mirror of
https://github.com/google/nomulus.git
synced 2025-08-03 16:32:11 +02:00
Deploy SQL schema from Cloud Build (#350)
Defined Docker image for schema deployment. Included schema deploymer docker in the Cloud Build release process. Defined Cloud Build config for schema deployment. TESTED=Used cloud-build-local to test deployment flow TESTED=Used docker to test schema deployer image in more ways
This commit is contained in:
Weimin Yu
GitHub
parent
d9b0754dec
commit
6b19f015bf
5 changed files with 266 additions and 2 deletions
56
release/schema-deployer/Dockerfile
Normal file
56
release/schema-deployer/Dockerfile
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
# Copyright 2019 The Nomulus Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This Dockerfile builds an image that can be used in Google Cloud Build.
|
||||
# We need the following programs to build the schema deployer:
|
||||
# 1. Bash to execute a shell script.
|
||||
# 2. Java 8 for running the Flywaydb commandline tool.
|
||||
# 2. Cloud SQL proxy for connection to the SQL instance.
|
||||
# 3. The Flywaydb commandline tool.
|
||||
#
|
||||
# Please refer to deploy_sql_schema.sh for expected volumes and arguments.
|
||||
|
||||
# Although any Linux-based Java image with bash would work (e.g., openjdk:8),
|
||||
# as a GCP application we prefer to start with a GCP-approved base image.
|
||||
FROM marketplace.gcr.io/google/ubuntu1804
|
||||
ENV DEBIAN_FRONTEND=noninteractive LANG=en_US.UTF-8
|
||||
# Install openjdk-8
|
||||
RUN apt-get update -y \
|
||||
&& apt-get install locales -y \
|
||||
&& locale-gen en_US.UTF-8 \
|
||||
&& apt-get install apt-utils -y \
|
||||
&& apt-get upgrade -y \
|
||||
&& apt-get install openjdk-8-jdk-headless -y
|
||||
|
||||
# Get netstat, used for checking Cloud SQL proxy readiness.
|
||||
RUN apt-get install net-tools
|
||||
|
||||
COPY deploy_sql_schema.sh /usr/local/bin/
|
||||
ADD https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 \
|
||||
/usr/local/bin/cloud_sql_proxy
|
||||
RUN chmod +x /usr/local/bin/cloud_sql_proxy
|
||||
# Adapted from https://github.com/flyway/flyway-docker/blob/master/Dockerfile
|
||||
RUN \
|
||||
FLYWAY_MAVEN=https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline \
|
||||
&& FLYWAY_VERSION=$(curl ${FLYWAY_MAVEN}/maven-metadata.xml \
|
||||
| grep -oP "<release>\K.*(?=</release>)") \
|
||||
&& echo "Downloading Flyway-commandline-${FLYWAY_VERSION}" \
|
||||
&& mkdir -p /flyway \
|
||||
&& curl -L ${FLYWAY_MAVEN}/${FLYWAY_VERSION}/flyway-commandline-${FLYWAY_VERSION}.tar.gz \
|
||||
-o flyway-commandline-${FLYWAY_VERSION}.tar.gz \
|
||||
&& tar -xzf flyway-commandline-${FLYWAY_VERSION}.tar.gz --strip-components=1 \
|
||||
-C /flyway \
|
||||
&& rm flyway-commandline-${FLYWAY_VERSION}.tar.gz
|
||||
|
||||
ENTRYPOINT [ "deploy_sql_schema.sh" ]
|
||||
96
release/schema-deployer/deploy_sql_schema.sh
Executable file
96
release/schema-deployer/deploy_sql_schema.sh
Executable file
|
|
@ -0,0 +1,96 @@
|
|||
#!/bin/bash
|
||||
# Copyright 2019 The Nomulus Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Mounted volumes and required files in them:
|
||||
# - /secrets: cloud_sql_credential.json: Cloud SQL proxy credential
|
||||
# - /flyway/jars: the schema jar to be deployed.
|
||||
#
|
||||
# Database login info may be passed in two ways:
|
||||
# - Decrypt the admin_credential.enc file on GCS and map it as
|
||||
# /secrets/admin_credential.dec
|
||||
# - Provide the content of the admin_credential as command line arguments
|
||||
|
||||
set -e
|
||||
if [ "$#" -le 1 ]; then
|
||||
if [ ! -f /secrets/admin_credential.dec ]; then
|
||||
echo "Missing /secrets/admin_credential.dec"
|
||||
exit 1
|
||||
fi
|
||||
cloud_sql_instance=$(cut -d' ' -f1 /secrets/admin_credential.dec)
|
||||
db_user=$(cut -d' ' -f2 /secrets/admin_credential.dec)
|
||||
db_password=$(cut -d' ' -f3 /secrets/admin_credential.dec)
|
||||
flyway_action=${1:-validate}
|
||||
elif [ "$#" -ge 3 ]; then
|
||||
cloud_sql_instance=$1
|
||||
db_user=$2
|
||||
db_password=$3
|
||||
flyway_action=${4:-validate}
|
||||
else
|
||||
echo "Wrong number of arguments."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Disallow the 'clean' command, which drops the entire database.
|
||||
# See https://flywaydb.org/documentation/commandline/ for command listing.
|
||||
if [ "${flyway_action}" == "clean" ]; then
|
||||
echo "The clean action is not allowed."
|
||||
exit 1;
|
||||
fi
|
||||
echo "$(date): Starting ${flyway_action} action on ${cloud_sql_instance}."
|
||||
|
||||
# Set up connection to the Cloud SQL instance.
|
||||
# For now we use Cloud SQL Proxy to set up a SSL tunnel to the Cloud SQL
|
||||
# instance. This has two drawbacks:
|
||||
# - It starts a background process, which is an anti-pattern in Docker.
|
||||
# - The main job needs to wait for a while for the proxy to come up.
|
||||
# We will research for a better long-term solution.
|
||||
#
|
||||
# Other options considered:
|
||||
# - Connect using Socket Factory in this script.
|
||||
# * Drawback: need to manage version and transitive dependencies
|
||||
# of the postgres-socket-factory jar.
|
||||
# - Create a self-contained Java application that connects using socket factory
|
||||
# * Drawback: Seems an overkill
|
||||
cloud_sql_proxy -instances=${cloud_sql_instance}=tcp:5432 \
|
||||
--credential_file=/secrets/cloud_sql_credential.json &
|
||||
|
||||
set +e
|
||||
# Wait for cloud_sql_proxy to start:
|
||||
# first sleep 1 second for the process to launch, then loop until port is ready
|
||||
# or the proxy process dies.
|
||||
sleep 1
|
||||
while ! netstat -an | grep ':5432 ' && pgrep cloud_sql_proxy; do sleep 1; done
|
||||
|
||||
if ! pgrep cloud_sql_proxy; then
|
||||
echo "Cloud SQL Proxy failed to set up connection."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
/flyway/flyway -community -user=${db_user} -password=${db_password} \
|
||||
-url=jdbc:postgresql://localhost:5432/postgres \
|
||||
-locations=classpath:sql/flyway \
|
||||
${flyway_action}
|
||||
migration_result=$?
|
||||
|
||||
if [ ${flyway_action} == "migrate" ]; then
|
||||
# After deployment, log the current schema.
|
||||
/flyway/flyway -community -user=${db_user} -password=${db_password} \
|
||||
-url=jdbc:postgresql://localhost:5432/postgres \
|
||||
-locations=classpath:sql/flyway \
|
||||
info
|
||||
fi
|
||||
# Stop Cloud SQL Proxy
|
||||
pkill cloud_sql_proxy
|
||||
exit ${migration_result}
|
||||
Loading…
Add table
Add a link
Reference in a new issue