mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-01-04 12:14:19 +00:00
Code Issues Releases Wiki Activity
Files
f9cd167ae4735dd46d191b36a085028dc8af6549
nomulus/release/cloudbuild-schema-deploy.yaml
Weimin Yu f9cd167ae4 Copy artifacts for schema tests after deployment (#2895) 
After each deployment in sandbox or production, move the artifacts from
the corresponding release to a well-known location so that they can be
mapped to Kokoro in presubmit tests. The Kokoro-mapping does not need
public access to the GCS bucket.

The artifacts include the  postgresql schema jar, the nomulus release
jar, and the uber jar of the nomulus schema integration test classes.

Every jar name consists of a fixed prefix and the environment. Each jar
of a new deployment overrides the previous copy.
2025-12-04 20:55:19 +00:00

93 lines
3.3 KiB
YAML
Raw Blame History

# This will deploy Cloud SQL schema release with tag value ${TAG_NAME} to
# the environment specified by ${_ENV}.
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config=cloudbuild-schema-deploy.yaml \
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
#
# Note that the release process hardens the tags and variables in this file:
# - The 'latest' tag on docker images will be replaced by their image digests.
# - The ${TAG_NAME} pattern will be replaced by the actual release tag.
# - The ${_ENV} pattern will be replaced by the actual environment name.
# Please refer to ./cloudbuild-release.yaml for more details.
# Note 2: to work around issue in Spinnaker's 'Deployment Manifest' stage,
# variable references must avoid the ${var} format. Valid formats include
# $var or ${"${var}"}. This file use the former. Since TAG_NAME and _ENV are
# expanded in the copies sent to Spinnaker, we preserve the brackets around
# them for safe pattern matching during release.
# See https://github.com/spinnaker/spinnaker/issues/3028 for more information.
steps:
# Download and decrypt the nomulus tool credential, which has the privilege to
# start Cloud SQL proxy to all environments. This credential is also used to
# authenticate the nomulus tool when fetching the schema deployer credential in
# the next step.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
volumes:
- name: 'secrets'
path: '/secrets'
entrypoint: /bin/bash
args:
- -c
- |
set -e
gcloud secrets versions access latest \
--secret nomulus-tool-cloudbuild-credential \
> /secrets/cloud_sql_credential.json
# Fetch the Cloud SQL credential for schema_deployer
- name: 'gcr.io/$PROJECT_ID/nomulus-tool:latest'
volumes:
- name: 'secrets'
path: '/secrets'
args:
- -e
- ${_ENV}
- --credential
- /secrets/cloud_sql_credential.json
- get_sql_credential
- --user
- schema_deployer
- --output
- /secrets/schema_deployer_credential.dec
# Download the schema jar to be deployed.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
volumes:
- name: 'flyway'
path: '/flyway/jars'
entrypoint: /bin/bash
args:
- -c
- |
set -e
gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/schema.jar \
/flyway/jars
# Deploy SQL schema
- name: 'gcr.io/$PROJECT_ID/schema_deployer:latest'
volumes:
- name: 'secrets'
path: '/secrets'
- name: 'flyway'
path: '/flyway/jars'
args: ['migrate']
# Save the deployed tag for the current environment on GCS to a well-known.
# location. Do not use the 'artifacts' section for this since it will
# upload an extra metadata file every time and pollute the folder.
# Also copy the schema jar here. It will be mapped into Kokoro for presubmit tests.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
entrypoint: /bin/bash
args:
- -c
- |
set -e
echo ${TAG_NAME} | \
gcloud storage cp - gs://$PROJECT_ID-deployed-tags/sql.${_ENV}.tag\
# Copy the schema jar here
gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/schema.jar \
gs://$PROJECT_ID-deployed-tags/schema-test-artifacts/schema.${_ENV}.jar
timeout: 3600s
options:
machineType: 'E2_HIGHCPU_32'
Reference in New Issue View Git Blame Copy Permalink