mirror of
https://github.com/google/nomulus.git
synced 2025-07-28 21:46:29 +02:00
655f05c58c
* Update cloudbuild-nomulus to save standardTest logs to GCS * Remove step changes from cloudbuild-nomulus
61 lines
2.5 KiB
YAML
61 lines
2.5 KiB
YAML
# This will create a docker image named gcr.io/[PROJECT_ID]/proxy:[TAG] locally.
|
|
# The PROJECT_ID is the current project name that gcloud uses.
|
|
#
|
|
# To manually trigger a build on GCB, run:
|
|
# gcloud builds submit --config cloudbuild-proxy.yaml --substitutions TAG_NAME=[TAG] ..
|
|
#
|
|
# To trigger a build automatically, follow the instructions below and add a trigger:
|
|
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
|
|
steps:
|
|
# Build the proxy docker image.
|
|
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
|
|
args:
|
|
- ./gradlew
|
|
- :proxy:test
|
|
- :proxy:buildProxyImage
|
|
- -PmavenUrl=gcs://domain-registry-maven-repository/maven
|
|
- -PpluginsUrl=gcs://domain-registry-maven-repository/plugins
|
|
# Tag and push the image. We can't let Cloud Build's default processing do that for us
|
|
# because we need to push the image before we can sign it in the following step.
|
|
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
|
|
entrypoint: /bin/bash
|
|
args:
|
|
- -c
|
|
- |
|
|
set -e
|
|
docker tag proxy gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}
|
|
docker tag proxy gcr.io/${PROJECT_ID}/proxy:latest
|
|
docker push gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}
|
|
docker push gcr.io/${PROJECT_ID}/proxy:latest
|
|
dir: 'proxy'
|
|
# Get the image digest, sign it and substitute in the digest in the tagging yaml file.
|
|
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
|
|
entrypoint: /bin/bash
|
|
args:
|
|
- -c
|
|
- |
|
|
set -e
|
|
digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/proxy \
|
|
--format="get(digest)" --filter="tags = ${TAG_NAME}")
|
|
gcloud --project=${PROJECT_ID} alpha container binauthz attestations \
|
|
sign-and-create --artifact-url=gcr.io/${PROJECT_ID}/proxy@$digest \
|
|
--attestor=build-attestor --attestor-project=${PROJECT_ID} \
|
|
--keyversion-project=${PROJECT_ID} --keyversion-location=global \
|
|
--keyversion-keyring=attestor-keys --keyversion-key=signing \
|
|
--keyversion=1
|
|
sed -i s/'$${_IMAGE}'/proxy/g release/cloudbuild-tag.yaml
|
|
sed -i s/':$${TAG_NAME}'/@$digest/g release/cloudbuild-tag.yaml
|
|
# Images to upload to GCR. Even though the image has already been uploaded, we still include it
|
|
# here so that the GCB pubsub message contains it (for Spinnaker to consume).
|
|
images: ['gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}']
|
|
# Config files to upload to GCS.
|
|
artifacts:
|
|
objects:
|
|
location: 'gs://${PROJECT_ID}-deploy/${TAG_NAME}'
|
|
# This cannot be regexs because of how Spinnaker constructs artifact paths.
|
|
paths:
|
|
- 'proxy/kubernetes/proxy-*.yaml'
|
|
- 'release/cloudbuild-tag.yaml'
|
|
timeout: 3600s
|
|
options:
|
|
machineType: 'E2_HIGHCPU_32'
|