Add Cloud Build sync job for reserved and premium lists (#2302)

* Change tld-update to db-object-updater * rename sync_tlds.sh to sync_db_objects.sh * Change to configured command name * Change environment to sandbox explicitly for testing on alpha * Add remaining object steps and change cloudbuild-tld-sync to cloudbuild-sync-db-objects * Add build_environment flag * Change order of command and directory * Uncomment out reserved list part
2025-07-27 21:16:25 +02:00 · 2024-01-31 14:50:54 -05:00 · 2024-01-31 14:50:54 -05:00 · 73ab95bd9d
commit 73ab95bd9d
parent f85cf57e36
5 changed files with 47 additions and 29 deletions
--- a/release/cloudbuild-sync-db-objects.yaml
+++ b/release/cloudbuild-sync-db-objects.yaml
@ -0,0 +1,61 @@
+# This will sync the configuration files in the internal repo with their
+# corresponding objects in the database.
+#
+# To manually trigger a build on GCB, run:
+# gcloud builds submit --config cloudbuild-sync-db-objects.yaml --substitutions \
+#   _INTERNAL_REPO_URL=[URL] ..
+#
+# To trigger a build automatically, follow the instructions below and add a trigger:
+# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
+#
+# Note that the release process hardens the tags and variables in this file:
+# - The 'latest' tag on docker images will be replaced by their image digests.
+# - The ${_ENV} pattern will be replaced by the actual environment name.
+# Please refer to ./cloudbuild-release.yaml for more details.
+#
+steps:
+# Check out the internal repo.
+- name: 'gcr.io/cloud-builders/git'
+  entrypoint: /bin/bash
+  args:
+  - -c
+  - |
+    set -e
+    git clone https://gerrit.googlesource.com/gcompute-tools
+    ./gcompute-tools/git-cookie-authdaemon
+    git clone ${_INTERNAL_REPO_URL} nomulus-internal
+# Download and decrypt the nomulus tool credential
+- name: 'gcr.io/$PROJECT_ID/builder:latest'
+  entrypoint: /bin/bash
+  args:
+  - -c
+  - |
+    set -e
+    gcloud secrets versions access latest \
+      --secret nomulus-tool-cloudbuild-credential \
+      > nomulus_tool_credential.json
+# Configure the TLDs using the stored configuration files in the internal repo
+- name: 'gcr.io/$PROJECT_ID/db_object_updater:latest'
+  args:
+  - ${_ENV}
+  - ./nomulus_tool_credential.json
+  - configure_tld
+  - nomulus-internal/core/src/main/java/google/registry/config/files/tld/
+# Configure the premium lists using the stored configuration files in the internal repo
+- name: 'gcr.io/$PROJECT_ID/db_object_updater:latest'
+  args:
+  - ${_ENV}
+  - ./nomulus_tool_credential.json
+  - update_premium_list
+  - nomulus-internal/core/src/main/java/google/registry/config/files/premium/
+# Configure the reserved lists using the stored configuration files in the internal repo
+- name: 'gcr.io/$PROJECT_ID/db_object_updater:latest'
+  args:
+  - ${_ENV}
+  - ./nomulus_tool_credential.json
+  - update_reserved_list
+  - nomulus-internal/core/src/main/java/google/registry/config/files/reserved/
+
+timeout: 7200s
+options:
+  machineType: 'E2_HIGHCPU_32'