commit c4b8abe9acb7d4e0da2322a78fd1a60ebd2fe3f1
author Dmitri Shuralyov <dmitshur@golang.org> Fri Sep 10 11:31:11 2021 -0400
committer Dmitri Shuralyov <dmitshur@golang.org> Fri Sep 10 19:08:05 2021 +0000
tree 98b479f88a5c549059819a54747623f286d4747a
parent 71eba720539774e32a3732f35e406f6522d4e0b7

cmd/gopherbot: move to Workload Identity

Create a new service account, and move the deployment over to the prod
namespace. Also update the build image to Go 1.17.

For golang/go#48263.

Change-Id: I9c7776b294ee78c2745670f805ec70cab1ae4573
Reviewed-on: https://go-review.googlesource.com/c/build/+/349056
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>

cmd/gopherbot/Dockerfile

diff --git a/cmd/gopherbot/Dockerfile b/cmd/gopherbot/Dockerfile
index 9ccca8a..ef31737 100644
--- a/cmd/gopherbot/Dockerfile
+++ b/cmd/gopherbot/Dockerfile
@@ -2,13 +2,9 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-FROM golang:1.12 AS build
+FROM golang:1.17 AS build
 LABEL maintainer "golang-dev@googlegroups.com"
 
-
-ENV GO111MODULE=on
-ENV GOPROXY=https://proxy.golang.org
-
 RUN mkdir /gocache
 ENV GOCACHE /gocache
 

cmd/gopherbot/Makefile

diff --git a/cmd/gopherbot/Makefile b/cmd/gopherbot/Makefile
index cad04ae..452d5bc 100644
--- a/cmd/gopherbot/Makefile
+++ b/cmd/gopherbot/Makefile
@@ -23,7 +23,7 @@
 
 deploy-prod: push-prod
 	go install golang.org/x/build/cmd/xb
-	xb --prod kubectl set image deployment/gopherbot-deployment gopherbot=$(IMAGE_PROD):$(VERSION)
+	xb --prod kubectl --namespace prod set image deployment/gopherbot-deployment gopherbot=$(IMAGE_PROD):$(VERSION)
 deploy-staging: push-staging
 	go install golang.org/x/build/cmd/xb
 	xb --staging kubectl set image deployment/gopherbot-deployment gopherbot=$(IMAGE_STAGING):$(VERSION)

cmd/gopherbot/deployment-prod.yaml

diff --git a/cmd/gopherbot/deployment-prod.yaml b/cmd/gopherbot/deployment-prod.yaml
index 6460f0b..04c01d5 100644
--- a/cmd/gopherbot/deployment-prod.yaml
+++ b/cmd/gopherbot/deployment-prod.yaml
@@ -1,6 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  namespace: prod
   name: gopherbot-deployment
 spec:
   replicas: 1 # more than 1 might cause duplicate GitHub comments
@@ -15,6 +16,9 @@
         container.seccomp.security.alpha.kubernetes.io/gopherbot: docker/default
         container.apparmor.security.beta.kubernetes.io/gopherbot: runtime/default
     spec:
+      serviceAccountName: gopherbot
+      nodeSelector:
+        cloud.google.com/gke-nodepool: workload-identity-pool
       volumes:
       - name: cache-volume
         emptyDir: {}