FR: CSR (Cloud Source Repositories) EOL June 2024 - replace the default path for version control system and CICD tool

[fmichaelobrien]

TL;DR

CSR is undergoing deprecation in favour of SSM

• https://cloud.google.com/source-repositories/docs/authentication
• https://cloud.google.com/secure-source-manager/docs/overview

Impact to CICD

• will affect the CB/CSR default option in the TEF LZ - primarily 0-bootstrap starting with the following gcloud clone
• https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/scripts/push-to-repo.sh#L32
• CB/Cloud Build will continue to be used for the pipeline
• will not affect incoming ADO option in #1205
• shadow https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/439
• reference SSH authentication option over gcloud API clone in https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/431

Cloud Source Repositories is scheduled for end of sale on June 17, 2024. Starting June 17, 2024, if your organization hasn't previously used Cloud Source Repositories, you cannot enable the API or use Cloud Source Repositories. New projects not connected to an organization can’t enable the Cloud Source Repositories API after June 17, 2024. Customers who have already enabled the API prior to this date will not be affected and can continue to use Cloud Source Repositories.

Terraform Resources

1.3.10

Detailed design

Work is in progress in also bringing in ADO (Azure DevOps) as a CI/CD option - as it is the default repository/pipeline tool for 80% of CA PubSec clients

https://github.com/terraform-google-modules/terraform-example-foundation/issues/1205

Additional information

fmichaelobrien will look into the SSM addition unless this work is already assigned in the roadmap