deploy/build.yaml: add locking
Avoid a race condition with concurrent deployments.
Change-Id: Ia145f07d79bf8ed00d66088db18222c9203e79d3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/377875
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/deploy/build.yaml b/deploy/build.yaml
index 600cc3b..bbefff7 100644
--- a/deploy/build.yaml
+++ b/deploy/build.yaml
@@ -1,4 +1,17 @@
steps:
+ - id: Lock
+ name: golang:1.17.3
+ entrypoint: bash
+ args:
+ - -ec
+ - |
+ if [[ "$COMMIT_SHA" = '' ]]; then
+ echo "no COMMIT_SHA, not locking"
+ exit 0
+ fi
+ go run golang.org/x/website/cmd/locktrigger@latest \
+ -project $PROJECT_ID -build $BUILD_ID -repo https://go.googlesource.com/vulndb
+
- name: golang
entrypoint: bash
args: ["-c", "go install golang.org/x/vulndb/cmd/gendb@latest