diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 956e855..c399a43 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -8,9 +8,15 @@ concurrency: ${{ github.ref }} env: IMAGE: backstage - AWS_REGION: ${{ vars.AWS_REGION }} SCORE_HUMANITEC_VERSION: '0.8.0' + # CLOUD_PROVIDER: aws + AWS_REGION: ${{ vars.AWS_REGION }} AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }} + # CLOUD_PROVIDER: gcp + GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} + GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }} + GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }} jobs: deploy: @@ -24,7 +30,7 @@ jobs: env: DOCKER_BUILDKIT: "1" - if: ${{ github.repository_owner != 'humanitec-architecture' }} + if: ${{ vars.CLOUD_PROVIDER }} steps: - uses: actions/checkout@v3 @@ -41,24 +47,41 @@ jobs: with: file_pattern: 'catalog-info.yaml templates/*.yaml' - - name: configure aws credentials + + - if: ${{ vars.CLOUD_PROVIDER == 'aws' }} + name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: role-to-assume: ${{ env.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} - - name: login to aws ecr + - if: ${{ vars.CLOUD_PROVIDER == 'aws' }} + name: login to aws ecr id: login-ecr uses: aws-actions/amazon-ecr-login@v1 with: mask-password: 'true' - - name: "set CONTAINER_REGISTRY env var" + - if: ${{ vars.CLOUD_PROVIDER == 'aws' }} + name: "set CONTAINER_REGISTRY env var" run: | echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV" env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} + - if: ${{ vars.CLOUD_PROVIDER == 'gcp' }} + name: configure gcp credentials + uses: google-github-actions/auth@v1 + with: + workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GCP_SERVICE_ACCOUNT }} + + - if: ${{ vars.CLOUD_PROVIDER == 'gcp' }} + name: login to gcp gar + run: | + gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet + echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV" + - name: Set Tag with SHA run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV diff --git a/app-config.yaml b/app-config.yaml index a8f0e9a..fcf9bbc 100644 --- a/app-config.yaml +++ b/app-config.yaml @@ -61,3 +61,5 @@ catalog: humanitec: orgId: ${HUMANITEC_ORG_ID} token: ${HUMANITEC_TOKEN} + +cloudProvider: ${CLOUD_PROVIDER} diff --git a/packages/backend/src/actions/get-environment.ts b/packages/backend/src/actions/get-environment.ts index 9d32a43..0cea589 100644 --- a/packages/backend/src/actions/get-environment.ts +++ b/packages/backend/src/actions/get-environment.ts @@ -3,9 +3,10 @@ import { createTemplateAction } from '@backstage/plugin-scaffolder-backend'; interface EnvironmentAction { orgId: string awsRegion: string + cloudProvider: string } -export function createGetEnvironmentAction({ orgId, awsRegion }: EnvironmentAction) { +export function createGetEnvironmentAction({ orgId, awsRegion, cloudProvider }: EnvironmentAction) { return createTemplateAction({ id: 'backend:get-environment', schema: { @@ -17,6 +18,9 @@ export function createGetEnvironmentAction({ orgId, awsRegion }: EnvironmentActi }, awsRegion: { type: 'string' + }, + cloudProvider: { + type: 'string' } } } @@ -24,6 +28,7 @@ export function createGetEnvironmentAction({ orgId, awsRegion }: EnvironmentActi handler: async (ctx) => { ctx.output('orgId', orgId); ctx.output('awsRegion', awsRegion); + ctx.output('cloudProvider', cloudProvider); }, }); } diff --git a/packages/backend/src/plugins/scaffolder.ts b/packages/backend/src/plugins/scaffolder.ts index 1c789db..3afe928 100644 --- a/packages/backend/src/plugins/scaffolder.ts +++ b/packages/backend/src/plugins/scaffolder.ts @@ -33,6 +33,7 @@ export default async function createPlugin({ createGetEnvironmentAction({ orgId: config.getString('humanitec.orgId'), awsRegion: process.env.AWS_DEFAULT_REGION || '', + cloudProvider: config.getString('cloudProvider'), }), createHumanitecApp({ orgId: config.getString('humanitec.orgId'), diff --git a/score.yaml b/score.yaml index 530aaf1..3892946 100644 --- a/score.yaml +++ b/score.yaml @@ -40,6 +40,7 @@ containers: POSTGRES_PORT: ${resources.db.port} POSTGRES_USER: ${resources.db.username} AWS_DEFAULT_REGION: ${values.AWS_DEFAULT_REGION} + CLOUD_PROVIDER: ${values.CLOUD_PROVIDER} files: - target: /app/credentials/github-app-backstage-humanitec-credentials.yaml diff --git a/templates/node-service/content/.github/workflows/deploy.yaml b/templates/node-service/content/.github/workflows/deploy.yaml index a968c53..b3b21df 100644 --- a/templates/node-service/content/.github/workflows/deploy.yaml +++ b/templates/node-service/content/.github/workflows/deploy.yaml @@ -10,10 +10,21 @@ concurrency: env: {% endraw %} IMAGE: ${{ values.image }} +{%- if values.cloudProvider === "aws" -%} {% raw %} AWS_REGION: ${{ vars.AWS_REGION }} AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }} {% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} + GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }} + GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }} +{% endraw %} +{%- else -%} +# Unknown cloud provider: ${{ values.cloudProvider }} +{% endif %} SCORE_HUMANITEC_VERSION: '0.8.0' APP_NAME: ${{ values.name }} @@ -29,7 +40,9 @@ jobs: - uses: actions/checkout@v3 - name: Set Tag with SHA run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV - +{% endraw %} +{%- if values.cloudProvider === "aws" -%} +{% raw %} - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: @@ -47,7 +60,22 @@ jobs: echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV" env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} +{% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + - name: configure gcp credentials + uses: google-github-actions/auth@v1 + with: + workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GCP_SERVICE_ACCOUNT }} + - name: login to gcp gar + run: | + gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet + echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV" +{% endraw %} +{% endif %} +{% raw %} - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG diff --git a/templates/node-service/content/.github/workflows/pull_request.yaml b/templates/node-service/content/.github/workflows/pull_request.yaml index 7d6d596..4222a66 100644 --- a/templates/node-service/content/.github/workflows/pull_request.yaml +++ b/templates/node-service/content/.github/workflows/pull_request.yaml @@ -8,9 +8,21 @@ permissions: env: APP_NAME: ${{ values.name }} IMAGE: ${{ values.image }} - AWS_REGION: {% raw %}${{ vars.AWS_REGION }}{% endraw %} - AWS_ROLE_ARN: {% raw %}${{ vars.AWS_ROLE_ARN }}{% endraw %} - +{%- if values.cloudProvider === "aws" -%} +{% raw %} + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }} +{% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} + GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }} + GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }} +{% endraw %} +{%- else -%} +# Unknown cloud provider: ${{ values.cloudProvider }} +{% endif %} BASE_ENVIRONMENT: 'development' ENVIRONMENT_TYPE: 'development' SCORE_HUMANITEC_VERSION: '0.8.0' @@ -55,7 +67,9 @@ jobs: version: ${{ env.SCORE_HUMANITEC_VERSION }} - name: Set Tag with SHA run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV - +{% endraw %} +{%- if values.cloudProvider === "aws" -%} +{% raw %} - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: @@ -73,7 +87,22 @@ jobs: echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV" env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} +{% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + - name: configure gcp credentials + uses: google-github-actions/auth@v1 + with: + workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GCP_SERVICE_ACCOUNT }} + - name: login to gcp gar + run: | + gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet + echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV" +{% endraw %} +{% endif %} +{% raw %} - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG diff --git a/templates/node-service/template.yaml b/templates/node-service/template.yaml index 00fd22e..78ecab5 100644 --- a/templates/node-service/template.yaml +++ b/templates/node-service/template.yaml @@ -33,6 +33,7 @@ spec: - id: create-ecr name: Create ECR Rrepository action: roadiehq:aws:ecr:create + if: ${{ steps.environment.output.cloudProvider == 'aws' }} input: repoName: ${{ parameters.componentName }} region: ${{ steps.environment.output.awsRegion }} @@ -46,6 +47,7 @@ spec: name: ${{ parameters.componentName }} image: ${{ parameters.componentName }} orgId: ${{ steps.environment.output.orgId }} + cloudProvider: ${{ steps.environment.output.cloudProvider }} - id: publish name: Publish diff --git a/templates/podinfo-example/content/.github/workflows/deploy.yaml b/templates/podinfo-example/content/.github/workflows/deploy.yaml index a968c53..b3b21df 100644 --- a/templates/podinfo-example/content/.github/workflows/deploy.yaml +++ b/templates/podinfo-example/content/.github/workflows/deploy.yaml @@ -10,10 +10,21 @@ concurrency: env: {% endraw %} IMAGE: ${{ values.image }} +{%- if values.cloudProvider === "aws" -%} {% raw %} AWS_REGION: ${{ vars.AWS_REGION }} AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }} {% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} + GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }} + GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }} +{% endraw %} +{%- else -%} +# Unknown cloud provider: ${{ values.cloudProvider }} +{% endif %} SCORE_HUMANITEC_VERSION: '0.8.0' APP_NAME: ${{ values.name }} @@ -29,7 +40,9 @@ jobs: - uses: actions/checkout@v3 - name: Set Tag with SHA run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV - +{% endraw %} +{%- if values.cloudProvider === "aws" -%} +{% raw %} - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: @@ -47,7 +60,22 @@ jobs: echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV" env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} +{% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + - name: configure gcp credentials + uses: google-github-actions/auth@v1 + with: + workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GCP_SERVICE_ACCOUNT }} + - name: login to gcp gar + run: | + gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet + echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV" +{% endraw %} +{% endif %} +{% raw %} - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG diff --git a/templates/podinfo-example/content/.github/workflows/pull_request.yaml b/templates/podinfo-example/content/.github/workflows/pull_request.yaml index 7d6d596..4222a66 100644 --- a/templates/podinfo-example/content/.github/workflows/pull_request.yaml +++ b/templates/podinfo-example/content/.github/workflows/pull_request.yaml @@ -8,9 +8,21 @@ permissions: env: APP_NAME: ${{ values.name }} IMAGE: ${{ values.image }} - AWS_REGION: {% raw %}${{ vars.AWS_REGION }}{% endraw %} - AWS_ROLE_ARN: {% raw %}${{ vars.AWS_ROLE_ARN }}{% endraw %} - +{%- if values.cloudProvider === "aws" -%} +{% raw %} + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }} +{% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} + GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }} + GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }} +{% endraw %} +{%- else -%} +# Unknown cloud provider: ${{ values.cloudProvider }} +{% endif %} BASE_ENVIRONMENT: 'development' ENVIRONMENT_TYPE: 'development' SCORE_HUMANITEC_VERSION: '0.8.0' @@ -55,7 +67,9 @@ jobs: version: ${{ env.SCORE_HUMANITEC_VERSION }} - name: Set Tag with SHA run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV - +{% endraw %} +{%- if values.cloudProvider === "aws" -%} +{% raw %} - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v3 with: @@ -73,7 +87,22 @@ jobs: echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV" env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} +{% endraw %} +{%- elif values.cloudProvider === "gcp" -%} +{% raw %} + - name: configure gcp credentials + uses: google-github-actions/auth@v1 + with: + workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.GCP_SERVICE_ACCOUNT }} + - name: login to gcp gar + run: | + gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet + echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV" +{% endraw %} +{% endif %} +{% raw %} - run: docker build --platform linux/amd64 . -t $CONTAINER_REGISTRY/$IMAGE:$TAG - run: docker push $CONTAINER_REGISTRY/$IMAGE:$TAG diff --git a/templates/podinfo-example/template.yaml b/templates/podinfo-example/template.yaml index 06b1d9d..8647c04 100644 --- a/templates/podinfo-example/template.yaml +++ b/templates/podinfo-example/template.yaml @@ -33,6 +33,7 @@ spec: - id: create-ecr name: Create ECR Rrepository action: roadiehq:aws:ecr:create + if: ${{ steps.environment.output.cloudProvider == 'aws' }} input: repoName: ${{ parameters.componentName }} region: ${{ steps.environment.output.awsRegion }} @@ -46,6 +47,7 @@ spec: name: ${{ parameters.componentName }} image: ${{ parameters.componentName }} orgId: ${{ steps.environment.output.orgId }} + cloudProvider: ${{ steps.environment.output.cloudProvider }} - id: publish name: Publish