google-nomulus/release/cloudbuild-beam.yaml

# To run the build locally, install cloud-build-local first.
# Then run:
# cloud-build-local --config=cloudbuild-deploy-beam.yaml --dryrun=false \
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
#
# This will deploy Beam pipelines to GCS for the PROJECT_ID defined in gcloud
# tool.
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config=cloudbuild-deploy-beam.yaml \
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
steps:
# Pull the latest nomulus.jar to local
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
  args:
  - gsutil
  - cp
  - gs://${PROJECT_ID}-deploy/${TAG_NAME}/nomulus.jar
  - .
# Pull the credential for nomulus tool
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
  args:
  - gsutil
  - cp
  - gs://${PROJECT_ID}-deploy/secrets/tool-credential.json.enc
  - .
# Decrypt the credential
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    cat tool-credential.json.enc | base64 -d | gcloud kms decrypt \
      --ciphertext-file=- --plaintext-file=tool-credential.json \
      --location=global --keyring=nomulus-tool-keyring --key=nomulus-tool-key
# Deploy spec11 and invoicing pipeline to GCS
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
  entrypoint: /bin/bash
  args:
  - -c
  - |
    java -jar nomulus.jar -e ${_ENV} --credential tool-credential.json \
    deploy_spec11_pipeline
    java -jar nomulus.jar -e ${_ENV} --credential tool-credential.json \
    deploy_invoicing_pipeline
timeout: 3600s
options:
  machineType: 'N1_HIGHCPU_8'