# To run the build locally, install cloud-build-local first.
# You will need access to a private registry, so be sure to install the docker
# credential helper.
# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
# Then run:
# cloud-build-local --config=cloudbuild-release.yaml --dryrun=false \
#   --substitutions TAG_NAME=[TAG] ..
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config cloudbuild-proxy.yaml --substitutions TAG_NAME=[TAG] ..
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
#
# This pipeline prepares a release. The pipeline should be run against the Nomulus public repo on
# GitHub. It builds the builder and base images, and hard codes the sha256 hashes of the resulting
# images in the merged code base (internal + public) , which is tagged and pushed into the release
# repo. Actual release artifacts are built from the release repo, ensuring reproducibility.
steps:
# Check the out internal repo.
- name: 'gcr.io/cloud-builders/gcloud'
  args: ['source', 'repos', 'clone', 'nomulus-internal']
# Tag and push the internal repo.
- name: 'gcr.io/cloud-builders/git'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    git tag ${TAG_NAME} && git push origin ${TAG_NAME}
  dir: 'nomulus-internal'
# Merge the repos.
- name: 'gcr.io/cloud-builders/git'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    shopt -s dotglob
    rm -rf .git && rm -rf nomulus-internal/.git
    cp -rf nomulus-internal/* .
    rm -rf nomulus-internal
# Build the builder image and tag the proxy base image, to be uploaded later.
- name: 'gcr.io/cloud-builders/docker'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    docker build -t gcr.io/${PROJECT_ID}/builder:${TAG_NAME} .
    docker tag gcr.io/${PROJECT_ID}/builder:${TAG_NAME} gcr.io/${PROJECT_ID}/builder:latest
    docker pull gcr.io/distroless/java
    docker tag gcr.io/distroless/java gcr.io/${PROJECT_ID}/base:${TAG_NAME}
    docker tag gcr.io/distroless/java gcr.io/${PROJECT_ID}/base:latest
    docker push gcr.io/${PROJECT_ID}/base:latest
    docker push gcr.io/${PROJECT_ID}/base:${TAG_NAME}
    docker push gcr.io/${PROJECT_ID}/builder:latest
    docker push gcr.io/${PROJECT_ID}/builder:${TAG_NAME}
  dir: 'release/builder/'
# Do text replacement in the merged repo, hardcoding image hashes.
- name: 'gcr.io/cloud-builders/gcloud'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    builder_digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/builder \
      --format='get(digest)' --filter='tags = ${TAG_NAME}')
    base_digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/base \
      --format='get(digest)' --filter='tags = ${TAG_NAME}')
    sed -i s%distroless/java%${PROJECT_ID}/base@$base_digest% gradle/proxy/Dockerfile
    sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-proxy.yaml
    sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-nomulus.yaml
    sed -i s/GCP_PROJECT/${PROJECT_ID}/ java/google/registry/proxy/kubernetes/proxy-*.yaml
# Check out the release repo.
- name: 'gcr.io/cloud-builders/gcloud'
  args: ['source', 'repos', 'clone', 'nomulus-release']
# Tag and check in the release repo.
- name: 'gcr.io/cloud-builders/git'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    cp -rf nomulus-release/.git .
    rm -rf nomulus-release
    git config --global user.name "Cloud Build"
    git config --global user.email \
      $(gcloud auth list --format='get(account)' --filter=active)
    git add .
    git commit -m "Release commit for tag ${TAG_NAME}"
    git push origin master
    git tag ${TAG_NAME}
    git push origin ${TAG_NAME}
timeout: 3600s
options:
  machineType: 'N1_HIGHCPU_8'