Add support for custom Cloud Workstations images via Cloud Build.

Integrate the `cicd_pipelines` module to create Cloud Build triggers for custom images passed to the `cicd_workstations` module to enable custom image builds.

PiperOrigin-RevId: 802049672

Author: Android Build Filesystem (ABFS) Team

examples/simple/variables.tf

@@ -155,7 +155,7 @@ variable "cws_clusters" {
   description = "A map of Cloud Workstation clusters to create. The key of the map is used as the unique ID for the cluster."
   default     = {}
   validation {
-    condition     = !var.create_cloud_workstation_resources || length(var.cws_clusters) > 0
+    condition     = ! var.create_cloud_workstation_resources || length(var.cws_clusters) > 0
     error_message = "cws_clusters is required when create_cloud_workstation_resources is enabled."
   }
 }
@@ -175,15 +175,24 @@ variable "cws_configs" {
     persistent_disk_reclaim_policy = string
     creators                       = optional(list(string))
     image                          = optional(string)
-    instances                      = optional(list(object({
+    instances = optional(list(object({
       name  = string
       users = list(string)
     })))
   }))
   description = "A map of Cloud Workstation configurations."
   default     = {}
   validation {
-    condition     = !var.create_cloud_workstation_resources || length(var.cws_configs) > 0
+    condition     = ! var.create_cloud_workstation_resources || length(var.cws_configs) > 0
     error_message = "cws_configs is required when create_cloud_workstation_resources is enabled."
   }
 }
+
+variable "cws_custom_images" {
+  type = map(object({
+    scheduler_region = optional(string)
+    ci_schedule      = optional(string)
+  }))
+  description = "Map of custom images and their Cloud Build trigger details to be used for Cloud Workstations. The key of the map equals the container image name."
+  default     = {}
+}

examples/simple/workstations.tf

@@ -12,6 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+module "cicd_pipelines" {
+  count = var.create_cloud_workstation_resources ? 1 : 0
+
+  source = "github.com/GoogleCloudPlatform/cicd-foundation//infra/modules/cicd_pipelines?ref=v2.1.0"
+
+  project_id = data.google_project.project.project_id
+  apps = {
+    for k in keys(var.cws_custom_images) : k => {
+      runtime = "workstations"
+    }
+  }
+}
+
 module "workstations" {
   count = var.create_cloud_workstation_resources ? 1 : 0
 
@@ -21,4 +34,27 @@ module "workstations" {
   cws_scopes   = var.cws_scopes
   cws_clusters = var.cws_clusters
   cws_configs  = var.cws_configs
+  custom_images = {
+    for k, v in module.cicd_pipelines[0].cloud_build_trigger_trigger_id :
+    k => merge(
+      {
+        ci_trigger = v
+      },
+      try({ scheduler_region = var.cws_custom_images[k]["scheduler_region"] }, {}),
+      try({ ci_schedule = var.cws_custom_images[k]["ci_schedule"] }, {})
+    )
+  }
+  cloud_build_service_account_id = module.cicd_pipelines[0].cloud_build_service_account_id
+}
+
+resource "google_artifact_registry_repository_iam_binding" "reader" {
+  count = var.create_cloud_workstation_resources ? 1 : 0
+
+  project    = module.cicd_pipelines[0].artifact_registry_repository.project
+  location   = module.cicd_pipelines[0].artifact_registry_repository.location
+  repository = module.cicd_pipelines[0].artifact_registry_repository.id
+  role       = "roles/artifactregistry.reader"
+  members = [
+    "serviceAccount:${module.workstations[0].cws_service_account_email}"
+  ]
 }