Fix a few deprecations (#186)

* Fail gracefully when copying detailed reports

When the detailed reports are copied from GCS to registrars' Drive
folders, do not fail the entire copy operation when a single registrar
fails. Instead, send an alert email about the failure, and continue to copy the
rest of the reports.

Also, instead of creating duplicates, overwrite the existing files on
Drive.

BUG=127690361

config/presubmits.py

@@ -163,7 +163,6 @@ PRESUBMITS = {
 
 
 def get_files():
-  result = []
   for root, dirnames, filenames in os.walk("."):
     for filename in filenames:
       yield os.path.join(root, filename)

core/src/main/java/google/registry/model/domain/fee/FeeExtensionCommandDescriptor.java

@@ -15,9 +15,9 @@
 package google.registry.model.domain.fee;
 
 import com.google.common.base.Ascii;
-import com.google.common.base.CharMatcher;
 import google.registry.model.ImmutableObject;
 import google.registry.model.domain.fee.FeeQueryCommandExtensionItem.CommandName;
+import java.util.Locale;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlValue;
 
@@ -47,7 +47,7 @@ public class FeeExtensionCommandDescriptor extends ImmutableObject {
 
   public CommandName getCommand() {
     // Require the xml string to be lowercase.
-    if (command != null && CharMatcher.javaLowerCase().matchesAllOf(command)) {
+    if (command != null && command.toLowerCase(Locale.ENGLISH).equals(command)) {
       try {
         return CommandName.valueOf(Ascii.toUpperCase(command));
       } catch (IllegalArgumentException e) {

core/src/main/java/google/registry/model/domain/fee12/FeeCheckCommandExtensionItemV12.java

@@ -15,9 +15,9 @@
 package google.registry.model.domain.fee12;
 
 import com.google.common.base.Ascii;
-import com.google.common.base.CharMatcher;
 import google.registry.model.domain.Period;
 import google.registry.model.domain.fee.FeeCheckCommandExtensionItem;
+import java.util.Locale;
 import java.util.Optional;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
@@ -83,7 +83,7 @@ public class FeeCheckCommandExtensionItemV12 extends FeeCheckCommandExtensionIte
   @Override
   public CommandName getCommandName() {
     // Require the xml string to be lowercase.
-    if (commandName != null && CharMatcher.javaLowerCase().matchesAllOf(commandName)) {
+    if (commandName != null && commandName.toLowerCase(Locale.ENGLISH).equals(commandName)) {
       try {
         return CommandName.valueOf(Ascii.toUpperCase(commandName));
       } catch (IllegalArgumentException e) {

core/src/main/java/google/registry/reporting/billing/CopyDetailReportsAction.java

@@ -22,6 +22,7 @@ import static javax.servlet.http.HttpServletResponse.SC_OK;
 import com.google.appengine.tools.cloudstorage.GcsFilename;
 import com.google.common.base.Splitter;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Iterables;
 import com.google.common.flogger.FluentLogger;
 import com.google.common.io.ByteStreams;
@@ -38,6 +39,7 @@ import google.registry.util.Retrier;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Optional;
+import java.util.stream.Collectors;
 import javax.inject.Inject;
 
 /** Copy all registrar detail reports in a given bucket's subdirectory from GCS to Drive. */
@@ -95,6 +97,8 @@ public final class CopyDetailReportsAction implements Runnable {
       response.setPayload(String.format("Failure, encountered %s", e.getMessage()));
       return;
     }
+    ImmutableMap.Builder<String, Throwable> copyErrorsBuilder =
+        new ImmutableMap.Builder<String, Throwable>();
     for (String detailReportName : detailReportObjectNames) {
       // The standard report format is "invoice_details_yyyy-MM_registrarId_tld.csv
       // TODO(larryruili): Determine a safer way of enforcing this.
@@ -117,7 +121,7 @@ public final class CopyDetailReportsAction implements Runnable {
               try (InputStream input =
                   gcsUtils.openInputStream(
                       new GcsFilename(billingBucket, invoiceDirectoryPrefix + detailReportName))) {
-                driveConnection.createFile(
+                driveConnection.createOrUpdateFile(
                     detailReportName,
                     MediaType.CSV_UTF_8,
                     driveFolderId,
@@ -129,15 +133,31 @@ public final class CopyDetailReportsAction implements Runnable {
             },
             IOException.class);
       } catch (Throwable e) {
-        emailUtils.sendAlertEmail(
+        String alertMessage =
             String.format(
-                "Warning: CopyDetailReportsAction failed.\nEncountered: %s on file: %s",
-                getRootCause(e).getMessage(), detailReportName));
-        throw e;
+                "Warning: CopyDetailReportsAction failed for registrar %s.\n"
+                    + "Encountered: %s on file: %s",
+                registrarId, getRootCause(e).getMessage(), detailReportName);
+        copyErrorsBuilder.put(registrarId, e);
+        logger.atSevere().withCause(e).log(alertMessage);
       }
     }
     response.setStatus(SC_OK);
     response.setContentType(MediaType.PLAIN_TEXT_UTF_8);
-    response.setPayload("Copied detail reports.");
+    StringBuilder payload = new StringBuilder().append("Copied detail reports.\n");
+    ImmutableMap<String, Throwable> copyErrors = copyErrorsBuilder.build();
+    if (!copyErrors.isEmpty()) {
+      payload.append("The following errors were encountered:\n");
+      payload.append(
+          copyErrors.entrySet().stream()
+              .map(
+                  entrySet ->
+                      String.format(
+                          "Registrar: %s\nError: %s\n",
+                          entrySet.getKey(), entrySet.getValue().getMessage()))
+              .collect(Collectors.joining()));
+    }
+    response.setPayload(payload.toString());
+    emailUtils.sendAlertEmail(payload.toString());
   }
 }

core/src/main/java/google/registry/storage/drive/DriveConnection.java

@@ -54,6 +54,10 @@ public class DriveConnection {
   /**
    * Creates a file with the given parent.
    *
+   * <p>If a file with the same path already exists, a duplicate is created. If overwriting the
+   * existing file is the desired behavior, use {@link #createOrUpdateFile(String, MediaType,
+   * String, byte[])} instead.
+   *
    * @returns the file id.
    */
   public String createFile(String title, MediaType mimeType, String parentFolderId, byte[] bytes)

core/src/main/java/google/registry/tools/CreateOrUpdateTldCommand.java

@@ -19,7 +19,6 @@ import static google.registry.util.CollectionUtils.findDuplicates;
 import static google.registry.util.DomainNameUtils.canonicalizeDomainName;
 
 import com.beust.jcommander.Parameter;
-import com.google.common.base.CharMatcher;
 import com.google.common.base.Joiner;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
@@ -255,7 +254,7 @@ abstract class CreateOrUpdateTldCommand extends MutatingCommand {
           tld,
           canonicalizeDomainName(tld));
       checkArgument(
-          !CharMatcher.javaDigit().matches(tld.charAt(0)),
+          !Character.isDigit(tld.charAt(0)),
           "TLDs cannot begin with a number");
       Registry oldRegistry = getOldRegistry(tld);
       // TODO(b/26901539): Add a flag to set the pricing engine once we have more than one option.

core/src/test/java/google/registry/reporting/billing/CopyDetailReportsActionTest.java

@@ -18,10 +18,10 @@ import static com.google.common.truth.Truth.assertThat;
 import static google.registry.testing.DatastoreHelper.loadRegistrar;
 import static google.registry.testing.DatastoreHelper.persistResource;
 import static google.registry.testing.GcsTestingUtils.writeGcsFile;
-import static google.registry.testing.JUnitBackports.assertThrows;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static javax.servlet.http.HttpServletResponse.SC_OK;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -68,6 +68,7 @@ public class CopyDetailReportsActionTest {
   @Before
   public void setUp() {
     persistResource(loadRegistrar("TheRegistrar").asBuilder().setDriveFolderId("0B-12345").build());
+    persistResource(loadRegistrar("NewRegistrar").asBuilder().setDriveFolderId("0B-54321").build());
     response = new FakeResponse();
     driveConnection = mock(DriveConnection.class);
     emailUtils = mock(BillingEmailUtils.class);
@@ -96,21 +97,21 @@ public class CopyDetailReportsActionTest {
 
     action.run();
     verify(driveConnection)
-        .createFile(
+        .createOrUpdateFile(
             "invoice_details_2017-10_TheRegistrar_test.csv",
             MediaType.CSV_UTF_8,
             "0B-12345",
             "hello,world\n1,2".getBytes(UTF_8));
 
     verify(driveConnection)
-        .createFile(
+        .createOrUpdateFile(
             "invoice_details_2017-10_TheRegistrar_hello.csv",
             MediaType.CSV_UTF_8,
             "0B-12345",
             "hola,mundo\n3,4".getBytes(UTF_8));
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(response.getContentType()).isEqualTo(MediaType.PLAIN_TEXT_UTF_8);
-    assertThat(response.getPayload()).isEqualTo("Copied detail reports.");
+    assertThat(response.getPayload()).isEqualTo("Copied detail reports.\n");
   }
 
   @Test
@@ -126,7 +127,7 @@ public class CopyDetailReportsActionTest {
         "hello,world\n1,2".getBytes(UTF_8));
     action.run();
     verify(driveConnection)
-        .createFile(
+        .createOrUpdateFile(
             "invoice_details_2017-10_TheRegistrar_hello.csv",
             MediaType.CSV_UTF_8,
             "0B-12345",
@@ -135,7 +136,7 @@ public class CopyDetailReportsActionTest {
     verifyNoMoreInteractions(driveConnection);
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(response.getContentType()).isEqualTo(MediaType.PLAIN_TEXT_UTF_8);
-    assertThat(response.getPayload()).isEqualTo("Copied detail reports.");
+    assertThat(response.getPayload()).isEqualTo("Copied detail reports.\n");
   }
 
   @Test
@@ -144,41 +145,63 @@ public class CopyDetailReportsActionTest {
         gcsService,
         new GcsFilename("test-bucket", "results/invoice_details_2017-10_TheRegistrar_hello.csv"),
         "hola,mundo\n3,4".getBytes(UTF_8));
-    when(driveConnection.createFile(any(), any(), any(), any()))
+    when(driveConnection.createOrUpdateFile(any(), any(), any(), any()))
         .thenThrow(new IOException("expected"))
         .thenReturn("success");
 
     action.run();
     verify(driveConnection, times(2))
-        .createFile(
+        .createOrUpdateFile(
             "invoice_details_2017-10_TheRegistrar_hello.csv",
             MediaType.CSV_UTF_8,
             "0B-12345",
             "hola,mundo\n3,4".getBytes(UTF_8));
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(response.getContentType()).isEqualTo(MediaType.PLAIN_TEXT_UTF_8);
-    assertThat(response.getPayload()).isEqualTo("Copied detail reports.");
+    assertThat(response.getPayload()).isEqualTo("Copied detail reports.\n");
   }
 
   @Test
-  public void testFail_tooManyFailures_sendsAlertEmail() throws IOException {
+  public void testFail_tooManyFailures_sendsAlertEmail_continues() throws IOException {
     writeGcsFile(
         gcsService,
         new GcsFilename("test-bucket", "results/invoice_details_2017-10_TheRegistrar_hello.csv"),
         "hola,mundo\n3,4".getBytes(UTF_8));
-    when(driveConnection.createFile(any(), any(), any(), any()))
+    writeGcsFile(
+        gcsService,
+        new GcsFilename("test-bucket", "results/invoice_details_2017-10_NewRegistrar_test.csv"),
+        "hello,world\n1,2".getBytes(UTF_8));
+    when(driveConnection.createOrUpdateFile(
+            eq("invoice_details_2017-10_TheRegistrar_hello.csv"), any(), any(), any()))
         .thenThrow(new IOException("expected"));
 
-    RuntimeException thrown = assertThrows(RuntimeException.class, action::run);
-    assertThat(thrown).hasMessageThat().isEqualTo("java.io.IOException: expected");
+    action.run();
     verify(driveConnection, times(3))
-        .createFile(
+        .createOrUpdateFile(
             "invoice_details_2017-10_TheRegistrar_hello.csv",
             MediaType.CSV_UTF_8,
             "0B-12345",
             "hola,mundo\n3,4".getBytes(UTF_8));
-    verify(emailUtils).sendAlertEmail("Warning: CopyDetailReportsAction failed.\nEncountered: "
-        + "expected on file: invoice_details_2017-10_TheRegistrar_hello.csv");
+    verify(driveConnection)
+        .createOrUpdateFile(
+            "invoice_details_2017-10_NewRegistrar_test.csv",
+            MediaType.CSV_UTF_8,
+            "0B-54321",
+            "hello,world\n1,2".getBytes(UTF_8));
+    verify(emailUtils)
+        .sendAlertEmail(
+            "Copied detail reports.\n"
+                + "The following errors were encountered:\n"
+                + "Registrar: TheRegistrar\n"
+                + "Error: java.io.IOException: expected\n");
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getContentType()).isEqualTo(MediaType.PLAIN_TEXT_UTF_8);
+    assertThat(response.getPayload())
+        .isEqualTo(
+            "Copied detail reports.\n"
+                + "The following errors were encountered:\n"
+                + "Registrar: TheRegistrar\n"
+                + "Error: java.io.IOException: expected\n");
   }
 
   @Test

release/cloudbuild-beam.yaml

@@ -1,51 +0,0 @@
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-deploy-beam.yaml --dryrun=false \
-# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
-#
-# This will deploy Beam pipelines to GCS for the PROJECT_ID defined in gcloud
-# tool.
-#
-# To manually trigger a build on GCB, run:
-# gcloud builds submit --config=cloudbuild-deploy-beam.yaml \
-# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
-#
-# To trigger a build automatically, follow the instructions below and add a trigger:
-# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
-steps:
-# Pull the latest nomulus.jar to local
-- name: 'gcr.io/${PROJECT_ID}/builder:latest'
-  args:
-  - gsutil
-  - cp
-  - gs://${PROJECT_ID}-deploy/${TAG_NAME}/nomulus.jar
-  - .
-# Pull the credential for nomulus tool
-- name: 'gcr.io/${PROJECT_ID}/builder:latest'
-  args:
-  - gsutil
-  - cp
-  - gs://${PROJECT_ID}-deploy/secrets/tool-credential.json.enc
-  - .
-# Decrypt the credential
-- name: 'gcr.io/${PROJECT_ID}/builder:latest'
-  entrypoint: /bin/bash
-  args:
-  - -c
-  - |
-    cat tool-credential.json.enc | base64 -d | gcloud kms decrypt \
-      --ciphertext-file=- --plaintext-file=tool-credential.json \
-      --location=global --keyring=nomulus-tool-keyring --key=nomulus-tool-key
-# Deploy spec11 and invoicing pipeline to GCS
-- name: 'gcr.io/${PROJECT_ID}/builder:latest'
-  entrypoint: /bin/bash
-  args:
-  - -c
-  - |
-    java -jar nomulus.jar -e ${_ENV} --credential tool-credential.json \
-    deploy_spec11_pipeline
-    java -jar nomulus.jar -e ${_ENV} --credential tool-credential.json \
-    deploy_invoicing_pipeline
-timeout: 3600s
-options:
-  machineType: 'N1_HIGHCPU_8'

release/cloudbuild-deploy-configs.yaml

@@ -1,22 +0,0 @@
-# To run the build locally, install cloud-build-local first.
-# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
-# You will need access to a private registry, so be sure to install the docker
-# credential helper.
-# Then, in the release folder, run:
-# cloud-build-local --config=cloudbuild-deploy-configs.yaml --dryrun=false \
-#   --substitutions TAG_NAME=[TAG],_ENV=[ENV] ..
-# This will build the contents of the current directory and generate the
-# nomulus war-files locally.
-# The PROJECT_ID is the current project name that gcloud uses.
-# You can add "--push true" to have the image pushed to GCR.
-#
-# To manually trigger a build on GCB, run:
-# gcloud builds submit --config cloudbuild-deploy-configs.yaml \
-#   --substitutions TAG_NAME=[TAG],_ENV=[ENV] ..
-#
-# To trigger a build automatically, follow the instructions below and add a trigger:
-# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
-steps:
-# Download and unzip the tarball that contains the relevant config files
-- name: 'gcr.io/${PROJECT_ID}/builder:latest'
-  args: ['release/deploy_configs_to_env.sh', '${_ENV}', '${TAG_NAME}']

release/cloudbuild-deploy.yaml

@@ -0,0 +1,75 @@
+# To run the build locally, install cloud-build-local first.
+# Then run:
+# cloud-build-local --config=cloudbuild-deploy-beam.yaml --dryrun=false \
+# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
+#
+# This will deploy Beam pipelines to GCS for the PROJECT_ID defined in gcloud
+# tool.
+#
+# To manually trigger a build on GCB, run:
+# gcloud builds submit --config=cloudbuild-deploy-beam.yaml \
+# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
+#
+# To trigger a build automatically, follow the instructions below and add a trigger:
+# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
+steps:
+# Pull the credential for nomulus tool.
+- name: 'gcr.io/${PROJECT_ID}/builder:latest'
+  args:
+  - gsutil
+  - cp
+  - gs://${PROJECT_ID}-deploy/secrets/tool-credential.json.enc
+  - .
+# Decrypt the credential.
+- name: 'gcr.io/${PROJECT_ID}/builder:latest'
+  entrypoint: /bin/bash
+  args:
+  - -c
+  - |
+    set -e
+    cat tool-credential.json.enc | base64 -d | gcloud kms decrypt \
+      --ciphertext-file=- --plaintext-file=tool-credential.json \
+      --location=global --keyring=nomulus-tool-keyring --key=nomulus-tool-key
+# Deploy the Spec11 pipeline to GCS.
+- name: 'gcr.io/${PROJECT_ID}/nomulus-tool:latest'
+  args:
+  - -e
+  - ${_ENV}
+  - --credential
+  - tool-credential.json
+  - deploy_spec11_pipeline
+# Deploy the invoicing pipeline to GCS.
+- name: 'gcr.io/${PROJECT_ID}/nomulus-tool:latest'
+  args:
+  - -e
+  - ${_ENV}
+  - --credential
+  - tool-credential.json
+  - deploy_invoicing_pipeline
+# Deploy the GAE config files.
+# First authorize the gcloud tool to use the credential json file, then
+# download and unzip the tarball that contains the relevant config files
+- name: 'gcr.io/${PROJECT_ID}/builder:latest'
+  entrypoint: /bin/bash
+  args:
+  - -c
+  - |
+    set -e
+    gcloud auth activate-service-account --key-file=tool-credential.json
+    if [ ${_ENV} == production ]; then
+      project_id="domain-registry"
+    else
+      project_id="domain-registry-${_ENV}"
+    fi
+    gsutil cp gs://${PROJECT_ID}-deploy/${TAG_NAME}/${_ENV}.tar .
+    tar -xvf ${_ENV}.tar
+    # Note that this currently does not work for google.com projects that
+    # we use due to b/137891685. External projects are likely to work.
+    for filename in cron dispatch dos index queue; do
+      gcloud -q --project ${project_id} app deploy \
+        default/WEB-INF/appengine-generated/${filename}.yaml
+    done
+
+timeout: 3600s
+options:
+  machineType: 'N1_HIGHCPU_8'

release/cloudbuild-nomulus.yaml

@@ -29,20 +29,25 @@ steps:
 - name: 'gcr.io/${PROJECT_ID}/builder:latest'
   entrypoint: /bin/bash
   args:
-    - -c
-    - |
-      docker tag nomulus-tool gcr.io/${PROJECT_ID}/nomulus-tool:${TAG_NAME}
-      docker push gcr.io/${PROJECT_ID}/nomulus-tool:${TAG_NAME}
-# Get the tool image digest and substitute in the digest in the tagging yaml file.
+  - -c
+  - |
+    set -e
+    docker tag nomulus-tool gcr.io/${PROJECT_ID}/nomulus-tool:${TAG_NAME}
+    docker tag nomulus-tool gcr.io/${PROJECT_ID}/nomulus-tool:latest
+    docker push gcr.io/${PROJECT_ID}/nomulus-tool:${TAG_NAME}
+    docker push gcr.io/${PROJECT_ID}/nomulus-tool:latest
+# Get the tool image digest and substitute in the digest in other GCB files.
 - name: 'gcr.io/${PROJECT_ID}/builder:latest'
   entrypoint: /bin/bash
   args:
   - -c
   - |
+    set -e
     digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/nomulus-tool \
       --format="get(digest)" --filter="tags = ${TAG_NAME}")
     sed -i s/'$${_IMAGE}'/nomulus-tool/g release/cloudbuild-tag.yaml
     sed -i s/':$${TAG_NAME}'/@$digest/g release/cloudbuild-tag.yaml
+    sed -i s/'nomulus-tool:latest'/nomulus-tool@$digest/g release/cloudbuild-deploy-*.yaml
 # Build and package the deployment files for alpha.
 - name: 'gcr.io/${PROJECT_ID}/builder:latest'
   args: ['release/build_nomulus_for_env.sh', 'alpha', 'output']
@@ -64,8 +69,7 @@ artifacts:
     - 'output/nomulus.jar'
     - 'release/cloudbuild-tag.yaml'
     - 'release/cloudbuild-sync.yaml'
-    - 'release/cloudbuild-beam-*.yaml'
-    - 'release/cloudbuild-deploy-configs-*.yaml'
+    - 'release/cloudbuild-deploy-*.yaml'
 
 timeout: 3600s
 options:

release/cloudbuild-proxy.yaml

@@ -16,11 +16,11 @@ steps:
 # Build the proxy docker image.
 - name: 'gcr.io/${PROJECT_ID}/builder:latest'
   args:
-  - './gradlew'
-  - ':proxy:test'
-  - ':proxy:buildProxyImage'
-  - '-PmavenUrl=https://storage.googleapis.com/domain-registry-maven-repository/maven'
-  - '-PpluginsUrl=https://storage.googleapis.com/domain-registry-maven-repository/plugins'
+  - ./gradlew
+  - :proxy:test
+  - :proxy:buildProxyImage
+  - -PmavenUrl=https://storage.googleapis.com/domain-registry-maven-repository/maven
+  - -PpluginsUrl=https://storage.googleapis.com/domain-registry-maven-repository/plugins
 # Tag and push the image. We can't let Cloud Build's default processing do that for us
 # because we need to push the image before we can sign it in the following step.
 - name: 'gcr.io/${PROJECT_ID}/builder:latest'
@@ -28,8 +28,11 @@ steps:
   args:
   - -c
   - |
+    set -e
     docker tag proxy gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}
+    docker tag proxy gcr.io/${PROJECT_ID}/proxy:latest
     docker push gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}
+    docker push gcr.io/${PROJECT_ID}/proxy:latest
   dir: 'proxy'
 # Get the image digest, sign it and substitute in the digest in the tagging yaml file.
 - name: 'gcr.io/${PROJECT_ID}/builder:latest'
@@ -37,6 +40,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/proxy \
       --format="get(digest)" --filter="tags = ${TAG_NAME}")
     gcloud --project=${PROJECT_ID} alpha container binauthz attestations \

release/cloudbuild-release.yaml

@@ -24,6 +24,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     git clone https://gerrit.googlesource.com/gcompute-tools
     ./gcompute-tools/git-cookie-authdaemon
     git clone ${_INTERNAL_REPO_URL} nomulus-internal
@@ -33,6 +34,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     git tag ${TAG_NAME}
     git push origin ${TAG_NAME}
   dir: 'nomulus-internal'
@@ -42,6 +44,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     shopt -s dotglob
     rm -rf .git && rm -rf nomulus-internal/.git
     cp -rf nomulus-internal/* .
@@ -52,6 +55,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     docker build -t gcr.io/${PROJECT_ID}/builder:${TAG_NAME} .
     docker tag gcr.io/${PROJECT_ID}/builder:${TAG_NAME} gcr.io/${PROJECT_ID}/builder:latest
     docker pull gcr.io/distroless/java
@@ -73,6 +77,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     builder_digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/builder \
       --format='get(digest)' --filter='tags = ${TAG_NAME}')
     base_digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/base \
@@ -83,17 +88,15 @@ steps:
     sed -i s%distroless/java:debug%${PROJECT_ID}/base-debug@$debug_digest% core/Dockerfile
     sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-proxy.yaml
     sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-nomulus.yaml
-    sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-beam.yaml
-    sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-deploy-configs.yaml
+    sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-deploy.yaml
     sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-sync.yaml
     sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-tag.yaml
     sed -i s/GCP_PROJECT/${PROJECT_ID}/ proxy/kubernetes/proxy-*.yaml
     sed -i s/'$${TAG_NAME}'/${TAG_NAME}/g release/cloudbuild-sync.yaml
-    sed -i s/'$${TAG_NAME}'/${TAG_NAME}/g release/cloudbuild-beam.yaml
-    sed -i s/'$${TAG_NAME}'/${TAG_NAME}/g release/cloudbuild-deploy-configs.yaml
+    sed -i s/'$${TAG_NAME}'/${TAG_NAME}/g release/cloudbuild-deploy.yaml
     for environment in alpha crash sandbox production; do
-      sed s/'$${_ENV}'/${environment}/g release/cloudbuild-beam.yaml > release/cloudbuild-beam-${environment}.yaml
-      sed s/'$${_ENV}'/${environment}/g release/cloudbuild-deploy-configs.yaml > release/cloudbuild-deploy-configs-${environment}.yaml
+      sed s/'$${_ENV}'/${environment}/g release/cloudbuild-deploy.yaml \
+        > release/cloudbuild-deploy-${environment}.yaml
     done
 # Upload the gradle binary to GCS if it does not exist and point URL in gradle wrapper to it.
 - name: 'gcr.io/cloud-builders/gsutil'
@@ -101,6 +104,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     gradle_url=$(grep distributionUrl gradle/wrapper/gradle-wrapper.properties \
       | awk -F = '{print $2}' | sed 's/\\//g')
     gradle_bin=$(basename $gradle_url)
@@ -130,6 +134,7 @@ steps:
   args:
   - -c
   - |
+    set -e
     cp -rf nomulus-release/.git .
     rm -rf nomulus-release
     git config --global user.name "Cloud Build"

release/cloudbuild-sync.yaml

@@ -13,12 +13,12 @@ steps:
 # Rsync the folder.
 - name: 'gcr.io/${PROJECT_ID}/builder:latest'
   args:
-  - 'gsutil'
-  - '-m'
-  - 'rsync'
-  - '-d'
-  - 'gs://${PROJECT_ID}-deploy/${TAG_NAME}'
-  - 'gs://${PROJECT_ID}-deploy/live'
+  - gsutil
+  - -m
+  - rsync
+  - -d
+  - gs://${PROJECT_ID}-deploy/${TAG_NAME}
+  - gs://${PROJECT_ID}-deploy/live
 timeout: 3600s
 options:
   machineType: 'N1_HIGHCPU_8'

release/deploy_configs_to_env.sh

@@ -1,45 +0,0 @@
-#!/bin/bash
-# Copyright 2019 The Nomulus Authors. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# This script downloads the tagged tarball from GCS and uploads the AppEngine config files therein
-# to the provided environment. The standard AppEngine deployment process doesn't automatically
-# update these configs, so we must do it manually.
-
-set -e
-
-if [ $# -ne 2 ];
-then
-  echo "Usage: $0 alpha|crash|sandbox|production <tag_name>"
-  exit 1
-fi
-
-environment="$1"
-tag_name="$2"
-
-if [ "${environment}" == alpha ]; then
-  project_id="domain-registry-alpha"
-elif [ "${environment}" == crash ]; then
-  project_id="domain-registry-crash"
-elif [ "${environment}" == sandbox ]; then
-  project_id="domain-registry-sandbox"
-elif [ "${environment}" == production ]; then
-  project_id="domain-registry"
-fi
-
-gsutil cp gs://domain-registry-dev-deploy/${tag_name}/${environment}.tar .
-tar -xvf ${environment}.tar
-for filename in cron dispatch dos index queue; do
-  gcloud -q --project ${project_id} app deploy default/WEB-INF/appengine-generated/${filename}.yaml
-done