zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-06-23 21:00:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/release/cloudbuild-schema-deploy.yaml
Lai Jiang 4c0f221e8c Re-enable tests in RC build (#1130) 
There has been a case where the CI was broken on Friday and no one
noticied or fixed it and a RC build was built with broken tests.
The tests were disabled due to unknown test failures that have since
been fixed.

Also update the machine type used by GCB to be more powerful. This is
necessary for the tests to past because N1_HIGHCPU_8 is RAM constraint
and the tests crashes. I updated all jobs to use the new type which
hopefully will make the build faster as well.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/google/nomulus/1130)
<!-- Reviewable:end -->
2021-05-05 13:53:21 -04:00

97 lines
3.4 KiB
YAML
Raw Blame History

# To run the build locally, install cloud-build-local first.
# Then run:
# cloud-build-local --config=cloudbuild-schema-deploy.yaml --dryrun=false \
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
#
# This will deploy Cloud SQL schema release with tag value ${TAG_NAME} to
# the environment specified by ${_ENV}.
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config=cloudbuild-schema-deploy.yaml \
# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
#
# Note that the release process hardens the tags and variables in this file:
# - The 'latest' tag on docker images will be replaced by their image digests.
# - The ${TAG_NAME} pattern will be replaced by the actual release tag.
# - The ${_ENV} pattern will be replaced by the actual environment name.
# Please refer to ./cloudbuild-release.yaml for more details.
# Note 2: to work around issue in Spinnaker's 'Deployment Manifest' stage,
# variable references must avoid the ${var} format. Valid formats include
# $var or ${"${var}"}. This file use the former. Since TAG_NAME and _ENV are
# expanded in the copies sent to Spinnaker, we preserve the brackets around
# them for safe pattern matching during release.
# See https://github.com/spinnaker/spinnaker/issues/3028 for more information.
steps:
# Download and decrypt the nomulus tool credential, which has the privilege to
# start Cloud SQL proxy to all environments. This credential is also used to
# authenticate the nomulus tool when fetching the schema deployer credential in
# the next step.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
volumes:
- name: 'secrets'
path: '/secrets'
entrypoint: /bin/bash
args:
- -c
- |
set -e
gsutil cp gs://$PROJECT_ID-deploy/secrets/tool-credential.json.enc - \
| base64 -d \
| gcloud kms decrypt \
--ciphertext-file=- \
--plaintext-file=/secrets/cloud_sql_credential.json \
--location=global --keyring=nomulus-tool-keyring --key=nomulus-tool-key
# Fetch the Cloud SQL credential for schema_deployer
- name: 'gcr.io/$PROJECT_ID/nomulus-tool:latest'
volumes:
- name: 'secrets'
path: '/secrets'
args:
- -e
- ${_ENV}
- --credential
- /secrets/cloud_sql_credential.json
- get_sql_credential
- --user
- schema_deployer
- --output
- /secrets/schema_deployer_credential.dec
# Download the schema jar to be deployed.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
volumes:
- name: 'flyway'
path: '/flyway/jars'
entrypoint: /bin/bash
args:
- -c
- |
set -e
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/schema.jar \
/flyway/jars
# Deploy SQL schema
- name: 'gcr.io/$PROJECT_ID/schema_deployer:latest'
volumes:
- name: 'secrets'
path: '/secrets'
- name: 'flyway'
path: '/flyway/jars'
args: ['migrate']
# Save the deployed tag for the current environment on GCS to a well-known.
# location. Do not use the 'artifacts' section for this since it will
# upload an extra metadata file every time and pollute the folder.
# TODO(weiminyu): modify this step so that TAG_NAME may be 'live'.
- name: 'gcr.io/$PROJECT_ID/builder:latest'
entrypoint: /bin/bash
args:
- -c
- |
set -e
echo ${TAG_NAME} | \
gsutil cp - gs://$PROJECT_ID-deployed-tags/sql.${_ENV}.tag\
timeout: 3600s
options:
machineType: 'E2_HIGHCPU_32'
Reference in a new issue View git blame Copy permalink