reusable-tasks.yml

---
resource_types:
- name: gcs
  type: registry-image
  source: {repository: frodenas/gcs-resource}

resources:
- name: bosh-deployment
  type: git
  source:
    uri: https://github.com/cloudfoundry/bosh-deployment

- name: prod-deployment
  type: git
  source:
    uri: https://github.com/concourse/prod-deployment

- name: bosh-state
  type: gcs
  source:
    bucket: bosh-state
    json_key: ((bosh_state_gcs_json_key))
    versioned_file: bosh-state.json

- name: terraform-state
  type: gcs
  source:
    bucket: terraform-state
    json_key: ((tf_state_gcs_json_key))
    versioned_file: terraform.tfstate

tasks:
- name: bosh-create-env
  type: git
  source: {uri: https://github.com/vito/bosh-tasks}
  file: tasks/bosh-create-env.yml # could this be inferred?

- name: terraform-apply
  type: git
  source: {repository: https://github.com/vito/terraform-tasks}
  file: tasks/terraform-apply.yml

- name: terraform-output
  type: git
  source: {repository: https://github.com/vito/terraform-tasks}
  file: tasks/terraform-output.yml

jobs:
- name: iaas
  plan:
  - get: prod-deployment
  - get: terraform-state
    optional: true
  - task: terraform-apply
    params:
      dir: prod-deployment/iaas
      state: terraform-state/terraform.tfstate
      vars:
        credentials: ((tf_credentials))
        project_id: ((tf_project_id))
        region: ((tf_region))
        zone: ((tf_zone)) # this is actually only used for the NAT box. and differs from BOSH's zone. fix?
    ensure:
      put: terraform-state
      # task creates terraform-state output and must make sure to create it
      # immediately with the initial state, and then pass that same path to
      # apply for updating in-place
      params: {file: terraform-state/terraform.tfstate}

- name: director
  plan:
  - aggregate:
    - get: prod-deployment
      passed: [iaas]
    - get: terraform-state
      optional: true
      passed: [iaas]
    - get: bosh-state
      passed: [iaas]
    - get: bosh-deployment
    - task: terraform-output
      params:
        output_files:
          external_ip: director-ip
    - task: bosh-create-env
      params:
        manifest: bosh-deployment/bosh.yml
        state: bosh-state/bosh-state.json
        # produce 'vars_store' output
        vars_store: true
        ops_files:
        - bosh-deployment/gcp/cpi.yml
        - bosh-deployment/syslog.yml
        - bosh-deployment/uaa.yml
        - bosh-deployment/credhub.yml
        - bosh-deployment/local-dns.yml
        - bosh-deployment/external-ip-not-recommended.yml
        - bosh-deployment/misc/powerdns.yml
        - prod-deployment/ops/ci-client.yml
        - prod-deployment/ops/credhub-cli-user.yml
        - prod-deployment/ops/credhub-cli-user.yml
        - prod-deployment/ops/director-vm-size.yml \
        - prod-deployment/ops/director-disk-size.yml \
        - prod-deployment/ops/os-conf-users.yml \
        - prod-deployment/ops/uaa-external-dns.yml \
        - prod-deployment/ops/unset-config-server-uaa-ca.yml \
        - prod-deployment/ops/workers.yml \
        vars:
          director_name: concourse-prod-bosh
          internal_cidr: 10.0.0.0/29
          internal_gw: 10.0.0.1
          internal_ip: 10.0.0.6
          project_id: ((tf_project_id))
          zone: ((bosh_zone)) # different from tf zone
          network: bosh
          subnetwork: director
          tags: [director]
          gcp_credentials_json: ((tf_credentials))
          dns_recursor_ip: 169.254.169.254
        var_files:
          external_ip: terraform-outputs/external_ip
        vars_string: ((bosh_deployment_vars))
      ensure:
        put: bosh-state
        # task creates bosh-state output and must make sure to create it
        # immediately with the initial state, and then pass that same path to
        # create-env for updating in-place
        params: {file: bosh-state/bosh-state.json}