Deploy SQL schema from Cloud Build (#350)

Defined Docker image for schema deployment.

Included schema deploymer docker in the Cloud Build release process.

Defined Cloud Build config for schema deployment.

TESTED=Used cloud-build-local to test deployment flow
TESTED=Used docker to test schema deployer image in more ways
This commit is contained in:
Weimin Yu 2019-11-12 11:06:16 -05:00 committed by GitHub
parent d9b0754dec
commit 6b19f015bf
5 changed files with 266 additions and 2 deletions

View file

@ -0,0 +1,56 @@
# Copyright 2019 The Nomulus Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This Dockerfile builds an image that can be used in Google Cloud Build.
# We need the following programs to build the schema deployer:
# 1. Bash to execute a shell script.
# 2. Java 8 for running the Flywaydb commandline tool.
# 2. Cloud SQL proxy for connection to the SQL instance.
# 3. The Flywaydb commandline tool.
#
# Please refer to deploy_sql_schema.sh for expected volumes and arguments.
# Although any Linux-based Java image with bash would work (e.g., openjdk:8),
# as a GCP application we prefer to start with a GCP-approved base image.
FROM marketplace.gcr.io/google/ubuntu1804
ENV DEBIAN_FRONTEND=noninteractive LANG=en_US.UTF-8
# Install openjdk-8
RUN apt-get update -y \
&& apt-get install locales -y \
&& locale-gen en_US.UTF-8 \
&& apt-get install apt-utils -y \
&& apt-get upgrade -y \
&& apt-get install openjdk-8-jdk-headless -y
# Get netstat, used for checking Cloud SQL proxy readiness.
RUN apt-get install net-tools
COPY deploy_sql_schema.sh /usr/local/bin/
ADD https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 \
/usr/local/bin/cloud_sql_proxy
RUN chmod +x /usr/local/bin/cloud_sql_proxy
# Adapted from https://github.com/flyway/flyway-docker/blob/master/Dockerfile
RUN \
FLYWAY_MAVEN=https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline \
&& FLYWAY_VERSION=$(curl ${FLYWAY_MAVEN}/maven-metadata.xml \
| grep -oP "<release>\K.*(?=</release>)") \
&& echo "Downloading Flyway-commandline-${FLYWAY_VERSION}" \
&& mkdir -p /flyway \
&& curl -L ${FLYWAY_MAVEN}/${FLYWAY_VERSION}/flyway-commandline-${FLYWAY_VERSION}.tar.gz \
-o flyway-commandline-${FLYWAY_VERSION}.tar.gz \
&& tar -xzf flyway-commandline-${FLYWAY_VERSION}.tar.gz --strip-components=1 \
-C /flyway \
&& rm flyway-commandline-${FLYWAY_VERSION}.tar.gz
ENTRYPOINT [ "deploy_sql_schema.sh" ]

View file

@ -0,0 +1,96 @@
#!/bin/bash
# Copyright 2019 The Nomulus Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Mounted volumes and required files in them:
# - /secrets: cloud_sql_credential.json: Cloud SQL proxy credential
# - /flyway/jars: the schema jar to be deployed.
#
# Database login info may be passed in two ways:
# - Decrypt the admin_credential.enc file on GCS and map it as
# /secrets/admin_credential.dec
# - Provide the content of the admin_credential as command line arguments
set -e
if [ "$#" -le 1 ]; then
if [ ! -f /secrets/admin_credential.dec ]; then
echo "Missing /secrets/admin_credential.dec"
exit 1
fi
cloud_sql_instance=$(cut -d' ' -f1 /secrets/admin_credential.dec)
db_user=$(cut -d' ' -f2 /secrets/admin_credential.dec)
db_password=$(cut -d' ' -f3 /secrets/admin_credential.dec)
flyway_action=${1:-validate}
elif [ "$#" -ge 3 ]; then
cloud_sql_instance=$1
db_user=$2
db_password=$3
flyway_action=${4:-validate}
else
echo "Wrong number of arguments."
exit 1
fi
# Disallow the 'clean' command, which drops the entire database.
# See https://flywaydb.org/documentation/commandline/ for command listing.
if [ "${flyway_action}" == "clean" ]; then
echo "The clean action is not allowed."
exit 1;
fi
echo "$(date): Starting ${flyway_action} action on ${cloud_sql_instance}."
# Set up connection to the Cloud SQL instance.
# For now we use Cloud SQL Proxy to set up a SSL tunnel to the Cloud SQL
# instance. This has two drawbacks:
# - It starts a background process, which is an anti-pattern in Docker.
# - The main job needs to wait for a while for the proxy to come up.
# We will research for a better long-term solution.
#
# Other options considered:
# - Connect using Socket Factory in this script.
# * Drawback: need to manage version and transitive dependencies
# of the postgres-socket-factory jar.
# - Create a self-contained Java application that connects using socket factory
# * Drawback: Seems an overkill
cloud_sql_proxy -instances=${cloud_sql_instance}=tcp:5432 \
--credential_file=/secrets/cloud_sql_credential.json &
set +e
# Wait for cloud_sql_proxy to start:
# first sleep 1 second for the process to launch, then loop until port is ready
# or the proxy process dies.
sleep 1
while ! netstat -an | grep ':5432 ' && pgrep cloud_sql_proxy; do sleep 1; done
if ! pgrep cloud_sql_proxy; then
echo "Cloud SQL Proxy failed to set up connection."
exit 1
fi
/flyway/flyway -community -user=${db_user} -password=${db_password} \
-url=jdbc:postgresql://localhost:5432/postgres \
-locations=classpath:sql/flyway \
${flyway_action}
migration_result=$?
if [ ${flyway_action} == "migrate" ]; then
# After deployment, log the current schema.
/flyway/flyway -community -user=${db_user} -password=${db_password} \
-url=jdbc:postgresql://localhost:5432/postgres \
-locations=classpath:sql/flyway \
info
fi
# Stop Cloud SQL Proxy
pkill cloud_sql_proxy
exit ${migration_result}