From fbfd6a3205c5656b6c2cb06539f00227c21b0d70 Mon Sep 17 00:00:00 2001 From: Christopher Hoskin Date: Tue, 11 Aug 2020 09:33:54 +0100 Subject: [PATCH] Merge pull request #3089 from overleaf/csh-issue-3406-use-overleaf-copybara-web-private-key Use overleaf copybara web private key GitOrigin-RevId: 206ee2ccab3f08ae1e7059fa510f2b152e9f1a8f --- services/web/cloudbuild.yaml | 213 +++++++++++++++++++++++++++++++++++ 1 file changed, 213 insertions(+) create mode 100644 services/web/cloudbuild.yaml diff --git a/services/web/cloudbuild.yaml b/services/web/cloudbuild.yaml new file mode 100644 index 0000000000..62529bb674 --- /dev/null +++ b/services/web/cloudbuild.yaml @@ -0,0 +1,213 @@ +tags: + - web + - $BRANCH_NAME + - $SHORT_SHA +substitutions: + _COPYBARA: NO_RUN +images: +- 'gcr.io/$PROJECT_ID/web:$BRANCH_NAME-${SHORT_SHA}_$BUILD_ID' +steps: +- id: copy_external_pages + name: 'gcr.io/cloud-builders/docker' + entrypoint: sh + args: + - 'bin/copy_external_pages' + waitFor: ['-'] +- id: pull_cache + name: 'gcr.io/cloud-builders/docker' + entrypoint: sh + args: + - '-c' + - 'docker pull gcr.io/$PROJECT_ID/web:$BRANCH_NAME-deps || docker pull gcr.io/$PROJECT_ID/web:master-deps || true' + waitFor: ['-'] +- id: pull_cloud_builder + name: 'gcr.io/overleaf-ops/cloud-builder' + entrypoint: 'true' + waitFor: ['-'] +- id: build_deps + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'build_deps' + waitFor: + - pull_cache +- id: push_deps + name: 'gcr.io/cloud-builders/docker' + entrypoint: sh + args: + - '-c' + - 'docker push gcr.io/$PROJECT_ID/web:$BRANCH_NAME-deps' + waitFor: + - build_deps +- id: build_dev + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'build_dev' + waitFor: + - copy_external_pages + - build_deps +- id: format + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'format_in_docker' + waitFor: + - build_dev +- id: lint + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'lint_in_docker' + waitFor: + - build_dev +- id: test_acceptance_app + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'test_acceptance_app' + waitFor: + - build_dev +- id: test_acceptance_modules + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'test_acceptance_modules' + - '-j4' + - '--output-sync' + waitFor: + - build_dev +- id: test_frontend + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'test_frontend' + waitFor: + - build_dev +- id: test_karma + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'test_karma_build_run' + waitFor: + - build_dev +- id: test_unit_app + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'test_unit_app_parallel_gnu_make_docker' + - 'J=10' + waitFor: + - build_dev +- id: test_unit_modules + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'test_unit_modules' + - '-j4' + - '--output-sync' + waitFor: + - build_dev +- id: build_webpack + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'build_webpack' + waitFor: + - build_dev +- id: build_production + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'build' + waitFor: + - build_webpack +- id: tar + name: 'gcr.io/$PROJECT_ID/cloud-builder' + args: + - 'tar' + waitFor: + - build_webpack +- id: tests_passed + name: 'gcr.io/$PROJECT_ID/cloud-builder' + entrypoint: 'true' + args: [] + waitFor: + - format + - lint + - test_acceptance_app + - test_acceptance_modules + - test_unit_app + - test_unit_modules + - test_frontend +- id: cdn_upload + name: gcr.io/cloud-builders/gsutil + entrypoint: /bin/bash + args: + - '-c' + - 'bin/cdn_upload' + env: + - 'CDN_STAG=gs://ol-stag-web-assets-1' + - 'CDN_PROD=gs://mgcp-1117973-ol-prod-web-assets-1' + waitFor: + - tar + - tests_passed +- id: decrypt_sentry_secret + name: gcr.io/cloud-builders/gcloud + args: + - kms + - decrypt + - --ciphertext-file=.sentryclirc.enc + - --plaintext-file=.sentryclirc + - --location=us-east1 + - --keyring=cloud-build-1 + - --key=cloud-build-key + waitFor: + - build_dev +- id: sentry_upload + name: 'getsentry/sentry-cli' + entrypoint: /bin/sh + args: + - 'bin/sentry_upload' + waitFor: + - decrypt_sentry_secret + - tar + - tests_passed +- id: predecrypt + name: gcr.io/cloud-builders/gcloud + entrypoint: /bin/bash + args: + - '-c' + - 'touch /root/.ssh/id_ed25519 && chmod -R 0600 /root/.ssh' + volumes: + - name: 'ssh' + path: /root/.ssh + waitFor: + - build_dev +- id: fetch_copybara_key + name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine + entrypoint: /bin/bash + args: + - '-c' + - 'gcloud secrets versions access latest --secret=overleaf-copybara-web-private-key > /root/.ssh/id_ed25519 && chmod 600 /root/.ssh/id_ed25519' + volumes: + - name: 'ssh' + path: /root/.ssh + waitFor: + - predecrypt +- id: pull_copybara + name: 'sharelatex/copybara' + entrypoint: 'true' + args: [] + waitFor: + - build_dev +- id: copybara + name: 'sharelatex/copybara' + entrypoint: bin/invoke-copybara + env: + - 'COPYBARA_CONFIG=./copybara/community/copy.bara.sky' + - 'COPYBARA=${_COPYBARA}' + - 'BRANCH_NAME=$BRANCH_NAME' + volumes: + - name: 'ssh' + path: /root/.ssh + waitFor: + - pull_copybara + - fetch_copybara_key + - tests_passed +timeout: 3600s +options: + machineType: 'N1_HIGHCPU_32' + env: + - 'BRANCH_NAME=$BRANCH_NAME' + - 'BUILD_NUMBER=${SHORT_SHA}_$BUILD_ID' + - 'COMMIT_SHA=$COMMIT_SHA' + - 'DOCKER_COMPOSE_FLAGS=-f docker-compose.ci.yml'