Deploy SQL schema from Cloud Build (#350)

Defined Docker image for schema deployment.

Included schema deploymer docker in the Cloud Build release process.

Defined Cloud Build config for schema deployment.

TESTED=Used cloud-build-local to test deployment flow
TESTED=Used docker to test schema deployer image in more ways

release/schema-deployer/deploy_sql_schema.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+# Copyright 2019 The Nomulus Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Mounted volumes and required files in them:
+# - /secrets: cloud_sql_credential.json: Cloud SQL proxy credential
+# - /flyway/jars: the schema jar to be deployed.
+#
+# Database login info may be passed in two ways:
+# - Decrypt the admin_credential.enc file on GCS and map it as
+#   /secrets/admin_credential.dec
+# - Provide the content of the admin_credential as command line arguments
+
+set -e
+if [ "$#" -le 1 ]; then
+  if [ ! -f /secrets/admin_credential.dec ]; then
+    echo "Missing /secrets/admin_credential.dec"
+    exit 1
+  fi
+  cloud_sql_instance=$(cut -d' ' -f1 /secrets/admin_credential.dec)
+  db_user=$(cut -d' ' -f2 /secrets/admin_credential.dec)
+  db_password=$(cut -d' ' -f3 /secrets/admin_credential.dec)
+  flyway_action=${1:-validate}
+elif [ "$#" -ge 3 ]; then
+  cloud_sql_instance=$1
+  db_user=$2
+  db_password=$3
+  flyway_action=${4:-validate}
+else
+  echo "Wrong number of arguments."
+  exit 1
+fi
+
+# Disallow the 'clean' command, which drops the entire database.
+# See https://flywaydb.org/documentation/commandline/ for command listing.
+if [ "${flyway_action}" == "clean" ]; then
+  echo "The clean action is not allowed."
+  exit 1;
+fi
+echo "$(date): Starting ${flyway_action} action on ${cloud_sql_instance}."
+
+# Set up connection to the Cloud SQL instance.
+# For now we use Cloud SQL Proxy to set up a SSL tunnel to the Cloud SQL
+# instance. This has two drawbacks:
+# - It starts a background process, which is an anti-pattern in Docker.
+# - The main job needs to wait for a while for the proxy to come up.
+# We will research for a better long-term solution.
+#
+# Other options considered:
+# - Connect using Socket Factory in this script.
+#   * Drawback: need to manage version and transitive dependencies
+#     of the postgres-socket-factory jar.
+# - Create a self-contained Java application that connects using socket factory
+#   * Drawback: Seems an overkill
+cloud_sql_proxy -instances=${cloud_sql_instance}=tcp:5432 \
+  --credential_file=/secrets/cloud_sql_credential.json &
+
+set +e
+# Wait for cloud_sql_proxy to start:
+# first sleep 1 second for the process to launch, then loop until port is ready
+# or the proxy process dies.
+sleep 1
+while ! netstat -an | grep ':5432 ' && pgrep cloud_sql_proxy; do sleep 1; done
+
+if ! pgrep cloud_sql_proxy; then
+  echo "Cloud SQL Proxy failed to set up connection."
+  exit 1
+fi
+
+/flyway/flyway -community -user=${db_user} -password=${db_password} \
+  -url=jdbc:postgresql://localhost:5432/postgres \
+  -locations=classpath:sql/flyway \
+  ${flyway_action}
+migration_result=$?
+
+if [ ${flyway_action} == "migrate" ]; then
+  # After deployment, log the current schema.
+  /flyway/flyway -community -user=${db_user} -password=${db_password} \
+    -url=jdbc:postgresql://localhost:5432/postgres \
+    -locations=classpath:sql/flyway \
+    info
+fi
+# Stop Cloud SQL Proxy
+pkill cloud_sql_proxy
+exit ${migration_result}