Project import generated by Copybara. (#2)

GitOrigin-RevId: a521de1c02d07c5cfe41b1167fed20535a7c6a30

Co-authored-by: Copybara <[email protected]>

Author: yuhuyoyo

.github/workflows/pr-dry-run.yml

@@ -0,0 +1,64 @@
+# .github/workflows/pr-dry-run.yml
+name: PR Checks and Release Dry Run
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  changelog_version_check:
+    uses: ./.github/workflows/reusable-changelog-version-diff.yml
+    with:
+      begin_ref: ${{ github.event.pull_request.base.sha }}
+      end_ref: ${{ github.event.pull_request.head.sha }}
+
+  changelog_version_enforce:
+    runs-on: ubuntu-latest
+    needs: changelog_version_check
+    permissions:
+      pull-requests: write
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Check if tag for new version exists
+        if: ${{ needs.changelog_version_check.outputs.before_version != needs.changelog_version_check.outputs.after_version }}
+        run: |
+          git fetch --tags
+          if git tag --list "${{ needs.changelog_version_check.outputs.after_version }}" | grep -q .; then
+            echo "::error::Tag ${{ needs.changelog_version_check.outputs.after_version }} already exists. Please update the version in CHANGELOG.md."
+            exit 1
+          fi
+
+      - name: Add/Update PR comment if version did not change
+        if: ${{ needs.changelog_version_check.outputs.before_version == needs.changelog_version_check.outputs.after_version }}
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            <!-- changelog-version-warning -->
+            :warning: Version in CHANGELOG.md did not change (still ${{ needs.changelog_version_check.outputs.before_version }}). 
+            This PR will not result in the creation of a new release.
+
+      - name: Add/Update PR comment if version changed
+        if: ${{ needs.changelog_version_check.outputs.before_version != needs.changelog_version_check.outputs.after_version }}
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            <!-- changelog-version-info -->
+            :information_source: Version in CHANGELOG.md updated to ${{ needs.changelog_version_check.outputs.after_version }}.
+            This will trigger the creation of a new release when merged into main.
+
+  call_dry_run_workflow:
+    needs: changelog_version_enforce
+    uses: ./.github/workflows/reusable-release-provider.yml
+    with:
+      dry_run: true # This tells the reusable workflow to perform a dry run
+    secrets:
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+      PASSPHRASE: ${{ secrets.PASSPHRASE }}

.github/workflows/reusable-changelog-version-diff.yml

@@ -0,0 +1,74 @@
+# .github/workflows/reusable-changelog-version-diff.yml
+name: Changelog Version Diff
+
+description: >
+  Compares the version in CHANGELOG.md between two refs and outputs the version and whether it changed.
+
+on:
+  workflow_call:
+    inputs:
+      begin_ref:
+        required: true
+        type: string
+      end_ref:
+        required: true
+        type: string
+    outputs:
+      before_version:
+        description: "Version parsed from CHANGELOG.md at begin_ref."
+        value: ${{ jobs.diff.outputs.before_version }}
+      after_version:
+        description: "Version parsed from CHANGELOG.md at end_ref."
+        value: ${{ jobs.diff.outputs.after_version }}
+
+jobs:
+  diff:
+    runs-on: ubuntu-latest
+    outputs:
+      before_version: ${{ steps.parse_compare.outputs.before_version }}
+      after_version: ${{ steps.parse_compare.outputs.after_version }}
+    steps:
+      - name: Checkout begin_ref
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.begin_ref }}
+          path: begin
+
+      - name: Checkout end_ref
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.end_ref }}
+          path: end
+
+      - name: Parse versions from CHANGELOG.md
+        id: parse_compare
+        run: |
+          # This step parses Terraform version headers from CHANGELOG.md files.
+          # It expects headers in the format: ## X.Y.Z (see https://developer.hashicorp.com/terraform/plugin/best-practices/versioning#version-headers)
+          parse_version() {
+            local file="$1"
+            if [ ! -f "$file" ]; then
+              echo "v0.0.0"
+              return
+            fi
+            # Find the first line that starts with '## ' and looks like a version header (e.g., '## 1.2.3')
+            # 1. grep: get lines that start with '## ' followed by a digit and dot-separated digits
+            # 2. head: take the first such line
+            # 3. cut: remove the leading '## ' to get just the version string
+            local ver_line
+            ver_line=$(grep -m1 -E '^## [0-9]+(\.[0-9]+)*' "$file" | head -n1)
+            local ver
+            if [ -n "$ver_line" ]; then
+              # Remove the leading '## '
+              ver=$(echo "$ver_line" | cut -d' ' -f2)
+              echo "v$ver"
+            else
+              echo "v0.0.0"
+            fi
+          }
+
+          before_version=$(parse_version "begin/CHANGELOG.md")
+          after_version=$(parse_version "end/CHANGELOG.md")
+
+          echo "before_version=$before_version" >> $GITHUB_OUTPUT
+          echo "after_version=$after_version" >> $GITHUB_OUTPUT

.github/workflows/reusable-release-provider.yml

@@ -0,0 +1,52 @@
+# .github/workflows/reusable/release-provider.yml
+name: Release Terraform Provider
+
+on:
+  workflow_call:
+    inputs:
+      dry_run:
+        description: 'Run in dry-run mode (build and sign, but do not publish release)'
+        type: boolean
+        required: false
+        default: false
+    secrets:
+      GPG_PRIVATE_KEY:
+        description: 'GPG Private Key for signing releases'
+        required: true
+      PASSPHRASE:
+        description: 'Passphrase for the GPG Private Key'
+        required: true
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Required for goreleaser to create releases
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # Required for goreleaser to properly determine version
+
+      - name: Set up Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+
+      - name: Import GPG Key
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+        id: import_gpg
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+
+      - name: Run GoReleaser (Dry Run or Release)
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
+        with:
+          distribution: goreleaser
+          args: release --clean ${{ inputs.dry_run && '--snapshot --skip=publish' || '' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.github/workflows/tag-and-release.yml

@@ -0,0 +1,39 @@
+# .github/workflows/tag-on-push.yml
+name: Tag and Release on Push
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  changelog_version_check:
+    uses: ./.github/workflows/reusable-changelog-version-diff.yml
+    with:
+      begin_ref: ${{ github.event.before }}
+      end_ref: ${{ github.sha }}
+
+  tag_if_version_updated:
+    runs-on: ubuntu-latest
+    needs: changelog_version_check
+    permissions:
+      contents: write
+    if: ${{ needs.changelog_version_check.outputs.after_version != needs.changelog_version_check.outputs.before_version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+      - name: Tag and push new version
+        run: |
+          git config user.name "github-actions"
+          git config user.email "[email protected]"
+          git tag ${{ needs.changelog_version_check.outputs.after_version }}
+          git push origin ${{ needs.changelog_version_check.outputs.after_version }}
+
+  call_release_workflow:
+    needs: tag_if_version_updated
+    uses: ./.github/workflows/reusable-release-provider.yml
+    secrets:
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+      PASSPHRASE: ${{ secrets.PASSPHRASE }}

.gitignore

@@ -0,0 +1,3 @@
+bin/
+terraform-provider-workbench
+**/terraform.tfstate.backup

.goreleaser.yml

@@ -0,0 +1,63 @@
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
+version: 2
+before:
+  hooks:
+    # call 'go mod tidy' to ensure that the go.mod and go.sum files are up to
+    # date.  Use the --diff flag to fail the release if this would result in
+    # changes to the files.
+    - go mod tidy --diff
+builds:
+- env:
+    # goreleaser does not work with CGO, it could also complicate
+    # usage by users in CI/CD systems like HCP Terraform where
+    # they are unable to install libraries.
+    - CGO_ENABLED=0
+  mod_timestamp: '{{ .CommitTimestamp }}'
+  flags:
+    - -trimpath
+  ldflags:
+    - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
+  goos:
+    - freebsd
+    - windows
+    - linux
+    - darwin
+  goarch:
+    - amd64
+    - '386'
+    - arm
+    - arm64
+  ignore:
+    - goos: darwin
+      goarch: '386'
+  binary: '{{ .ProjectName }}_v{{ .Version }}'
+archives:
+- formats: zip
+  name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+checksum:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+  algorithm: sha256
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this in a GitHub action or some other automated pipeline, you 
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+release:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  # If you want to manually examine the release before its live, uncomment this line:
+  # draft: true
+changelog:
+  disable: true

CHANGELOG.md

@@ -0,0 +1,37 @@
+## 0.0.1 (July 23, 2025)
+
+Initial Release
+
+### 🚀 New Features
+
+- Workspace Support
+
+  - Added `workbench_workspace` resource for managing provisioned workspaces.
+  - Added `workbench_workspace` data source to fetch existing workspace details.
+  - Added `workbench_workspace_iam_policy`, `workbench_workspace_iam_member`, and `workbench_workspace_iam_binding` resources for managing IAM on workspaces.
+  - Added `workbench_workspace_iam_policy`, `workbench_workspace_iam_binding` data source to fetch existing iam memberships.
+
+- Group Support
+  
+  - Added `workbench_group` resource for managing provisioned groups.
+  - Added `workbench_group` data source to fetch existing group details.
+  - Added `workbench_group_iam_policy`, `workbench_group_iam_member`, and `workbench_group_iam_binding` respirces for managing IAM on groups.
+  - Added `workbench_group_iam_policy`, `workbench_group_iam_binding` data source to fetch existing iam memberships.
+
+- Data Collection Support
+
+  - Added `workbench_data_collection` resource for managing provisioned data collections.
+  - Added `workbench_data_collection` data source to fetch existing data collection details.
+  - Added `workbench_data_collection_version` resource for managing data collections versioning and publishing.
+  - Added `workbench_data_collection_version` data source to fetch existing versions details.
+
+- Workspace folder Support
+
+  - Added `workbench_folder` resource for managing workspace folders.
+  - Added `workbench_folder` data source to fetch existing folder details.
+
+- GCS bucket Support
+
+  - Added `workbench_gcs_bucket` resource for managing GCS buckets.
+  - Added `workbench_gcs_bucket` data source for fetching existing buckets details.
+

CONTRIBUTING.md

@@ -0,0 +1,17 @@
+# How to contribute
+
+## Reporting issues
+
+Bugs, feature requests, and development-related questions should be directed to
+our GitHub issue tracker. If reporting a bug, please try and provide as much
+context as possible such as your operating system, Go version, and anything else
+that might be relevant to the bug. For feature requests, please explain what
+you're trying to do, and how the requested feature would help you do that.
+
+## Pull Request
+
+We don't currently accept pull requests from the public. They will be
+automatically closed. If you would like to make a proposal, we will do our best
+to review it, implement it ourselves, and include it in the next release. If
+enough proposals come through, we will certainly revisit this policy to make
+the package as useful as possible.

LICENSE

@@ -0,0 +1,28 @@
+BSD 3-Clause License
+
+Copyright (c) 2025, Verily
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.