connectors-sync-worker/cloudbuild.yaml at master · ilanmai21/connectors-sync-worker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
steps:
  - id: sonarqube-scan
    name: us-docker.pkg.dev/${PROJECT_ID}/infra-docker/sonar-scanner
    entrypoint: bash
    args:
      - -c
      - |
        set -e
        if [ $BRANCH_NAME == "master" ]; then
            sonar-scanner \
                -Dsonar.host.url=http://sonarqube.publishing-testing.ai21.com/sonarqube/ \
                -Dsonar.projectKey=$_GIT_REPO \
                -Dsonar.sources=. \
                -Dsonar.qualitygate.wait=true
        fi

  - id: fetch-code
    name: gcr.io/cloud-builders/git
    args: [fetch, --unshallow, --tags]

  - id: set-paas-ci-tools-versions
    name: gcr.io/cloud-builders/docker
    entrypoint: bash
    args:
      - -c
      - |
        set -euo pipefail
        IMAGE="us-docker.pkg.dev/$PROJECT_ID/infra-docker/ai21-paas/application-ci-tools"
        VERSION=$(grep 'name: ai21-paas-application' -A 1 helm/Chart.yaml | grep version: | awk '{print $2}')
        docker pull $$IMAGE:${VERSION%.*}
        docker tag $$IMAGE:${VERSION%.*} $$IMAGE:chart-version

  - id: paas-ci-prologue
    name: us-docker.pkg.dev/$PROJECT_ID/infra-docker/ai21-paas/application-ci-tools:chart-version
    env:
      - AR_DOCKER_REPO=$_AR_DOCKER_REPO
      - AR_HELM_REPO=$_AR_HELM_REPO
      - BRANCH_NAME=$BRANCH_NAME
      - GIT_REPO=$_GIT_REPO
      - SHORT_SHA=$SHORT_SHA
    args:
      - ci-prologue
  - id: setup-ssh-access
    name: gcr.io/cloud-builders/git
    secretEnv:
      - BITBUCKET_SSH_KEY
    entrypoint: bash
    args:
      - -c
      - |
        mkdir -p -m 0700 .ssh
        echo "$${BITBUCKET_SSH_KEY}" > .ssh/id_rsa
        chmod 600 .ssh/id_rsa
        ssh-keyscan bitbucket.org >> .ssh/known_hosts
        curl --silent --header "Metadata-Flavor: Google" --retry 5 --retry-connrefused --retry-max-time 30 "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" | sed 's/.*"access_token":"\([^"]*\)".*/machine us-python.pkg.dev\nlogin oauth2accesstoken\npassword \1/g' > .netrc
        chmod 600 .netrc

  - id: build-image
    name: gcr.io/cloud-builders/docker
    env:
      - DOCKER_BUILDKIT=1
      - BRANCH_NAME=$BRANCH_NAME
    entrypoint: bash
    args:
      - -c
      - |
        set -eu
        . ./cloudbuild.vars
        if [ $$ONLY_BUILD_CHART ]; then
            echo only building chart
            docker tag gcr.io/cloud-builders/docker build/temporary
            exit 0
        fi
        RECENT_IMAGE=$_AR_DOCKER_REPO/$_GIT_REPO:latest
        if [ $BRANCH_NAME != "master" ]; then
            RECENT_IMAGE=$_AR_DOCKER_REPO/$_GIT_REPO:${BRANCH_NAME//[_\/]/-}-recent
        fi
        docker buildx build \
          --progress=plain \
          --secret=id=key,src=.ssh/id_rsa \
          --secret=id=netrc,src=.netrc \
          --build-arg BUILDKIT_INLINE_CACHE=1 \
          --cache-from=$$RECENT_IMAGE \
          -t=build/temporary \
          --build-arg=branch_name=$BRANCH_NAME \
          --build-arg=image=$_AR_DOCKER_REPO/$_GIT_REPO:$$NEXT_APP_VERSION \
          --build-arg=name_for_logging=$_GIT_REPO \
          --build-arg=short_sha=$SHORT_SHA \
          --build-arg=version_for_logging=$$NEXT_APP_VERSION \
          .

  - id: ci-checks
    name: build/temporary
    entrypoint: sh
    args:
      - -c
      - |
        set -eu
        . ./cloudbuild.vars
        if [ $$ONLY_BUILD_CHART ]; then
            echo only building chart
            exit 0
        fi

        poetry config virtualenvs.create false
        poetry install --only dev,test
        ./ci_scripts/ci.sh

  - id: push-image
    name: gcr.io/cloud-builders/docker
    env:
      - BRANCH_NAME=$BRANCH_NAME
    entrypoint: bash
    args:
      - -c
      - |
        set -eu
        . ./cloudbuild.vars
        if [ $$ONLY_BUILD_CHART ]; then
            echo only building chart
            exit 0
        fi
        IMAGE=$_AR_DOCKER_REPO/$_GIT_REPO:$$NEXT_APP_VERSION
        docker tag build/temporary $$IMAGE
        docker push $$IMAGE
        if [ $BRANCH_NAME == "master" ]; then
            RECENT_IMAGE=$_AR_DOCKER_REPO/$_GIT_REPO:latest
        else
            # normalizing branch name
            RECENT_IMAGE=$_AR_DOCKER_REPO/$_GIT_REPO:${BRANCH_NAME//[_\/]/-}-recent
        fi
        docker tag build/temporary $$RECENT_IMAGE
        docker push $$RECENT_IMAGE

  - id: paas-ci-epilogue
    name: us-docker.pkg.dev/$PROJECT_ID/infra-docker/ai21-paas/application-ci-tools:chart-version
    env:
      - AR_DOCKER_REPO=$_AR_DOCKER_REPO
      - AR_HELM_REPO=$_AR_HELM_REPO
      - BRANCH_NAME=$BRANCH_NAME
      - GIT_REPO=$_GIT_REPO
    args:
      - ci-epilogue

artifacts:
  objects:
    location: gs://$_BUILD_INFO_BUCKET/$_GIT_REPO/$BUILD_ID
    paths: [tags.json]

availableSecrets:
  secretManager:
    - env: BITBUCKET_SSH_KEY
      versionName: $_BITBUCKET_SECRET_VERSION

timeout: 600s

options:
  pool:
    name: projects/$PROJECT_ID/locations/us-central1/workerPools/E2-HIGHCPU-8