feat!: v3.0.0 - OIDC Support, Install Command Improvements (#61)

Co-authored-by: Eric Ribeiro <ericribeiro@outlook.com.br>
CircleCI-Public · Dec 1, 2022 · 67e4448 · 67e4448
1 parent 1d50867
commit 67e4448
Show file tree

Hide file tree

Showing 12 changed files with 413 additions and 203 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -18,6 +18,7 @@ workflows:
       - orb-tools/review:
           filters: *filters
       - shellcheck/check:
+          exclude: 'SC2153'
           filters: *filters
       - orb-tools/publish:
           orb-name: circleci/gcp-cli
@@ -30,4 +31,4 @@ workflows:
           pipeline-number: << pipeline.number >>
           vcs-type: << pipeline.project.type >>
           requires: [orb-tools/publish]
-          filters: *filters
+          filters: *filters
diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml
@@ -8,72 +8,118 @@ filters: &filters
   tags:
     only: /.*/
 
-install-initialize_requires: &install-initialize_requires
-  [install-default, install-google, install-machine]
-
-prod-deploy_requires: &prod-deploy_requires
-  [install_initialize-default, install_initialize-google, install_initialize-machine]
-
-install-post-steps: &install-post-steps
-  [run: gcloud --version]
+post-steps:
+  - run: &check-cli-version
+      name: "Check if the CLI was installed and the version is correct"
+      command: |
+        if [ << parameters.version >> = "latest" ]; then
+          gcloud version || exit 1
+        else
+          gcloud --version | grep -q "Google Cloud SDK << parameters.version >>" || exit 1
+        fi
+  - run: &check-cli-version-alpine
+      name: "Check if the CLI was installed and the version is correct"
+      command: |
+        . $BASH_ENV
+        if [ << parameters.version >> = "latest" ]; then
+          gcloud version || exit 1
+        else
+          gcloud --version | grep -q "Google Cloud SDK << parameters.version >>" || exit 1
+        fi
 
 jobs:
-  # default executor
-  install-default:
-    executor: gcp-cli/default
+  install:
+    parameters:
+      executor:
+        type: executor
+      version:
+        type: string
+    executor: <<parameters.executor>>
     steps:
-      - gcp-cli/install
+      - gcp-cli/install:
+          version: <<parameters.version>>
+      - run: *check-cli-version
+
+  install-alpine:
+    parameters:
+      version:
+        type: string
+    executor: "alpine"
+    steps:
+      - run:
+          name: Install curl
+          command: apk add curl
+      - gcp-cli/install:
+          version: << parameters.version >>
+      - run: *check-cli-version-alpine
 
-  # google cloud image
   install-google:
-    executor: gcp-cli/google
+    parameters:
+      version:
+        type: string
+    executor: "gcp-cli/google"
     steps:
-      - gcp-cli/install
+      - run:
+          name: Install sudo
+          command: apt-get install sudo -y
+      - gcp-cli/install:
+          version: << parameters.version >>
+      - run: *check-cli-version
 
-  # machine executor
-  install-machine:
-    executor: gcp-cli/machine
+  install-components:
+    executor: gcp-cli/default
     steps:
-      - gcp-cli/install
+      - checkout
+      - gcp-cli/setup:
+          components: kubectl package-go-module # smallest not install gcloud components
+      - run: gcloud components list | grep package-go-module || exit 1
+
+  auth-oidc:
+    executor: gcp-cli/default
+    steps:
+      - checkout
+      - gcp-cli/setup:
+          use_oidc: true
+
+executors:
+  alpine:
+    docker:
+      - image: python:3.7-alpine
 
 workflows:
   test-deploy:
     jobs:
-      - install-default:
+      - install:
+          matrix:
+            alias: test-executor-versions
+            parameters:
+              executor: [gcp-cli/default, gcp-cli/machine]
+              version: [latest, 370.0.0, 410.0.0]
           context: orb-publisher
-          post-steps: *install-post-steps
-          filters: *filters
-      - install-google:
-          context: orb-publisher
-          post-steps: *install-post-steps
-          filters: *filters
-      - install-machine:
-          context: orb-publisher
-          post-steps: *install-post-steps
           filters: *filters
 
-      # run job with all executors
-      - gcp-cli/install_and_initialize_cli:
-          name: install_initialize-default
-          context: orb-publisher
-          requires: *install-initialize_requires
-          post-steps: *install-post-steps
-          filters: *filters
-      - gcp-cli/install_and_initialize_cli:
-          name: install_initialize-google
-          executor: gcp-cli/google
+      - install-alpine:
+          matrix:
+            alias: test-alpine-versions
+            parameters:
+              version: [latest, 370.0.0, 410.0.0]
           context: orb-publisher
-          requires: *install-initialize_requires
-          post-steps: *install-post-steps
           filters: *filters
-      - gcp-cli/install_and_initialize_cli:
-          name: install_initialize-machine
-          executor: gcp-cli/machine
+
+      - install-google:
+          matrix:
+            alias: test-google-versions
+            parameters:
+              version: [latest, 370.0.0, 410.0.0]
           context: orb-publisher
-          requires: *install-initialize_requires
-          post-steps: *install-post-steps
           filters: *filters
 
+      - auth-oidc:
+          context:
+            - gcp-cli-oidc
+
+      - install-components
+
       - orb-tools/pack:
           filters: *filters
 
@@ -82,16 +128,15 @@ workflows:
           vcs-type: << pipeline.project.type >>
           pub-type: production
           requires:
-            - install-default
-            - install-google
-            - install-machine
-            - install_initialize-default
-            - install_initialize-google
-            - install_initialize-machine
+            - test-executor-versions
+            - test-google-versions
+            - test-alpine-versions
+            - install-components
+            - auth-oidc
             - orb-tools/pack
           context: orb-publisher
           filters:
             branches:
               ignore: /.*/
             tags:
-              only: /^v[0-9]+\.[0-9]+\.[0-9]+$/
+              only: /^v[0-9]+\.[0-9]+\.[0-9]+$/
diff --git a/src/commands/initialize.yml b/src/commands/initialize.yml
diff --git a/src/commands/install.yml b/src/commands/install.yml
@@ -7,15 +7,22 @@ description: |
 parameters:
   version:
     type: string
-    default: "363.0.0"
-    description: "Version of the CLI to install. Must contain the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives"
+    default: "latest"
+    description: >
+      The version of the gcloud CLI to install.
+      If left to "latest", the latest version will be installed.
+      Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives"
+  components:
+    type: string
+    default: ""
+    description: >
+      The list of gcloud components to install. Space separated.
+      See https://cloud.google.com/sdk/docs/components for additional info.
 
 steps:
   - run:
       name: Install latest gcloud CLI version, if not available
       environment:
         ORB_VAL_VERSION: <<parameters.version>>
+        ORB_VAL_COMPONENTS: <<parameters.components>>
       command: << include(scripts/install.sh) >>
-  - run:
-      name: "gcloud CLI version"
-      command: gcloud version
diff --git a/src/commands/setup.yml b/src/commands/setup.yml
@@ -0,0 +1,105 @@
+description: |
+  Install and initialize the gcloud CLI. When installing within the Docker executor, the
+  install will only occur if the CLI isn't already installed. If installing in
+  a Linux machine image, it will remove the pre_installed version and instead
+  install the version specified by this orb.
+
+parameters:
+  version:
+    type: string
+    default: "latest"
+    description: >
+      The version of the gcloud CLI to install.
+      If left to "latest", the latest version will be installed.
+      Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives
+
+  components:
+      type: string
+      default: ""
+      description: >
+        The list of gcloud components to install. Space separated.
+        See https://cloud.google.com/sdk/docs/components for additional info.
+
+  gcloud_service_key:
+    type: env_var_name
+    default: GCLOUD_SERVICE_KEY
+    description: |
+      Name of environment variable storing the full service key JSON file
+      for the Google project.
+
+  google_project_id:
+    type: env_var_name
+    default: GOOGLE_PROJECT_ID
+    description: |
+      Name of environment variable storing the Google project ID to set as
+      default for the gcloud CLI.
+
+  google_compute_zone:
+    type: env_var_name
+    default: GOOGLE_COMPUTE_ZONE
+    description: |
+      Name of environment variable storing the Google compute zone to set as
+      default for the gcloud CLI.
+
+  google_compute_region:
+    type: env_var_name
+    default: GOOGLE_COMPUTE_REGION
+    description: |
+      Name of environment variable storing the Google compute region to set as
+      default for the gcloud CLI.
+
+  # OIDC parameters
+
+  use_oidc:
+    type: boolean
+    default: false
+    description: Set to true to enable OIDC
+
+  google_project_number:
+    type: env_var_name
+    default: GOOGLE_PROJECT_NUMBER
+    description: |
+      Name of environment variable storing the Google project number
+      used to configure OIDC.
+
+  workload_identity_pool_id:
+    type: env_var_name
+    default: OIDC_WIP_ID
+    description: |
+      Environment variable containing OIDC configured workload identity pool is stored.
+
+  workload_identity_pool_provider_id:
+    type: env_var_name
+    default: OIDC_WIP_PROVIDER_ID
+    description: |
+      Environment variable containing OIDC configured workload identity pool provider ID is stored.
+
+  service_account_email:
+    type: env_var_name
+    default: OIDC_SERVICE_ACCOUNT_EMAIL
+    description: Environment variable containing OIDC service account email.
+
+  gcp_cred_config_file_path:
+    type: string
+    default: ~/gcp_cred_config.json
+    description: Output location of OIDC credentials.
+
+steps:
+  - install:
+      version: << parameters.version >>
+      components: << parameters.components >>
+  - run:
+      name: Initialize gcloud CLI to connect to Google Cloud
+      environment:
+        ORB_ENV_SERVICE_KEY: <<parameters.gcloud_service_key>>
+        ORB_ENV_PROJECT_ID: <<parameters.google_project_id>>
+        ORB_ENV_COMPUTE_ZONE: <<parameters.google_compute_zone>>
+        ORB_ENV_COMPUTE_REGION: <<parameters.google_compute_region>>
+        # OIDC
+        ORB_VAL_USE_OIDC: <<parameters.use_oidc>>
+        ORB_ENV_PROJECT_NUMBER: <<parameters.google_project_number>>
+        ORB_EVAL_CRED_FILE: <<parameters.gcp_cred_config_file_path>>
+        ORB_ENV_POOL_ID: <<parameters.workload_identity_pool_id>>
+        ORB_ENV_POOL_PROVIDER_ID: <<parameters.workload_identity_pool_provider_id>>
+        ORB_ENV_SERVICE_EMAIL: <<parameters.service_account_email>>
+      command: << include(scripts/setup.sh) >>
diff --git a/src/examples/setup.yml b/src/examples/setup.yml
@@ -0,0 +1,20 @@
+description: Install and initalize the gcloud CLI.
+
+usage:
+  version: 2.1
+
+  orbs:
+    gcp-cli: circleci/gcp-cli@2.4.1
+
+  jobs:
+    use-gcp:
+      executor: gcp-cli/default
+      steps:
+        - gcp-cli/setup:
+            version: 404.0.0
+
+  workflows:
+    install_and_configure_cli:
+      jobs:
+        - use-gcp: # optionally pass in the GCP CLI version
+            context: myContext # store your gCloud service key via Contexts, or project-level environment variables