first_build.yaml

steps:
  - id: "build and push first docker image"
    name: "gcr.io/cloud-builders/gcloud"
    args: ["builds", "submit", "--tag", "gcr.io/$PROJECT_ID/dash-cloudrun-demo"]

  - id: "download encrypted secrets only during build"
    name: "gcr.io/cloud-builders/gsutil"
    args:
      [
        "cp",
        "gs://$PROJECT_ID-secure-bucket-secrets/ciphertext_file.enc",
        "ciphertext_file.enc",
      ]

  - id: "decrypt secrets only during build"
    name: "gcr.io/cloud-builders/gcloud"
    args:
      [
        "kms",
        "decrypt",
        "--ciphertext-file",
        "ciphertext_file.enc",
        "--plaintext-file",
        "service_account.json",
        "--location",
        "global",
        "--keyring",
        "$PROJECT_ID-keyring",
        "--key",
        "$PROJECT_ID-key",
      ]

  ###############################################
  # deploy terraform infrastructure
  - id: "tf init"
    name: "hashicorp/terraform:0.12.9"
    entrypoint: "sh"
    args:
      - "-c"
      - |
        cd tf_modules/
        terraform init

  # [START tf-plan]
  - id: "tf plan"
    name: "hashicorp/terraform:0.12.9"
    entrypoint: "sh"
    args:
      - "-c"
      - |
        cd tf_modules/
        terraform plan
  # [END tf-plan]

  # [START tf-apply]
  - id: "tf apply"
    name: "hashicorp/terraform:0.12.9"
    entrypoint: "sh"
    args:
      - "-c"
      - |
        cd tf_modules/
        terraform apply -auto-approve
  # [END tf-apply]

  - id: "allow cloud run unauthenticated"
    name: "gcr.io/cloud-builders/gcloud"
    args:
      [
        "beta",
        "run",
        "services",
        "add-iam-policy-binding",
        "tf-dash-cloud-run-demo",
        "--member",
        "allUsers",
        "--region",
        "us-central1",
        "--role",
        "roles/run.invoker",
        "--platform",
        "managed",
      ]

  - id: "upgrade container memory limit"
    name: "gcr.io/cloud-builders/gcloud"
    args:
      [
        "beta",
        "run",
        "services",
        "update",
        "tf-dash-cloud-run-demo",
        "--memory",
        "1Gi",
        "--region",
        "us-central1",
        "--platform",
        "managed",
      ]