Cloudbuild pipeline for Terraform with Secrets

cloudbuild_v2.yaml

steps:
- id: 'tf plan'
  name: 'hashicorp/terraform:1.0.0'
  entrypoint: 'sh'
  secretEnv:
  - TF_VARS
  args:
  - '-c'
  - |
      set -x
      echo "branch $BRANCH_NAME"
      if [! -z "$BRANCH_NAME"]] && [ -d "terraform/environments/$BRANCH_NAME/" ]; then
        cd terraform/environments/$BRANCH_NAME
        echo "$$TF_VARS" > $BRANCH_NAME.auto.tfvars
        echo "run init"
        terraform init
        echo "run validate"
        terraform validate
        echo "run plan"
        terraform plan -out terraform.plan
        terraform apply -auto-approve terraform.plan
      else
        for dir in terraform/environments/*/
        do
          cd ${dir}
          env=${dir%*/}
          env=${env#*/}
          echo ""
          echo "*************** TERRAFOM PLAN ******************"
          echo "******* At environment: ${env} ********"
          echo "*************************************************"
          terraform init
          terraform validate
          terraform plan || exit 1
          cd ../../
        done
      fi
availableSecrets:
  secretManager:
  - versionName: projects/<PROJECT_ID>/secrets/terraform-article/versions/1
    env: TF_VARS