From 3d991a3ca9f9043c84af0f1ca7814f32e51dab7a Mon Sep 17 00:00:00 2001 From: Gus Narea Date: Tue, 21 Dec 2021 16:27:08 +0000 Subject: [PATCH] feat: Implement module to manage CI for an Android app (#6) --- .github/workflows/ci.yml | 4 ++ modules/android-app-ci/README.md | 3 ++ modules/android-app-ci/main.tf | 58 +++++++++++++++++++++++++++++ modules/android-app-ci/variables.tf | 14 +++++++ 4 files changed, 79 insertions(+) create mode 100644 modules/android-app-ci/README.md create mode 100644 modules/android-app-ci/main.tf create mode 100644 modules/android-app-ci/variables.tf diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ca24303..0315032 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,6 +7,10 @@ on: jobs: ci-module: uses: relaycorp/shared-workflows/.github/workflows/tfmodule-ci.yml@main + ci-android-app: + uses: relaycorp/shared-workflows/.github/workflows/tfmodule-ci.yml@main + with: + path: modules/android-app-ci ci-example: uses: relaycorp/shared-workflows/.github/workflows/tfmodule-ci.yml@main with: diff --git a/modules/android-app-ci/README.md b/modules/android-app-ci/README.md new file mode 100644 index 0000000..18f5182 --- /dev/null +++ b/modules/android-app-ci/README.md @@ -0,0 +1,3 @@ +# Continuous Integration for an Android app + +Including CI resources such as Firebase Test Lab. diff --git a/modules/android-app-ci/main.tf b/modules/android-app-ci/main.tf new file mode 100644 index 0000000..e4e8624 --- /dev/null +++ b/modules/android-app-ci/main.tf @@ -0,0 +1,58 @@ +resource "google_service_account" "ci" { + project = var.gcp_project_name + account_id = "github-ci" + display_name = "Continuous Integration" +} + +resource "google_service_account" "publisher" { + project = var.global_gcp_project_name + account_id = "${var.gcp_project_name}-pub" + display_name = "Publisher for ${var.gcp_project_name}" +} + +resource "google_project_iam_member" "publisher_service_account_user" { + project = var.global_gcp_project_name + role = "roles/iam.serviceAccountUser" + member = "serviceAccount:${google_service_account.publisher.email}" +} + +resource "google_service_account_key" "github_actions_ci" { + service_account_id = google_service_account.ci.name +} + +resource "google_service_account_key" "github_actions_publisher" { + service_account_id = google_service_account.publisher.name +} + +resource "google_project_iam_binding" "firebase_editors" { + project = var.gcp_project_name + role = "roles/editor" + members = concat( + ["serviceAccount:${google_service_account.ci.email}"], + var.gcp_project_additional_editors + ) +} + +resource "github_actions_secret" "ci_service_account" { + repository = var.gh_repo_name + secret_name = "CI_GCP_SERVICE_ACCOUNT" + plaintext_value = base64decode(google_service_account_key.github_actions_ci.private_key) +} + +resource "github_actions_secret" "publisher_service_account" { + repository = var.gh_repo_name + secret_name = "PUBLISHER_GCP_SERVICE_ACCOUNT" + plaintext_value = base64decode(google_service_account_key.github_actions_publisher.private_key) +} + +resource "google_project_service" "testing" { + project = var.gcp_project_name + service = "testing.googleapis.com" + disable_dependent_services = true +} + +resource "google_project_service" "toolresults" { + project = var.gcp_project_name + service = "toolresults.googleapis.com" + disable_dependent_services = true +} diff --git a/modules/android-app-ci/variables.tf b/modules/android-app-ci/variables.tf new file mode 100644 index 0000000..a5ed525 --- /dev/null +++ b/modules/android-app-ci/variables.tf @@ -0,0 +1,14 @@ +variable "global_gcp_project_name" { + description = "Name of GCP project linked to Relaycorp's Google Play developer account" + default = "pc-api-6786721935796732762-360" +} + +variable "gcp_project_name" { + description = "Name of GCP project dedicated to the Android app" +} +variable "gcp_project_additional_editors" { + type = list(string) + default = [] +} + +variable "gh_repo_name" {}