# To run the build locally, install cloud-build-local first.
# Then run:
# cloud-build-local --config=cloudbuild-deploy.yaml --dryrun=false \
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
#
# This will deploy the GAE config files and save the deployed tags in GCS.
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config=cloudbuild-deploy.yaml \
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
#
# Note: to work around issue in Spinnaker's 'Deployment Manifest' stage,
# variable references must avoid the ${var} format. Valid formats include
# $var or ${"${var}"}. This file uses the former. Since TAG_NAME and _ENV are
# expanded in the copies sent to Spinnaker, we preserve the brackets around
# them for safe pattern matching during release.
# See https://github.com/spinnaker/spinnaker/issues/3028 for more information.
steps:
# Pull the credential for nomulus tool.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
  args:
  - gsutil
  - cp
  - gs://$PROJECT_ID-deploy/secrets/tool-credential.json.enc
  - .
# Decrypt the credential.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    set -e
    cat tool-credential.json.enc | base64 -d | gcloud kms decrypt \
      --ciphertext-file=- --plaintext-file=tool-credential.json \
      --location=global --keyring=nomulus-tool-keyring --key=nomulus-tool-key
# Deploy the GAE config files.
# First authorize the gcloud tool to use the credential json file, then
# download and unzip the tarball that contains the relevant config files
- name: 'gcr.io/$PROJECT_ID/builder:latest'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    set -e
    gcloud auth activate-service-account --key-file=tool-credential.json
    if [ ${_ENV} == production ]; then
      project_id="domain-registry"
    else
      project_id="domain-registry-${_ENV}"
    fi
    gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/${_ENV}.tar .
    tar -xvf ${_ENV}.tar
    # Note that this currently does not work for google.com projects that
    # we use due to b/137891685. External projects are likely to work.
    for filename in cron dispatch dos index queue; do
      gcloud -q --project $project_id app deploy \
        default/WEB-INF/appengine-generated/$filename.yaml
    done
# Save the deployed tag for the current environment on GCS, and update the
# mappings from Nomulus releases to Appengine versions.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    set -e
    echo ${TAG_NAME} | \
      gsutil cp - gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tag
    # Update the release to AppEngine version mapping.
    if [ ${_ENV} == production ]; then
      project_id="domain-registry"
    else
      project_id="domain-registry-${_ENV}"
    fi
    local_map="nomulus.${_ENV}.tmp"
    gcloud app versions list \
      --project $project_id --hide-no-traffic \
      --format="csv[no-heading](SERVICE,VERSION.ID)" | \
      grep -e "^backend\|^default\|^pubapi\|^tools" |\
      while read line; do echo "${TAG_NAME},$line"; done | tee "$local_map"
    num_versions=$(cat "$local_map" | wc -l)
    if [ "$num_versions" -ne 4 ]; then
      echo "Expecting exactly four active services. Found $num_versions"
      exit 1
    fi
    gsutil cp "$local_map" gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp
    # Atomically append uploaded tmp file to nomulus.${_ENV}.versions
    gsutil compose \
      gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions \
      gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp \
      gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions

timeout: 3600s
options:
  machineType: 'E2_HIGHCPU_32'