Tom Larkworthy tomlarkworthy

## Dockerfile
FROM eu.gcr.io/${project}/${image}:${tag}
# https://forum.camunda.org/t/apt-get-is-missing-on-camunda-bpm-platform-7-9-0-image/7789
USER root
RUN apk add --no-cache wget
USER camunda
RUN rm /camunda/lib/postgresql-9.3-1102-jdbc4.jar
RUN wget --directory-prefix=/camunda/lib https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/releases/download/v1.0.15/postgres-socket-factory-1.0.15-jar-with-driver-and-dependencies.jar

## index.ts
// Example in Typescript, nodejs reads a Google Doc if the service account is added as a viewer
// No manual OAUTH2 approval steps required. Just use the google share settings to share
// Use the client_email address found in the crendentials file as the
import fs = require('fs');
import {JWT, auth} from 'google-auth-library';
import {google} from 'googleapis';

const SCOPES = [
     // Other options at https://developers.google.com/identity/protocols/oauth2/scopes#docsv1
    'https://www.googleapis.com/auth/documents.readonly'

## Echo.bpmn
<?xml version="1.0" encoding="UTF-8"?>
<bpmn:definitions xmlns:bpmn="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:camunda="http://camunda.org/schema/1.0/bpmn" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" id="Definitions_0cqopu9" targetNamespace="http://bpmn.io/schema/bpmn" exporter="Camunda Modeler" exporterVersion="3.7.0">
  <bpmn:process id="Echo" name="Echo" isExecutable="true">
    <bpmn:startEvent id="StartEvent_1">
      <bpmn:outgoing>Flow_0fjxlkl</bpmn:outgoing>
    </bpmn:startEvent>
    <bpmn:sequenceFlow id="Flow_0fjxlkl" sourceRef="StartEvent_1" targetRef="Gateway_0mt3mgo" />
    <bpmn:callActivity id="PushPubsub" name="Publish Echo" camunda:asyncBefore="true" camunda:asyncAfter="true" camunda:exclusive="false" camunda:jobPriority="1" calledElement="PubsubPublish">
      <bpmn:extensionElements>
        <camunda:in businessKey="#{execution.processBusinessKey}" />

## cloudsql.tf
resource "google_sql_database_instance" "camunda-db" {
  name             = "camunda-db-postgres"
  database_version = "POSTGRES_11"
  region           = local.config.region

  settings {
    # Very small instance for testing.
    tier = "db-f1-micro"
    ip_configuration {
        ipv4_enabled = true

## docker.tf
# Copy Camunda base image from Dockerhub image into Google Container Registry
module "docker-mirror-camunda-bpm-platform" {
  source      = "github.com/neomantra/terraform-docker-mirror"
  image_name  = local.config.base_image_name
  image_tag   = local.config.base_image_tag
  dest_prefix = "eu.gcr.io/${local.project}"
}

# Hydrate docker template file into .build directory
resource "local_file" "dockerfile" {

## Dockerfile
FROM eu.gcr.io/${project}/${image}:${tag}
# https://forum.camunda.org/t/apt-get-is-missing-on-camunda-bpm-platform-7-9-0-image/7789
USER root
RUN apk add --no-cache wget
USER camunda
RUN rm /camunda/lib/postgresql-9.3-1102-jdbc4.jar
RUN wget --directory-prefix=/camunda/lib https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/releases/download/v1.0.15/postgres-socket-factory-1.0.15-jar-with-driver-and-dependencies.jar

## build.tf
# Build a customized image of Camunda to include the cloud sql postgres socket factory library
# Required to connect to Cloud SQL
# Built using Cloud Build, image stored in GCR
resource "null_resource" "camunda_cloudsql_image" {
  triggers = {
    # Rebuild if we change the base image or the local docker
    image = "eu.gcr.io/${local.project}/camunda_cloudsql:${local.config.base_image_tag}_${sha1(local_file.dockerfile.content)}"
  }
  provisioner "local-exec" {
    command = <<-EOT

## security.tf
# Policy to allow public access to Cloud Run endpoint
data "google_iam_policy" "noauth" {
  binding {
    role    = "roles/run.invoker"
    members = ["allUsers"]
  }
}

# Bind public policy to our Camunda Cloud Run service
resource "google_cloud_run_service_iam_policy" "noauth" {

## camunda.tf
# Cloud Run Camunda service
resource "google_cloud_run_service" "camunda" {
  name     = "camunda"
  location = local.config.region
  template {
    spec {
      # Use locked down Service Account
      service_account_name = google_service_account.camunda.email
      containers {
        image = null_resource.camunda_cloudsql_image.triggers.image

## blogs.csv

          
            notebook
             views
             likes

            
              switch-dataflow
               126
               9

            
              merge-dataflow
               80
               9

            
              mip
               62
               27

            
              sound-cloud-reactive-audio-visualizer
               37
               24
	FROM eu.gcr.io/${project}/${image}:${tag}
	# https://forum.camunda.org/t/apt-get-is-missing-on-camunda-bpm-platform-7-9-0-image/7789
	USER root
	RUN apk add --no-cache wget
	USER camunda
	RUN rm /camunda/lib/postgresql-9.3-1102-jdbc4.jar
	RUN wget --directory-prefix=/camunda/lib https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/releases/download/v1.0.15/postgres-socket-factory-1.0.15-jar-with-driver-and-dependencies.jar
	// Example in Typescript, nodejs reads a Google Doc if the service account is added as a viewer
	// No manual OAUTH2 approval steps required. Just use the google share settings to share
	// Use the client_email address found in the crendentials file as the
	import fs = require('fs');
	import {JWT, auth} from 'google-auth-library';
	import {google} from 'googleapis';

	const SCOPES = [
	// Other options at https://developers.google.com/identity/protocols/oauth2/scopes#docsv1
	'https://www.googleapis.com/auth/documents.readonly'
	<?xml version="1.0" encoding="UTF-8"?>
	<bpmn:definitions xmlns:bpmn="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:camunda="http://camunda.org/schema/1.0/bpmn" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" id="Definitions_0cqopu9" targetNamespace="http://bpmn.io/schema/bpmn" exporter="Camunda Modeler" exporterVersion="3.7.0">
	<bpmn:process id="Echo" name="Echo" isExecutable="true">
	<bpmn:startEvent id="StartEvent_1">
	<bpmn:outgoing>Flow_0fjxlkl</bpmn:outgoing>
	</bpmn:startEvent>
	<bpmn:sequenceFlow id="Flow_0fjxlkl" sourceRef="StartEvent_1" targetRef="Gateway_0mt3mgo" />
	<bpmn:callActivity id="PushPubsub" name="Publish Echo" camunda:asyncBefore="true" camunda:asyncAfter="true" camunda:exclusive="false" camunda:jobPriority="1" calledElement="PubsubPublish">
	<bpmn:extensionElements>
	<camunda:in businessKey="#{execution.processBusinessKey}" />
	resource "google_sql_database_instance" "camunda-db" {
	name = "camunda-db-postgres"
	database_version = "POSTGRES_11"
	region = local.config.region

	settings {
	# Very small instance for testing.
	tier = "db-f1-micro"
	ip_configuration {
	ipv4_enabled = true
	# Copy Camunda base image from Dockerhub image into Google Container Registry
	module "docker-mirror-camunda-bpm-platform" {
	source = "github.com/neomantra/terraform-docker-mirror"
	image_name = local.config.base_image_name
	image_tag = local.config.base_image_tag
	dest_prefix = "eu.gcr.io/${local.project}"
	}

	# Hydrate docker template file into .build directory
	resource "local_file" "dockerfile" {
	# Build a customized image of Camunda to include the cloud sql postgres socket factory library
	# Required to connect to Cloud SQL
	# Built using Cloud Build, image stored in GCR
	resource "null_resource" "camunda_cloudsql_image" {
	triggers = {
	# Rebuild if we change the base image or the local docker
	image = "eu.gcr.io/${local.project}/camunda_cloudsql:${local.config.base_image_tag}_${sha1(local_file.dockerfile.content)}"
	}
	provisioner "local-exec" {
	command = <<-EOT
	# Policy to allow public access to Cloud Run endpoint
	data "google_iam_policy" "noauth" {
	binding {
	role = "roles/run.invoker"
	members = ["allUsers"]
	}
	}

	# Bind public policy to our Camunda Cloud Run service
	resource "google_cloud_run_service_iam_policy" "noauth" {
	# Cloud Run Camunda service
	resource "google_cloud_run_service" "camunda" {
	name = "camunda"
	location = local.config.region
	template {
	spec {
	# Use locked down Service Account
	service_account_name = google_service_account.camunda.email
	containers {
	image = null_resource.camunda_cloudsql_image.triggers.image
notebook	views	likes
switch-dataflow	126	9
merge-dataflow	80	9
mip	62	27
sound-cloud-reactive-audio-visualizer	37	24