Create a workflow by using Terraform

Create a Terraform configuration file

Create a Terraform configuration file called main.tf and include the Google provider for Terraform resources used in this quickstart.

Note that you can use interpolation for substitutions such as reference variables, attributes of resources, and call functions.

1. Create a directory:

   mkdir terraform

2. Go to the terraform directory:

   cd terraform

3. Add a new file, main.tf, to the directory:

   nano main.tf

4. Add the following resources to the main.tf file:

   1. Assign the ID of the project:

      provider "google" {
      project = "PROJECT_ID"
      }

      Replace PROJECT_ID with your project's ID.

   2. Enable the Workflows API:

      # Enable Workflows API
      resource "google_project_service" "default" {
        service            = "workflows.googleapis.com"
        disable_on_destroy = false
      }

   3. Create a service account for the workflow:

      # Create a dedicated service account
      resource "google_service_account" "default" {
        account_id   = "sample-workflows-sa"
        display_name = "Sample Workflows Service Account"
      }

   4. Define the workflow using the google_workflows_workflow resource:

      # Create a workflow
      resource "google_workflows_workflow" "default" {
        name            = "sample-workflow"
        region          = "us-central1"
        description     = "A sample workflow"
        service_account = google_service_account.default.id
        labels = {
          env = "test"
        }
        user_env_vars = {
          url = "https://timeapi.io/api/Time/current/zone?timeZone=Europe/Amsterdam"
        }
        source_contents = <<-EOF
        # This is a sample workflow that you can replace with your source code
        #
        # The workflow does the following:
        # - Retrieves the current date from a public API and stores the
        #   response in `currentDate`
        # - Retrieves a list of Wikipedia articles from a public API related
        #   to the day of the week stored in `currentDate`
        # - Returns the list of articles in the workflow output
        #
        # Note that when you define workflows in Terraform, variables must be
        # escaped with two dollar signs ($$) and not a single sign ($)
      
        - getCurrentDate:
            call: http.get
            args:
                url: $${sys.get_env("url")}
            result: currentDate
        - readWikipedia:
            call: http.get
            args:
                url: https://en.wikipedia.org/w/api.php
                query:
                    action: opensearch
                    search: $${currentDate.body.dayOfWeek}
            result: wikiResult
        - returnOutput:
            return: $${wikiResult.body[1]}
      EOF
      
        depends_on = [google_project_service.default]
      }

      The following arguments are used in the sample workflow:

      • name: the name of your workflow.
      • region: the location of your workflow.
      • description: a description of your workflow.
      • service_account: the email address or unique ID of the service account associated with the latest workflow version. This service account represents the identity of the workflow and determines what permissions the workflow has. If you don't specify a service account during the workflow's creation, the workflow uses the default Compute Engine service account for its identity. For more information, see Grant a workflow permission to access Google Cloud resources.
      • labels: a list of key-value label pairs to assign to this workflow that helps you organize your Google Cloud instances. For more information, see What are labels?
      • user_env_vars: user-defined environment variables associated with this workflow revision. For more information, see Use environment variables.
      • source_contents: the Workflows code to execute. For the file size limit, see Resource limits.

      Other optional arguments include the following:

      • crypto_key_name: the resource ID for a Cloud Key Management Service key in the following format:

        projects/PROJECT_NAME/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY_NAME

        For more information, see Use customer-managed encryption keys.

      • call_log_level: the level of logging to apply to calls and call responses during executions of this workflow. Possible values are:

        • CALL_LOG_LEVEL_UNSPECIFIED
        • LOG_ALL_CALLS
        • LOG_ERRORS_ONLY
        • LOG_NONE

        For more information, see Call logging.

      • project: the ID of the project in which the resource belongs. If it is not provided, the provider project is used.

      • name_prefix: creates a unique name beginning with the specified prefix. If this and name are unspecified, a random value is chosen for the name.

Create and execute the workflow

Deploy your Terraform resources to create the workflow and then execute the workflow.

1. Initialize Terraform in the directory:

   terraform init

2. Check that the changes you propose with Terraform match the expected plan:

   terraform plan

   You can ignore the note regarding not using the -out option.

3. Create the workflow:

   terraform apply

4. At the Enter a value prompt, type yes to proceed with the creation of resources.

5. Confirm that a workflow is created:

   gcloud workflows list --location us-central1

   The output should be similar to the following:

   NAME                                                                    STATE   REVISION_ID  UPDATE_TIME
   projects/project-name/locations/us-central1/workflows/sample-workflow   ACTIVE  000001-f9a   2024-02-24T13:38:58.353765906Z

6. Optionally, you can execute the workflow:

   gcloud workflows execute sample-workflow