init (#1)

Author: multani

.github/renovate.json5

@@ -0,0 +1,4 @@
+{
+  "extends": ["github>multani/renovate-config"],
+  "automerge": true,
+}

.github/workflows/lint.yml

@@ -0,0 +1,80 @@
+name: Lint
+
+on:
+  push:
+    pull_requests:
+      - main
+
+    branches:
+      - main
+
+jobs:
+  terraform:
+    name: Terraform
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        directory:
+          - ./
+          - ./modules/code
+    defaults:
+      run:
+        working-directory: ${{ matrix.directory }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.7.4
+
+      - name: terraform init
+        run: terraform init -backend=false
+
+      - name: Formatting
+        run: terraform fmt -recursive -check -diff
+
+      - name: Validation
+        run: terraform validate
+
+  tflint:
+    name: TFLint
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        directory:
+          - ./
+          - ./modules/code
+    defaults:
+      run:
+        working-directory: ${{ matrix.directory }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.7.4
+
+      - name: Terraform init
+        run: terraform init -backend=false
+
+      - name: Setup tflint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          github_token: ${{ github.token }}
+          tflint_version: v0.50.3
+
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Run TFLint
+        run: tflint --format compact --module

.gitignore

@@ -0,0 +1 @@
+modules/code/build/

data.tf

@@ -0,0 +1 @@
+data "google_project" "this" {}

main.tf

@@ -0,0 +1,50 @@
+resource "google_cloudfunctions2_function" "this" {
+  name        = var.name
+  description = var.description
+  location    = var.location
+
+  build_config {
+    runtime     = var.runtime
+    entry_point = var.entry_point
+
+    source {
+      storage_source {
+        bucket = var.source_code.bucket
+        object = var.source_code.object
+      }
+    }
+  }
+
+  service_config {
+    # The service account to run the function as
+    service_account_email = google_service_account.this.email
+
+    timeout_seconds    = 60
+    available_memory   = "${var.available_memory}Mi"
+    max_instance_count = var.max_instance_count
+
+    environment_variables = var.environment_variables
+  }
+
+  dynamic "event_trigger" {
+    for_each = var.event_trigger == null ? [] : [var.event_trigger]
+
+    content {
+      event_type   = event_trigger.value.event_type
+      pubsub_topic = event_trigger.value.pubsub_topic
+
+      service_account_email = (
+        event_trigger.value.service_account_email == null ?
+        google_service_account.this.email :
+        event_trigger.value.service_account_email
+      )
+
+      retry_policy = event_trigger.value.retry_policy
+      trigger_region = (
+        event_trigger.value.trigger_region == null ?
+        var.location :
+        event_trigger.value.trigger_region
+      )
+    }
+  }
+}

modules/code/main.tf

@@ -0,0 +1,21 @@
+data "archive_file" "code" {
+  type = "zip"
+
+  source_dir = var.source_dir
+
+  output_file_mode = "0666"
+  output_path      = "${path.module}/build/${var.name}.zip"
+}
+
+resource "google_storage_bucket_object" "this" {
+  # Interpolate the hash of the archive file in the name: when the content of
+  # the ZIP file changes (because the source code changed), the bucket object
+  # will be recreated and this will also force the recreation/update of the
+  # Google Cloud Function.
+  name = "${var.name}-${data.archive_file.code.output_md5}.zip"
+
+  bucket = var.bucket_name
+  source = data.archive_file.code.output_path
+
+  metadata = var.metadata
+}

modules/code/output.tf

@@ -0,0 +1,7 @@
+output "bucket" {
+  value = google_storage_bucket_object.this.bucket
+}
+
+output "object" {
+  value = google_storage_bucket_object.this.name
+}

modules/code/providers.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    archive = {
+      source = "hashicorp/archive"
+    }
+
+    google = {
+      source = "hashicorp/google"
+    }
+  }
+}

modules/code/variables.tf

@@ -0,0 +1,20 @@
+variable "source_dir" {
+  description = "The directory in which the source code of the Cloud Function is"
+  type        = string
+}
+
+variable "name" {
+  description = "The name of the Cloud Function, as stored in the Google Cloud Storage bucket"
+  type        = string
+}
+
+variable "bucket_name" {
+  description = "The Google Cloud Storage bucket name to store the Cloud Function code in"
+  type        = string
+}
+
+variable "metadata" {
+  description = "Key/value to associate with the source code"
+  default     = {}
+  type        = map(string)
+}

outputs.tf

@@ -0,0 +1,24 @@
+output "name" {
+  description = "The name of the function"
+  value       = google_cloudfunctions2_function.this.name
+}
+
+output "location" {
+  description = "The location of the function"
+  value       = google_cloudfunctions2_function.this.location
+}
+
+output "service_account_email" {
+  description = "The service account email the function runs as"
+  value       = google_service_account.this.email
+}
+
+output "service_account_name" {
+  description = "The FQDN to the service account the function runs as"
+  value       = google_service_account.this.name
+}
+
+output "uri" {
+  description = "The URI to call the function"
+  value       = google_cloudfunctions2_function.this.service_config[0].uri
+}

service-account.tf

@@ -0,0 +1,19 @@
+locals {
+  sa_name = var.service_account.name == null ? "fun-${var.name}" : var.service_account.name
+
+  sa_description = var.service_account.description == null ? "User for the Cloud Function: ${var.name}" : var.service_account.description
+}
+
+# The user to run the functions as
+resource "google_service_account" "this" {
+  account_id  = local.sa_name
+  description = local.sa_description
+}
+
+# Write traces
+resource "google_project_iam_member" "tracing" {
+  # https://cloud.google.com/trace/docs/iam#roles
+  role    = "roles/cloudtrace.agent"
+  member  = "serviceAccount:${google_service_account.this.email}"
+  project = data.google_project.this.project_id
+}

variables.tf

@@ -0,0 +1,77 @@
+variable "name" {
+  description = "The name of the function"
+  type        = string
+}
+
+variable "description" {
+  description = "The description of the function"
+  type        = string
+}
+
+variable "location" {
+  description = "The location (region) of the function"
+  type        = string
+}
+
+variable "runtime" {
+  description = "Which runtime to run the function with"
+  type        = string
+}
+
+variable "entry_point" {
+  description = "The entry point to execute the function from"
+  type        = string
+}
+
+
+variable "source_code" {
+  description = "The source code of the function"
+  type = object({
+    bucket = string
+    object = string
+  })
+}
+
+variable "available_memory" {
+  description = "The memory to allocate to the function in MB"
+  type        = number
+  default     = 256
+}
+
+variable "max_instance_count" {
+  description = "The maximum number of instances to run"
+  type        = number
+  default     = 1
+}
+
+variable "environment_variables" {
+  description = "The environment variables for the function"
+  type        = map(string)
+  default     = {}
+}
+
+variable "service_account" {
+  description = "Information about the service account used by the function"
+  default     = {}
+
+  type = object({
+    name        = optional(string, null)
+    description = optional(string, null)
+  })
+}
+
+variable "event_trigger" {
+  description = "The event triggering the function"
+
+  default = null
+
+  type = object({
+    event_type   = string
+    pubsub_topic = string
+
+    service_account_email = optional(string, null)
+
+    retry_policy   = optional(string, "RETRY_POLICY_DO_NOT_RETRY")
+    trigger_region = optional(string, null)
+  })
+}