-
Notifications
You must be signed in to change notification settings - Fork 18
/
cloudbuild.yaml
150 lines (135 loc) · 4.24 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
steps:
# See: https://cloud.google.com/cloud-build/docs/running-builds/create-manage-triggers
# "If you're building using GitHub app triggers, Cloud Build fetches your source from a
# Cloud Storage archive. Therefore, you must first clone your Git repo before fetching it"
# We need the full history for sentry-cli to do its job, hence we need the .git directory
# https://github.com/GoogleCloudPlatform/cloud-builders/issues/236
# Acquire git folder with --no-checkout clone, fetch, then destroy the evidence
- id: get-git-history
name: gcr.io/cloud-builders/git
entrypoint: bash
args:
- '-c'
- |
git clone https://github.com/lookit/lookit-api.git --no-checkout
mv lookit-api/.git .
git fetch --unshallow
rm -rf lookit-api
- id: boot-postgres
name: gcr.io/cloud-builders/docker
args: [
'run',
'-d',
'--name=lookitdb',
'--network=cloudbuild',
'-e',
'POSTGRES_PASSWORD=password',
'postgres:9.6',
]
# Use dockerize per suggestion here:
# https://github.com/GoogleCloudPlatform/cloud-builders/issues/376#issuecomment-498624099
- id: wait-for-postgres
name: jwilder/dockerize:0.6.1
args: ['dockerize', '-timeout=60s', '-wait=tcp://lookitdb:5432']
- id: build-image
name: gcr.io/cloud-builders/docker
args: [
'build',
'--tag',
'lookit',
'--build-arg',
'GIT_COMMIT=$COMMIT_SHA',
'--build-arg',
'GIT_TAG=$TAG_NAME',
'--network=cloudbuild',
'.'
]
- id: build-test-image
name: gcr.io/cloud-builders/docker
args: [
'build',
'--tag',
'lookit-test',
'--build-arg',
'GIT_COMMIT=$COMMIT_SHA',
'--build-arg',
'GIT_TAG=$TAG_NAME',
'--network=cloudbuild',
'--file',
'Dockerfile.dev',
'.'
]
- id: run-tests
name: lookit-test
args: ['python', 'manage.py', 'test']
env:
- 'DB_HOST=lookitdb'
- 'DB_PASSWORD=password'
- id: tag-image
name: gcr.io/cloud-builders/docker
args: [ 'tag', 'lookit', 'gcr.io/$PROJECT_ID/lookit:$COMMIT_SHA']
- id: push-image-to-gcr
name: gcr.io/cloud-builders/docker
args: [ 'push', 'gcr.io/$PROJECT_ID/lookit:$COMMIT_SHA']
- id: deploy-to-cluster
name: gcr.io/cloud-builders/docker
args: [
'run',
'--network=cloudbuild',
'--env',
'BUILD_ID=$BUILD_ID',
'--env',
'REPO_NAME=$REPO_NAME',
'--env',
'COMMIT_SHA=$COMMIT_SHA',
'--env',
'SHORT_SHA=$SHORT_SHA',
'--env',
'BRANCH_NAME=$BRANCH_NAME',
'--env',
'TAG_NAME=$TAG_NAME',
'gcr.io/$PROJECT_ID/lookit-orchestrator',
]
# Create a Sentry release
# SENTRY_AUTH_TOKEN is decrypted before this step runs.
# Note: Need a shell to resolve environment variables with $$
# Since sentry-cli image is based on alpine, we use `ash`
- id: create-sentry-release
name: getsentry/sentry-cli
entrypoint: ash
args:
- '-c'
- |
cd /workspace
if [[ "$BRANCH_NAME" == "master" ]]; then
export SENTRY_ENVIRONMENT=production
export SENTRY_PROJECT=lookit-backend
elif [[ "$BRANCH_NAME" == "develop" ]]; then
export SENTRY_ENVIRONMENT=staging
export SENTRY_PROJECT=lookit-backend-w1
else
echo "Branch $BRANCH_NAME not mapped to sentry environment"
exit 0
fi
export VERSION=$$(sentry-cli releases propose-version)
sentry-cli releases new -p "$$SENTRY_PROJECT" "$$VERSION"
sentry-cli releases set-commits "$$VERSION" --auto
sentry-cli releases finalize "$$VERSION"
sentry-cli releases deploys $$VERSION new -e $$SENTRY_ENVIRONMENT
secretEnv: [ 'SENTRY_AUTH_TOKEN' ]
env: [
'SENTRY_ORG=massachusetts-institute-of-technology'
]
# cloud-build-local won't clean `docker run -d`-ed container so we have to do it here.
- id: cloud-build-local-cleanup
name: gcr.io/cloud-builders/docker
args: ['rm', '--force', 'lookitdb']
images:
- 'gcr.io/$PROJECT_ID/lookit:$COMMIT_SHA'
# SENTRY_AUTH_TOKEN is encrypted with GKMS
# TODO: bring this back in when the git history thing is resolved.
secrets:
- kmsKeyName: projects/mit-lookit-keys/locations/us-east1/keyRings/lookit-keyring/cryptoKeys/sentry-auth
secretEnv:
SENTRY_AUTH_TOKEN: CiQAVYLHlum+JbxvLUXADsLiiIwXjocXFGg5SAsxKyvAkDRjEaESaABnxmN4TReBWF0cY+XPS8xytlGSUhClZewwH7ttpBFKC65+Y0a6W8XIsTjyQMyVzWiLxSOef46bmI1Bo8JIbh/ErIRWm3rPBNFs843z52oF8M93+miMUlt8UOWmIgyq1U/fjThhq0UI
timeout: 1800s