deploy,devtools: use Cloud Build to deploy worker
Add deploy/worker.yaml, a Cloud Build configuration for the worker.
It contains all the logic from devtools/deploy_worker.sh.
Modify deploy_worker.sh to use Cloud Build by invoking worker.yaml.
Change-Id: I13667bba97eb01ce2894abc342ac36d9e1334c5f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/377674
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/deploy/worker.yaml b/deploy/worker.yaml
new file mode 100644
index 0000000..d064fa4
--- /dev/null
+++ b/deploy/worker.yaml
@@ -0,0 +1,67 @@
+# Copyright 2022 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+# This is a Cloud Build config file for the vuln worker.
+# Invoke locally from the command line using devtools/deploy_worker.sh.
+# It can also be configured to run from a trigger, by supplying the _ENV
+# substitution.
+
+substitutions:
+ _ENV: ''
+
+steps:
+ - id: Test
+ name: golang:1.17.3
+ entrypoint: bash
+ args:
+ - -ec
+ - go test ./...
+
+ - id: Prepare
+ name: bash
+ args:
+ - -ec
+ - |
+ if [[ "$SHORT_SHA" = '' ]]; then
+ echo >&2 "missing SHORT_SHA; use --substitutions on command line"
+ exit 1
+ fi
+ if [[ "$_ENV" = '' ]]; then
+ echo >&2 "missing _ENV; use --substitutions on command line"
+ exit 1
+ fi
+ tag=$(date +%Y%m%dt%H%M%S)-$SHORT_SHA
+ image=gcr.io/$PROJECT_ID/vuln-worker:$tag
+ echo "image is $image"
+ # Save image tag for later steps.
+ echo $image > /workspace/image.txt
+
+ - id: Build
+ name: gcr.io/cloud-builders/docker
+ entrypoint: bash
+ args:
+ - -ec
+ - |
+ image=$(cat /workspace/image.txt)
+ docker build -t $image --build-arg DOCKER_IMAGE=$image -f cmd/worker/Dockerfile .
+ docker push $image
+
+ - id: Deploy
+ name: gcr.io/cloud-builders/gcloud
+ entrypoint: bash
+ args:
+ - -ec
+ - |
+ image=$(cat /workspace/image.txt)
+ service=${_ENV}-vuln-worker
+ args="--project $PROJECT_ID --region us-central1"
+ gcloud run deploy $args $service --image $image
+ # If there was a rollback, `gcloud run deploy` will create a revision but
+ # not point traffic to it. The following command ensures that the new revision
+ # will get traffic.
+ latestTraffic=$(gcloud run services $args describe $service \
+ --format='value(status.traffic.latestRevision)')
+ if [[ $latestTraffic != True ]]; then
+ gcloud run services $args update-traffic $service --to-latest
+ fi
diff --git a/devtools/deploy_worker.sh b/devtools/deploy_worker.sh
index 7c02741..f431b02 100755
--- a/devtools/deploy_worker.sh
+++ b/devtools/deploy_worker.sh
@@ -4,7 +4,7 @@
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
-# Deploy the vuln worker to Cloud Run.
+# Deploy the vuln worker to Cloud Run, using Cloud Build.
set -e
@@ -15,16 +15,6 @@
[[ $(git status --porcelain) == '' ]]
}
-docker_image_tag() {
- local timestamp=$(date +%Y%m%dt%H%M%S)
- local commit=$(git rev-parse --short HEAD)
- local unclean
- if ! clean_workspace; then
- unclean="-unclean"
- fi
- echo ${timestamp}-${commit}${unclean}
-}
-
main() {
local prefix=
if [[ $1 = '-n' ]]; then
@@ -41,19 +31,16 @@
esac
local project=$(tfvar ${env}_project)
- local image=gcr.io/$project/vuln-worker:$(docker_image_tag)
-
- $prefix docker build -t $image --build-arg DOCKER_IMAGE=$image -f cmd/worker/Dockerfile .
- $prefix docker push $image
- $prefix gcloud run deploy --quiet --project $project $env-vuln-worker --image $image
- # If there was a rollback, `gcloud run deploy` will create a revision but
- # not point traffic to it. The following command ensures that the new revision
- # will get traffic.
- latestTraffic=$(gcloud run services --project $project describe $env-vuln-worker \
- --format='value(status.traffic.latestRevision)')
- if [[ $latestTraffic != True ]]; then
- $prefix gcloud run services --project $project update-traffic $env-vuln-worker --to-latest
+ local commit=$(git rev-parse --short HEAD)
+ local unclean
+ if ! clean_workspace; then
+ unclean="-unclean"
fi
+
+ $prefix gcloud builds submit \
+ --project $project \
+ --config deploy/worker.yaml \
+ --substitutions SHORT_SHA=${commit}${unclean},_ENV=$env
}
main $@