Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42

3 files changed, 116 insertions, 2 deletions

diff --git a/app/services/google_cloud/create_service_accounts_service.rb b/app/services/google_cloud/create_service_accounts_service.rb
index fa025e8f672..e360b3a8e4e 100644
--- a/app/services/google_cloud/create_service_accounts_service.rb
+++ b/app/services/google_cloud/create_service_accounts_service.rb
@@ -5,6 +5,7 @@ module GoogleCloud
     def execute
       service_account = google_api_client.create_service_account(gcp_project_id, service_account_name, service_account_desc)
       service_account_key = google_api_client.create_service_account_key(gcp_project_id, service_account.unique_id)
+      google_api_client.grant_service_account_roles(gcp_project_id, service_account.email)
 
       service_accounts_service.add_for_project(
         environment_name,
@@ -35,7 +36,7 @@ module GoogleCloud
     end
 
     def google_api_client
-      GoogleApi::CloudPlatform::Client.new(google_oauth2_token, nil)
+      @google_api_client_instance ||= GoogleApi::CloudPlatform::Client.new(google_oauth2_token, nil)
     end
 
     def service_accounts_service
@@ -50,7 +51,7 @@ module GoogleCloud
       "GitLab generated service account for project '#{project.name}' and environment '#{environment_name}'"
     end
 
-    # Overriden in EE
+    # Overridden in EE
     def environment_protected?
       false
     end
diff --git a/app/services/google_cloud/enable_cloud_run_service.rb b/app/services/google_cloud/enable_cloud_run_service.rb
new file mode 100644
index 00000000000..643f2b2b6d2
--- /dev/null
+++ b/app/services/google_cloud/enable_cloud_run_service.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module GoogleCloud
+  class EnableCloudRunService < :: BaseService
+    def execute
+      gcp_project_ids = unique_gcp_project_ids
+
+      if gcp_project_ids.empty?
+        error("No GCP projects found. Configure a service account or GCP_PROJECT_ID ci variable.")
+      else
+        google_api_client = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
+
+        gcp_project_ids.each do |gcp_project_id|
+          google_api_client.enable_cloud_run(gcp_project_id)
+          google_api_client.enable_artifacts_registry(gcp_project_id)
+          google_api_client.enable_cloud_build(gcp_project_id)
+        end
+
+        success({ gcp_project_ids: gcp_project_ids })
+      end
+    end
+
+    private
+
+    def unique_gcp_project_ids
+      all_gcp_project_ids = project.variables.filter { |var| var.key == 'GCP_PROJECT_ID' }.map { |var| var.value }
+      all_gcp_project_ids.uniq
+    end
+
+    def token_in_session
+      @params[:token_in_session]
+    end
+  end
+end
diff --git a/app/services/google_cloud/generate_pipeline_service.rb b/app/services/google_cloud/generate_pipeline_service.rb
new file mode 100644
index 00000000000..077f815e60c
--- /dev/null
+++ b/app/services/google_cloud/generate_pipeline_service.rb
@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module GoogleCloud
+  class GeneratePipelineService < :: BaseService
+    ACTION_DEPLOY_TO_CLOUD_RUN = 'DEPLOY_TO_CLOUD_RUN'
+    ACTION_DEPLOY_TO_CLOUD_STORAGE = 'DEPLOY_TO_CLOUD_STORAGE'
+
+    def execute
+      commit_attributes = generate_commit_attributes
+      create_branch_response = ::Branches::CreateService.new(project, current_user)
+                                                        .execute(commit_attributes[:branch_name], project.default_branch)
+
+      if create_branch_response[:status] == :error
+        return create_branch_response
+      end
+
+      branch = create_branch_response[:branch]
+
+      service = default_branch_gitlab_ci_yml.present? ? ::Files::UpdateService : ::Files::CreateService
+
+      commit_response = service.new(project, current_user, commit_attributes).execute
+
+      if commit_response[:status] == :error
+        return commit_response
+      end
+
+      success({ branch_name: branch.name, commit: commit_response })
+    end
+
+    private
+
+    def action
+      @params[:action]
+    end
+
+    def generate_commit_attributes
+      if action == ACTION_DEPLOY_TO_CLOUD_RUN
+        branch_name = "deploy-to-cloud-run-#{SecureRandom.hex(8)}"
+        {
+          commit_message: 'Enable Cloud Run deployments',
+          file_path: '.gitlab-ci.yml',
+          file_content: pipeline_content('gcp/cloud-run.gitlab-ci.yml'),
+          branch_name: branch_name,
+          start_branch: branch_name
+        }
+      elsif action == ACTION_DEPLOY_TO_CLOUD_STORAGE
+        branch_name = "deploy-to-cloud-storage-#{SecureRandom.hex(8)}"
+        {
+          commit_message: 'Enable Cloud Storage deployments',
+          file_path: '.gitlab-ci.yml',
+          file_content: pipeline_content('gcp/cloud-storage.gitlab-ci.yml'),
+          branch_name: branch_name,
+          start_branch: branch_name
+        }
+      end
+    end
+
+    def default_branch_gitlab_ci_yml
+      @default_branch_gitlab_ci_yml ||= project.repository.gitlab_ci_yml_for(project.default_branch)
+    end
+
+    def pipeline_content(include_path)
+      gitlab_ci_yml = Gitlab::Config::Loader::Yaml.new(default_branch_gitlab_ci_yml || '{}').load!
+      append_remote_include(gitlab_ci_yml, "https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/library/-/raw/main/#{include_path}")
+    end
+
+    def append_remote_include(gitlab_ci_yml, include_url)
+      stages = gitlab_ci_yml['stages'] || []
+      gitlab_ci_yml['stages'] = (stages + %w[build test deploy]).uniq
+
+      includes = gitlab_ci_yml['include'] || []
+      includes = Array.wrap(includes)
+      includes << { 'remote' => include_url }
+      gitlab_ci_yml['include'] = includes.uniq
+
+      gitlab_ci_yml.to_yaml
+    end
+  end
+end