forked from shaka-project/triage-party-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
google-cloud-build.yaml
110 lines (100 loc) · 4.37 KB
/
google-cloud-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Shaka Team Triage Party - Google Cloud Build Config
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This config is based on the default generated by Google Cloud Build in the
# Cloud Console UI. Many comments have been added, several things have been
# changed for functionality, and some things refactored for maintainability.
steps:
# Builds our custom Docker image from the GitHub repo.
- name: gcr.io/cloud-builders/docker
id: Build
args:
- build
- '--no-cache'
- '-t'
- '$_IMAGE_NAME'
- .
- '-f'
- Dockerfile
# Pushes our Docker image to GCR.
- name: gcr.io/cloud-builders/docker
id: Push
args:
- push
- '$_IMAGE_NAME'
# Deploys our service to Google Cloud Run.
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk:slim'
id: Deploy
# Important: for secret environment variables to be evaluated, we must use
# "bash -c" instead of invoking gcloud directly. This means combining all
# arguments into one big bash script string, which is unfortunate. But
# YAML's multiline strings make it more manageable.
entrypoint: bash
args:
- '-c'
- |
gcloud run services update "$_SERVICE_NAME" \
--platform="$_PLATFORM" \
--image="$_IMAGE_NAME" \
--min-instances 1 \
--max-instances 1 \
--add-cloudsql-instances="${_DATABASE_CONNECTION_NAME}" \
--set-env-vars="GITHUB_TOKEN=$$GITHUB_TOKEN,PERSIST_BACKEND=mysql,PERSIST_PATH=${_PERSIST_PATH}" \
--labels="$_LABELS" \
--region="$_DEPLOY_REGION" \
--quiet
# Added to provide access to the GitHub token environment variable
# extracted from the Google Cloud Secret Manager:
secretEnv:
- GITHUB_TOKEN
- DATABASE_PASSWORD
# Defines secrets extracted from the Google Cloud Secret Manager:
availableSecrets:
secretManager:
- versionName: projects/473772788765/secrets/shaka-bot-triage-party-token/versions/1
env: GITHUB_TOKEN
- versionName: projects/473772788765/secrets/triage-party-db-pass/versions/1
env: DATABASE_PASSWORD
options:
# Don't error when a substitution is not used.
substitutionOption: ALLOW_LOOSE
# Allow expansion of substitutions within substitutions.
dynamic_substitutions: true
substitutions:
_GCR_HOSTNAME: us.gcr.io
_PLATFORM: managed
_SERVICE_NAME: triage-party # Google Cloud Run service name
_DEPLOY_REGION: us-central1
_LABELS: managed-by=gcp-cloud-build-deploy-cloud-run,commit-sha=${COMMIT_SHA},gcb-build-id=${BUILD_ID},gcb-trigger-id=${_TRIGGER_ID}
_TRIGGER_ID: a47347b1-4531-4c36-970d-3e70505c8b6e
_IMAGE_NAME: ${_GCR_HOSTNAME}/${PROJECT_ID}/${REPO_NAME}/${_SERVICE_NAME}:${COMMIT_SHA}
_DATABASE_INSTANCE_NAME: triage-party-db # Google Cloud SQL instance name
_DATABASE_NAME: triageparty # Name of the mysql database within the instance
_DATABASE_CONNECTION_NAME: ${PROJECT_ID}:${_DEPLOY_REGION}:${_DATABASE_INSTANCE_NAME}
_DATABASE_USER: triage-party
# This is the configuration of a MySQL connection. It uses a unix socket to
# connect, which is set up automatically by Google Cloud SQL Auth Proxy. The
# proxy is used when the --add-cloudsql-instances argument is given above.
# This was a total mystery until I read these two articles:
# - https://medium.com/google-cloud/3-great-options-for-persistent-storage-with-cloud-run-f1581ee05164
# - https://cloud.google.com/sql/docs/mysql/connect-admin-proxy
# I also referred to this for formatting of the connection string:
# - https://github.com/go-sql-driver/mysql#dsn-data-source-name
_PERSIST_PATH: ${_DATABASE_USER}:$$DATABASE_PASSWORD@unix(/cloudsql/${_DATABASE_CONNECTION_NAME})/${_DATABASE_NAME}
images:
- '${_GCR_HOSTNAME}/${PROJECT_ID}/${REPO_NAME}/${_SERVICE_NAME}:${COMMIT_SHA}'
tags:
- gcp-cloud-build-deploy-cloud-run
- gcp-cloud-build-deploy-cloud-run-managed
- triage-party