cloudbuild_trigger_name
+  description = var.description
+  filename    = var.filename
+
+  github {
+    owner = "The-DevSec-Blueprint"
+    name  = var.github_repo_name
+    push {
+      branch = "^main$"
+    }
+  }
+}

modules/pipelines/main.tf

@@ -0,0 +1,20 @@
+variable "cloudbuild_trigger_name" {
+  description = "Name of the Cloud Build trigger"
+  type        = string
+}
+
+variable "description" {
+  description = "Description of the Cloud Build trigger"
+  type        = string
+}
+
+variable "filename" {
+  description = "Path to the Cloud Build configuration file"
+  type        = string
+  default     = "cloudbuild.yaml"
+}
+
+variable "github_repo_name" {
+  description = "Name of the GitHub repository"
+  type        = string
+}

modules/pipelines/variable.tf

@@ -0,0 +1,8 @@
+module "gcp_python_fastapi_pipeline" {
+  source                  = "./modules/pipelines"
+  cloudbuild_trigger_name = "gcp-python-fastapi"
+  description             = "Cloud Build Trigger for GCP Python FastAPI"
+  github_repo_name        = "gcp-python-fastapi"
+
+  depends_on = [google_artifact_registry_repository.default_docker_repo]
+}