CI/CD Setup Instructions may be missing some steps

[careb2b]

I am going through the steps in file tfengine/generated/cicd/README.md. I am not able to call terraform successfully through google cloud build trigger.

In cicd directory, I ran terraform apply which ran successfully.

It generated files:

tfengine/generated/cicd/configs
-rw-r--r-- 1 xxshambm xxshambm 1276 Jul 24 16:14 terragrunt.sh
-rw-r--r-- 1 xxshambm xxshambm 2411 Jul 24 16:14 tf-apply.yaml
-rw-r--r-- 1 xxshambm xxshambm 2604 Jul 24 16:14 tf-deletion-check.sh
-rw-r--r-- 1 xxshambm xxshambm 2295 Jul 24 16:14 tf-plan.yaml
-rw-r--r-- 1 xxshambm xxshambm 1651 Jul 24 16:14 tf-validate.yaml

I committed those configs into my github repo, but the triggers were looking for the config files in live/cicd/configs and not cicd/configs. Did I miss something in the README or is a step needed to copy/move those files?

After moving the files to live/cicd/configs. I was then able to execute the triggers on pull request or manually.

They fail due following error:

Step #1 - "Init (CICD)": The directory has no Terraform configuration files. You may begin working
Step #1 - "Init (CICD)": with Terraform immediately by creating Terraform configuration files.
Finished Step #1 - "Init (CICD)"
Starting Step #2 - "Speculative plan (CICD)"
Step #2 - "Speculative plan (CICD)": Already have image (with digest): gcr.io/cloud-foundation-cicd/cft/developer-tools@sha256:02b06198f1da423183937b60493bdaa20dedf36b1a852a1d7fbb5a537fd943fd
Step #2 - "Speculative plan (CICD)": 
Step #2 - "Speculative plan (CICD)": Error: No configuration files

My live directory does not have any terraform files.

[xingao267]

There are two cicd/ directories, one is at the root of your output directory (i.e. tfengine/generated/cicd) and the other one is under live (tfengine/generated/live/cicd). The difference is tfengine/generated/cicd should be run once manually, and tfengine/generated/live/cicd is managed by CICD itself.

Can you let me know what's the directory structure of your generated configs after running tfengine? The Cloud Build Triggers work together with the Terraform configs and directory structure configured by tfengine and it assumes there is a /live folder and also a live/cicd folder inside. If you use tfengine to generated configs, the directory structure should be set up for you.

[careb2b]

Thanks. I had TERRAFORM_ROOT as "live" in the trigger which was wrong and now changed it to ".". This fixed the issue of not being able to run. I ran into another issue.

1) docs tell you to download and install terraform which is used to create the initial state file, but Google Cloud Build has a slightly older version of terraform so the run fails because you manually created the state with a newer version.

Error loading state: state snapshot was created by Terraform v0.12.28, which is newer than current v0.12.26; upgrade to Terraform v0.12.28 or greater to work with this state

2) And then the READMe in cicd... Should it mention to copy cicd/confgs/* to live/cicd/configs so triggers can see those files?

[xingao267]

Thanks. I had TERRAFORM_ROOT as "live" in the trigger which was wrong and now changed it to ".". This fixed the issue of not being able to run. I ran into another issue.

1. docs tell you to download and install terraform which is used to create the initial state file, but Google Cloud Build has a slightly older version of terraform so the run fails because you manually created the state with a newer version.

Error loading state: state snapshot was created by Terraform v0.12.28, which is newer than current v0.12.26; upgrade to Terraform v0.12.28 or greater to work with this state

Let me update the Docker image used in CICD so it's using the up-to-date Terraform.

1. And then the READMe in cicd... Should it mention to copy cicd/confgs/* to live/cicd/configs so triggers can see those files?

You don't need to copy/paste any cicd/ directories. They are two separate cicd/ directories. Cloud Build triggers are configured to look for Cloud Build configs at {TERRAFORM_ROOT}/cicd/configs/, not in {TERRAFORM_ROOT}/live/cicd/configs/

[umairidris]

@xingao267 it seems like when there is a new Terraform binary release it will cause this version discrepancy. Can we update the devops instructions to use the same docker container when running from local machine?

[xingao267]

@umairidris deploying bootstrap and cicd dirs locally from a container is not difficult but might make the process a little bit more complicated. docker will need to be installed. And to run it, users will need to mount their gcloud credentials, source configs and output local terraform state files to the container. Sent https://github.com/GoogleCloudPlatform/healthcare-data-protection-suite/pull/477 instead to pin the terraform version in the readme files.

[umairidris]

@xingao267 makes sense, let's pin the versions so they are consistent throughout.

@careb2b FYI we're working on simplifying the cicd directory layout as part of #397.

[careb2b]

@xingao267 Yes, it was due to be having TERRAFORM_ROOT set to live incorrectly. After reapplying it was ok and I did not need the config files in live/cicd.

I noticed the triggers were updated for later terraform version and I was able to apply now.

I will close this.