deploy/build.yaml: add locking Avoid a race condition with concurrent deployments. Change-Id: Ia145f07d79bf8ed00d66088db18222c9203e79d3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/377875 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>

commit: e461d68f4b8f3308f64046ceebe9180a4f9d0217 [log] [tgz]
author: Jonathan Amsterdam <jba@google.com> Tue Jan 11 16:41:11 2022 -0500
committer: Jonathan Amsterdam <jba@google.com> Tue Jan 11 22:02:43 2022 +0000
tree: 9c2aedccde5566d8a6dae689f7a3b16985279430
parent: 66ef361063b8630215a539efcb574f3583ae75e5 [diff]
diff --git a/deploy/build.yaml b/deploy/build.yaml
index 600cc3b..bbefff7 100644
--- a/deploy/build.yaml
+++ b/deploy/build.yaml

@@ -1,4 +1,17 @@
 steps:
+  - id: Lock
+    name: golang:1.17.3
+    entrypoint: bash
+    args:
+      - -ec
+      - |
+        if [[ "$COMMIT_SHA" = '' ]]; then
+          echo "no COMMIT_SHA, not locking"
+          exit 0
+        fi
+        go run golang.org/x/website/cmd/locktrigger@latest \
+          -project $PROJECT_ID -build $BUILD_ID -repo https://go.googlesource.com/vulndb
+
   - name: golang
     entrypoint: bash
     args: ["-c", "go install golang.org/x/vulndb/cmd/gendb@latest
commit	e461d68f4b8f3308f64046ceebe9180a4f9d0217	[log] [tgz]
author	Jonathan Amsterdam <jba@google.com>	Tue Jan 11 16:41:11 2022 -0500
committer	Jonathan Amsterdam <jba@google.com>	Tue Jan 11 22:02:43 2022 +0000
tree	9c2aedccde5566d8a6dae689f7a3b16985279430
parent	66ef361063b8630215a539efcb574f3583ae75e5 [diff]