mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-02-11 07:11:40 +00:00
Code Issues Releases Wiki Activity
Files
8fa45e8c7606f57424f4244adfed1e93162fb2b5
nomulus/release/cloudbuild-proxy.yaml
jianglai b8ffa732b2 Add GCB workflows to promote the nomulus tool command after deployment 
With https://github.com/spinnaker/spinnaker/issues/4048 Spinnaker now natively supports GCB. We are able to start a GCB job from Spinnaker, and also there is better support to consume GCB pub/sub messages. Some changes are made to remove the workaround no longer needed.

Two new workflows are added, one to rsync a GCS folder to live/ after the deployment is done (so that the nomulus.jar file can then be fetched to x20 by a []cron job), and the other to tag the proxy image as live once it is deployed.

Lastly, the docs/ folders are needed when running tests. Remove it from .gcloudignore so that when a test run is kicked off by running "gcloud builds submit" the folder is sent to GCB. Ideally .gcloudignore should be identical to .gitignore but since they both are version controlled it is hard it make one a symlink of another.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=252625901
2019-06-12 13:08:11 -04:00

68 lines
3.1 KiB
YAML
Raw Blame History

# To run the build locally, install cloud-build-local first.
# You will need access to a private registry, so be sure to install the docker
# credential helper.
# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
# Then run:
# cloud-build-local --config=cloudbuild-proxy.yaml --dryrun=false --substitutions TAG_NAME=[TAG] .
# This will create a docker image named gcr.io/[PROJECT_ID]/proxy:[TAG] locally.
# The PROJECT_ID is the current project name that gcloud uses.
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config cloudbuild-proxy.yaml --substitutions TAG_NAME=[TAG] .
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
steps:
# Set permissions correctly. Not sure why it is necessary, but it is.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args: ['chown', '-R', 'root:root', '.']
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args: ['chmod', '-R', '777', '.']
# Build the deploy jar.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args:
- './gradlew'
- ':proxy:test'
- ':proxy:deployJar'
- '-PmavenUrl=https://storage.googleapis.com/domain-registry-maven-repository/maven'
- '-PpluginsUrl=https://storage.googleapis.com/domain-registry-maven-repository/plugins'
dir: 'gradle'
# Build the docker image.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args: ['docker', 'build', '--tag', 'gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}', '.']
dir: 'gradle/proxy'
# Push the image. We can't let Cloud Build's default processing do that for us
# because we need to push the image before we can sign it in the following
# step.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args: ['docker', 'push', 'gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}']
# Get the image digest, sign it and substitute in the digest in the tagging yaml file.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
entrypoint: /bin/bash
args:
- -c
- >
digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/proxy \
--format="get(digest)" --filter="tags = ${TAG_NAME}") && \
gcloud --project=${PROJECT_ID} alpha container binauthz attestations \
sign-and-create --artifact-url=gcr.io/${PROJECT_ID}/proxy@$digest \
--attestor=build-attestor --attestor-project=${PROJECT_ID} \
--keyversion-project=${PROJECT_ID} --keyversion-location=global \
--keyversion-keyring=attestor-keys --keyversion-key=signing \
--keyversion=1
sed -i s/proxy:'$${TAG_NAME}'/proxy@$digest/g release/cloudbuild-tag.yaml
# Images to upload to GCR. Even though the image has already been uploaded, we still include it
# here so that the GCB pubsub message contains it (for Spinnaker to consume).
images: ['gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}']
# Config files to upload to GCS.
artifacts:
objects:
location: 'gs://${PROJECT_ID}-deploy/${TAG_NAME}'
# This cannot be regexs because of how Spinnaker constructs artifact paths.
paths:
- 'java/google/registry/proxy/kubernetes/proxy-*.yaml'
- 'release/cloudbuild-tag.yaml'
timeout: 3600s
options:
machineType: 'N1_HIGHCPU_8'
Reference in New Issue View Git Blame Copy Permalink