5-app-infra step 10 - cloud build trigger missing for plan and apply builds

[obriensystems]

5-app-infra

https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/5-app-infra/README.md#deploying-with-cloud-build

To set your Cloud Platform project in this session use “gcloud config set project [PROJECT_ID]”
michael@cloudshell:~$ gcloud config set project tef-olxyz
Updated property [core/project].
michael@cloudshell:~ (tef-olxyz)$ cd tef-olxyz/github/
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ which terraform
/usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ terraform --version
Terraform v1.7.5
on linux_amd64

Your version of Terraform is out of date! The latest version
is 1.8.1. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ sudo cp ../terraform /usr/bin/terraform
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ terraform --version
Terraform v1.3.10
on linux_amd64

Your version of Terraform is out of date! The latest version
is 1.8.1. You can update by downloading from https://www.terraform.io/downloads.html
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ export INFRA_PIPELINE_PROJECT_ID=$(terraform -chdir="gcp-projects/business_unit_1/shared/" output -raw cloudbuild_project_id)
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ echo ${INFRA_PIPELINE_PROJECT_ID}
prj-c-bu1infra-pipeline-iap1
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone gcp-policies gcp-policies-app-infra --project=${INFRA_PIPELINE_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/gcp-policies-app-infra'...
warning: You appear to have cloned an empty repository.
Project [prj-c-bu1infra-pipeline-iap1] repository [gcp-policies] was cloned to [/home/michael/tef-olxyz/github/gcp-policies-app-infra].
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd gcp-policies-app-infra
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ ls
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git checkout -b main
Switched to a new branch 'main'
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ cp -RT ../terraform-example-foundation/policy-library/ .
cp: cannot stat '../terraform-example-foundation/policy-library/': No such file or directory
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$  cp -RT ../pbmm-on-gcp-onboarding/policy-library/ .
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ 

5-app-infra commit main

michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git add .
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ ls
lib  policies
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git commit -m 'Initialize policy library repo'
[main (root-commit) 06829ee] Initialize policy library repo
 112 files changed, 9682 insertions(+)
 create mode 100644 lib/constraints.rego
 create mode 100644 lib/util.rego
 create mode 100644 lib/util_test.rego
 create mode 100644 policies/constraints/appengine_versions.yaml
 create mode 100644 policies/constraints/bigquery_world_readable.yaml
 create mode 100644 policies/constraints/dnssec_prevent_rsasha1_ksk.yaml
 create mode 100644 policies/constraints/dnssec_prevent_rsasha1_zsk.yaml
 create mode 100644 policies/constraints/gke_allow_only_private_cluster.yaml
 create mode 100644 policies/constraints/gke_allowed_node_sa_scope.yaml
 create mode 100644 policies/constraints/gke_container_optimized_os.yaml
 create mode 100644 policies/constraints/gke_dashboard_disable.yaml
 create mode 100644 policies/constraints/gke_disable_default_service_account.yaml
 create mode 100644 policies/constraints/gke_disable_legacy_endpoints.yaml
 create mode 100644 policies/constraints/gke_enable_alias_ip_ranges.yaml
 create mode 100644 policies/constraints/gke_legacy_abac.yaml
 create mode 100644 policies/constraints/gke_master_authorized_networks_enabled.yaml
 create mode 100644 policies/constraints/gke_node_pool_auto_repair.yaml
 create mode 100644 policies/constraints/gke_node_pool_auto_upgrade.yaml
 create mode 100644 policies/constraints/gke_restrict_client_auth_methods.yaml
 create mode 100644 policies/constraints/gke_restrict_pod_traffic.yaml
 create mode 100644 policies/constraints/iam_deny_public.yaml
 create mode 100644 policies/constraints/network_enable_flow_logs.yaml
 create mode 100644 policies/constraints/network_enable_private_google_access.yaml
 create mode 100644 policies/constraints/restrict_fw_rules_rdp_world_open.yaml
 create mode 100644 policies/constraints/restrict_fw_rules_ssh_world_open.yaml
 create mode 100644 policies/constraints/restrict_fw_rules_world_open.yaml
 create mode 100644 policies/constraints/serviceusage_allow_basic_apis.yaml
 create mode 100644 policies/constraints/sql_public_ip.yaml
 create mode 100644 policies/constraints/sql_ssl.yaml
 create mode 100644 policies/constraints/storage_bucket_policy_only.yaml
 create mode 100644 policies/constraints/storage_denylist_public.yaml
 create mode 100644 policies/templates/gcp_allowed_resource_types.yaml
 create mode 100644 policies/templates/gcp_always_violates_v1.yaml
 create mode 100644 policies/templates/gcp_app_service_versions.yaml
 create mode 100644 policies/templates/gcp_appengine_location_v1.yaml
 create mode 100644 policies/templates/gcp_bigquery_cmek_encryption_v1.yaml
 create mode 100644 policies/templates/gcp_bigquery_dataset_world_readable_v1.yaml
 create mode 100644 policies/templates/gcp_bigquery_table_retention_v1.yaml
 create mode 100644 policies/templates/gcp_bq_dataset_location_v1.yaml
 create mode 100644 policies/templates/gcp_cmek_rotation_v1.yaml
 create mode 100644 policies/templates/gcp_cmek_settings_v1.yaml
 create mode 100644 policies/templates/gcp_compute_allowed_networks.yaml
 create mode 100644 policies/templates/gcp_compute_disk_resource_policies_v1.yaml
 create mode 100644 policies/templates/gcp_compute_external_ip_address.yaml
 create mode 100644 policies/templates/gcp_compute_ip_forward.yaml
 create mode 100644 policies/templates/gcp_compute_zone_v1.yaml
 create mode 100644 policies/templates/gcp_dataproc_location_v1.yaml
 create mode 100644 policies/templates/gcp_dnssec_prevent_rsasha1_v1.yaml
 create mode 100644 policies/templates/gcp_dnssec_v1.yaml
 create mode 100644 policies/templates/gcp_enforce_labels_v1.yaml
 create mode 100644 policies/templates/gcp_enforce_naming_v1.yaml
 create mode 100644 policies/templates/gcp_gke_allowed_node_sa_v1.yaml
 create mode 100644 policies/templates/gcp_gke_cluster_location.yaml
 create mode 100644 policies/templates/gcp_gke_cluster_version_v1.yaml
 create mode 100644 policies/templates/gcp_gke_container_optimized_os.yaml
 create mode 100644 policies/templates/gcp_gke_dashboard_v1.yaml
 create mode 100644 policies/templates/gcp_gke_disable_default_service_account_v1.yaml
 create mode 100644 policies/templates/gcp_gke_disable_legacy_endpoints_v1.yaml
 create mode 100644 policies/templates/gcp_gke_enable_alias_ip_ranges.yaml
 create mode 100644 policies/templates/gcp_gke_enable_private_endpoint.yaml
 create mode 100644 policies/templates/gcp_gke_enable_shielded_nodes_v1.yaml
 create mode 100644 policies/templates/gcp_gke_enable_stackdriver_kubernetes_engine_monitoring_v1.yaml
 create mode 100644 policies/templates/gcp_gke_enable_stackdriver_logging_v1.yaml
 create mode 100644 policies/templates/gcp_gke_enable_stackdriver_monitoring_v1.yaml
 create mode 100644 policies/templates/gcp_gke_enable_workload_identity_v1.yaml
 create mode 100644 policies/templates/gcp_gke_legacy_abac_v1.yaml
 create mode 100644 policies/templates/gcp_gke_master_authorized_networks_enabled_v1.yaml
 create mode 100644 policies/templates/gcp_gke_node_auto_repair_v1.yaml
 create mode 100644 policies/templates/gcp_gke_node_auto_upgrade_v1.yaml
 create mode 100644 policies/templates/gcp_gke_private_cluster_v1.yaml
 create mode 100644 policies/templates/gcp_gke_restrict_client_auth_methods_v1.yaml
 create mode 100644 policies/templates/gcp_gke_restrict_pod_traffic_v1.yaml
 create mode 100644 policies/templates/gcp_glb_external_ip_access_constraint_v1.yaml
 create mode 100644 policies/templates/gcp_iam_allow_ban_roles_v1.yaml
 create mode 100644 policies/templates/gcp_iam_allowed_bindings.yaml
 create mode 100644 policies/templates/gcp_iam_allowed_policy_member_domains.yaml
 create mode 100644 policies/templates/gcp_iam_audit_log.yaml
 create mode 100644 policies/templates/gcp_iam_custom_role_permissions_v1.yaml
 create mode 100644 policies/templates/gcp_iam_required_bindings_v1.yaml
 create mode 100644 policies/templates/gcp_iam_restrict_service_account_creation_v1.yaml
 create mode 100644 policies/templates/gcp_iam_restrict_service_account_key_age_v1.yaml
 create mode 100644 policies/templates/gcp_iam_restrict_service_account_key_type_v1.yaml
 create mode 100644 policies/templates/gcp_lb_forwarding_rules.yaml
 create mode 100644 policies/templates/gcp_network_enable_firewall_logs_v1.yaml
 create mode 100644 policies/templates/gcp_network_enable_flow_logs_v1.yaml
 create mode 100644 policies/templates/gcp_network_enable_private_google_access_v1.yaml
 create mode 100644 policies/templates/gcp_network_restrict_default_v1.yaml
 create mode 100644 policies/templates/gcp_network_routing_v1.yaml
 create mode 100644 policies/templates/gcp_resource_value_pattern_v1.yaml
 create mode 100644 policies/templates/gcp_restricted_firewall_rules_v1.yaml
 create mode 100644 policies/templates/gcp_serviceusage_allowed_services_v1.yaml
 create mode 100644 policies/templates/gcp_spanner_location_v1.yaml
 create mode 100644 policies/templates/gcp_sql_allowed_authorized_networks_v1.yaml
 create mode 100644 policies/templates/gcp_sql_backup_v1.yaml
 create mode 100644 policies/templates/gcp_sql_instance_type_v1.yaml
 create mode 100644 policies/templates/gcp_sql_location_v1.yaml
 create mode 100644 policies/templates/gcp_sql_maintenance_window_v1.yaml
 create mode 100644 policies/templates/gcp_sql_public_ip_v1.yaml
 create mode 100644 policies/templates/gcp_sql_ssl_v1.yaml
 create mode 100644 policies/templates/gcp_sql_world_readable_v1.yaml
 create mode 100644 policies/templates/gcp_storage_bucket_policy_only_v1.yaml
 create mode 100644 policies/templates/gcp_storage_bucket_retention_v1.yaml
 create mode 100644 policies/templates/gcp_storage_bucket_world_readable_v1.yaml
 create mode 100644 policies/templates/gcp_storage_cmek_encryption_v1.yaml
 create mode 100644 policies/templates/gcp_storage_location_v1.yaml
 create mode 100644 policies/templates/gcp_storage_logging_v1.yaml
 create mode 100644 policies/templates/gcp_vpc_sc_allowed_regions.yaml
 create mode 100644 policies/templates/gcp_vpc_sc_ensure_access_levels_v1.yaml
 create mode 100644 policies/templates/gcp_vpc_sc_ensure_project_v1.yaml
 create mode 100644 policies/templates/gcp_vpc_sc_ensure_services_v1.yaml
 create mode 100644 policies/templates/gcp_vpc_sc_ip_range_v1.yaml
 create mode 100644 policies/templates/gcp_vpc_sc_project_perimeter.yaml
michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ git push --set-upstream origin main
Enumerating objects: 118, done.
Counting objects: 100% (118/118), done.
Delta compression using up to 4 threads
Compressing objects: 100% (118/118), done.
Writing objects: 100% (118/118), 72.63 KiB | 2.42 MiB/s, done.
Total 118 (delta 87), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (87/87)
remote: Waiting for private key checker: 98/112 objects left
To https://source.developers.google.com/p/prj-c-bu1infra-pipeline-iap1/r/gcp-policies
 * [new branch]      main -> main
Branch 'main' set up to track remote branch 'main' from 'origin'.

clone bu1-example-app

michael@cloudshell:~/tef-olxyz/github/gcp-policies-app-infra (tef-olxyz)$ cd ..
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ gcloud source repos clone bu1-example-app --project=${INFRA_PIPELINE_PROJECT_ID}
Cloning into '/home/michael/tef-olxyz/github/bu1-example-app'...
warning: You appear to have cloned an empty repository.
Project [prj-c-bu1infra-pipeline-iap1] repository [bu1-example-app] was cloned to [/home/michael/tef-olxyz/github/bu1-example-app].
michael@cloudshell:~/tef-olxyz/github (tef-olxyz)$ cd bu1-example-app
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git checkout -b plan
Switched to a new branch 'plan'
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ cp -RT ../pbmm-on-gcp-onboarding/5-app-infra/ .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$  cp ../pbmm-on-gcp-onboarding/build/cloudbuild-tf-* .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ cp ../pbmm-on-gcp-onboarding/build/tf-wrapper.sh .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ chmod 755 ./tf-wrapper.sh
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ mv common.auto.example.tfvars common.auto.tfvars

michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$    git add .
michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git status
On branch plan

No commits yet

Changes to be committed:
  (use "git rm --cached <file>..." to unstage)
        new file:   .gitignore
        new file:   README.md
        new file:   business_unit_1/development/README.md
        new file:   business_unit_1/development/backend.tf
        new file:   business_unit_1/development/common.auto.tfvars
        new file:   business_unit_1/development/main.tf
        new file:   business_unit_1/development/outputs.tf
        new file:   business_unit_1/development/variables.tf
        new file:   business_unit_1/development/versions.tf
        new file:   business_unit_1/non-production/README.md
        new file:   business_unit_1/non-production/backend.tf
        new file:   business_unit_1/non-production/common.auto.tfvars
        new file:   business_unit_1/non-production/main.tf
        new file:   business_unit_1/non-production/outputs.tf
        new file:   business_unit_1/non-production/variables.tf
        new file:   business_unit_1/non-production/versions.tf
        new file:   business_unit_1/production/README.md
        new file:   business_unit_1/production/backend.tf
        new file:   business_unit_1/production/common.auto.tfvars
        new file:   business_unit_1/production/main.tf
        new file:   business_unit_1/production/outputs.tf
        new file:   business_unit_1/production/variables.tf
        new file:   business_unit_1/production/versions.tf
        new file:   cloudbuild-tf-apply.yaml
        new file:   cloudbuild-tf-plan.yaml
        new file:   common.auto.tfvars
        new file:   modules/env_base/README.md
        new file:   modules/env_base/main.tf
        new file:   modules/env_base/outputs.tf
        new file:   modules/env_base/variables.tf
        new file:   modules/env_base/versions.tf
        new file:   tf-wrapper.sh

michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git commit -m 'Initialize bu1 example app repo'
[plan (root-commit) d1ac96b] Initialize bu1 example app repo
 32 files changed, 1748 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 business_unit_1/development/README.md
 create mode 100644 business_unit_1/development/backend.tf
 create mode 120000 business_unit_1/development/common.auto.tfvars
 create mode 100644 business_unit_1/development/main.tf
 create mode 100644 business_unit_1/development/outputs.tf
 create mode 100644 business_unit_1/development/variables.tf
 create mode 100644 business_unit_1/development/versions.tf
 create mode 100644 business_unit_1/non-production/README.md
 create mode 100644 business_unit_1/non-production/backend.tf
 create mode 120000 business_unit_1/non-production/common.auto.tfvars
 create mode 100644 business_unit_1/non-production/main.tf
 create mode 100644 business_unit_1/non-production/outputs.tf
 create mode 100644 business_unit_1/non-production/variables.tf
 create mode 100644 business_unit_1/non-production/versions.tf
 create mode 100644 business_unit_1/production/README.md
 create mode 100644 business_unit_1/production/backend.tf
 create mode 120000 business_unit_1/production/common.auto.tfvars
 create mode 100644 business_unit_1/production/main.tf
 create mode 100644 business_unit_1/production/outputs.tf
 create mode 100644 business_unit_1/production/variables.tf
 create mode 100644 business_unit_1/production/versions.tf
 create mode 100644 cloudbuild-tf-apply.yaml
 create mode 100644 cloudbuild-tf-plan.yaml
 create mode 100644 common.auto.tfvars
 create mode 100644 modules/env_base/README.md
 create mode 100644 modules/env_base/main.tf
 create mode 100644 modules/env_base/outputs.tf
 create mode 100644 modules/env_base/variables.tf
 create mode 100644 modules/env_base/versions.tf
 create mode 100755 tf-wrapper.sh

michael@cloudshell:~/tef-olxyz/github/bu1-example-app (tef-olxyz)$ git push --set-upstream origin plan
Enumerating objects: 30, done.
Counting objects: 100% (30/30), done.
Delta compression using up to 4 threads
Compressing objects: 100% (28/28), done.
Writing objects: 100% (30/30), 14.27 KiB | 1.78 MiB/s, done.
Total 30 (delta 14), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (14/14)
remote: Waiting for private key checker: 22/22 objects left
To https://source.developers.google.com/p/prj-c-bu1infra-pipeline-iap1/r/bu1-example-app
 * [new branch]      plan -> plan
Branch 'plan' set up to track remote branch 'plan' from 'origin'.

5-app-infra step 10 check cloud build plan run

there is no trigger in cb for the example

[obriensystems]

reference https://github.com/terraform-google-modules/terraform-example-foundation/issues/445

[fmichaelobrien]

reference https://github.com/terraform-google-modules/terraform-example-foundation/pull/1196

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days