FR: CSR (Cloud Source Repositories) EOL June 2024 - replace the default path for version control system and CICD tool

[fmichaelobrien]

TL;DR

CSR is undergoing deprecation in favour of SSM

• https://cloud.google.com/source-repositories/docs/authentication
• https://cloud.google.com/secure-source-manager/docs/overview

Impact to CICD

• will affect the CB/CSR default option in the TEF LZ - primarily 0-bootstrap starting with the following gcloud clone
• https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/scripts/push-to-repo.sh#L32
• CB/Cloud Build will continue to be used for the pipeline
• will not affect incoming ADO option in FR: Add Azure DevOps CI/CD repository and pipeline support option #1205
• shadow Migration: CSR (Cloud Source Repositories) EOL June 2024 - move to SSM (Secure Source Manager) as default CICD repository GoogleCloudPlatform/pbmm-on-gcp-onboarding#439
• reference SSH authentication option over gcloud API clone in Cloud Build module in bootstrap fails on CSR clone gcloud API auth during push-to-repo.sh for CB trigger creation on particular client - use ssh key and ssh-agent GoogleCloudPlatform/pbmm-on-gcp-onboarding#431

Cloud Source Repositories is scheduled for end of sale on June 17, 2024. Starting June 17, 2024, if your organization hasn't previously used Cloud Source Repositories, you cannot enable the API or use Cloud Source Repositories. New projects not connected to an organization can’t enable the Cloud Source Repositories API after June 17, 2024. Customers who have already enabled the API prior to this date will not be affected and can continue to use Cloud Source Repositories.

Terraform Resources

1.3.10

Detailed design

Work is in progress in also bringing in ADO (Azure DevOps) as a CI/CD option - as it is the default repository/pipeline tool for 80% of CA PubSec clients

https://github.com/terraform-google-modules/terraform-example-foundation/issues/1205

Additional information

fmichaelobrien will look into the SSM addition unless this work is already assigned in the roadmap

[obriensystems]

module references

• https://github.com/terraform-google-modules/terraform-google-bootstrap/blob/master/modules/tf_cloudbuild_source/main.tf

[eeaton]

Thanks for raising this issue. This is identified on our internal roadmap as work to address in the next major round of updates for v5 (sometime in H2 this year). The answer may or may not be SSM, due to the limitation that SSM is currently an invitation only service.

[sleighton2022]

Closing this issue, and as eeaton noted, we will address this as part of our H2 roadmap.

[sleighton2022]

Reopening, as I didn't notice it was marked as backlog.

[fmichaelobrien]

Sounds good. I am currently working a PR patch in our fork for later submission.