Merge b2023cb into d957a6c

broadinstitute · Aug 27, 2018 · c0744bb · c0744bb
2 parents d957a6c + b2023cb
commit c0744bb
Show file tree

Hide file tree

Showing 2 changed files with 135 additions and 46 deletions.
diff --git a/docker/build.sh b/docker/build.sh
@@ -1,18 +1,90 @@
 #!/bin/bash
 
-# Single source of truth for building Sam.
-# @ Jackie Roberti
-# @ Doug Voet
-#
-# Provide command line options to do one or several things:
-#   jar : build sam jar
-#   -d | --docker : provide arg either "build" or "push", to build and push docker image
-# Jenkins build job should run with all options, for example,
-#   ./docker/build.sh jar publish -d push
+HELP_TEXT="$(cat <<EOF
+ Build jar and docker images.
+   jar: build jar
+   -d | --docker : (default: no action) provide either "build" or "push" to
+           build or push a docker image.  "push" will also perform build.
+   -g | --gcr-registry: If this flag is set, will push to the specified GCR repository.
+   -k | --service-account-key-file: (optional) path to a service account key json
+           file. If set, the script will call "gcloud auth activate-service-account".
+           Otherwise, the script will not authenticate with gcloud.
+   -h | --help: print help text.
+ Examples:
+   Jenkins build job should run with all options, for example,
+     ./docker/build.sh jar -d push -g "my-gcr-registry" -k "path-to-my-keyfile"
+\t
+EOF
+)"
 
-set -ex
-PROJECT=sam
+# Enable strict evaluation semantics
+set -e
 
+# Set default variables
+DOCKER_CMD=
+BRANCH=${BRANCH:-$(git rev-parse --abbrev-ref HEAD)}  # default to current branch
+DOCKERHUB_REGISTRY=${DOCKERHUB_REGISTRY:-broadinstitute/$PROJECT}
+DOCKERHUB_TESTS_REGISTRY=${DOCKERHUB_REGISTRY}-tests
+GCR_REGISTRY=""
+ENV=${ENV:-""}
+SERVICE_ACCT_KEY_FILE=""
+DIRECTORY_URL=${DIRECTORY_URL:-ldap://opendj:389}
+DIRECTORY_PASSWORD=${DIRECTORY_PASSWORD:-testtesttest}
+
+MAKE_JAR=false
+RUN_DOCKER=false
+PRINT_HELP=false
+
+if [ -z "$1" ]; then
+    echo "No argument supplied!"
+    echo "run '${0} -h' to see available arguments."
+    exit 1
+fi
+while [ "$1" != "" ]; do
+    case $1 in
+        jar)
+            MAKE_JAR=true
+            ;;
+        -d | --docker)
+            shift
+            echo "docker command = $1"
+            DOCKER_CMD=$1
+            RUN_DOCKER=true
+            ;;
+        -g | --gcr-registry)
+            shift
+            echo "gcr registry = $1"
+            GCR_REGISTRY=$1
+            ;;
+        -k | --service-account-key-file)
+            shift
+            echo "service-account-key-file = $1"
+            SERVICE_ACCT_KEY_FILE=$1
+            ;;
+        -h | --help)
+            PRINT_HELP=true
+            ;;
+        *)
+            echo "Urecognized argument '${1}'."
+            echo "run '${0} -h' to see available arguments."
+            exit 1
+            ;;
+
+    esac
+    shift
+done
+
+if $PRINT_HELP; then
+    echo -e "${HELP_TEXT}"
+    exit 0
+fi
+
+# Run gcloud auth if a service account key file was specified.
+if [[ -n $SERVICE_ACCT_KEY_FILE ]]; then
+  TMP_DIR=$(mktemp -d tmp-XXXXXX)
+  export CLOUDSDK_CONFIG=$(pwd)/${TMP_DIR}
+  gcloud auth activate-service-account --key-file="${SERVICE_ACCT_KEY_FILE}"
+fi
 
 function make_jar()
 {
@@ -41,52 +113,54 @@ function make_jar()
 function docker_cmd()
 {
     if [ $DOCKER_CMD = "build" ] || [ $DOCKER_CMD = "push" ]; then
-        echo "building sam docker image..."
-
         GIT_SHA=$(git rev-parse origin/${BRANCH})
         echo GIT_SHA=$GIT_SHA > env.properties
-        DOCKER_TAG=${GIT_SHA:0:12}
-        DOCKER_TAG_TESTS=${GIT_SHA:0:12}
-
-	docker build -t $REPO:${DOCKER_TAG} .
+        HASH_TAG=${GIT_SHA:0:12}
+
+        echo "building ${DOCKERHUB_REGISTRY}:${HASH_TAG}..."
+        docker build -t $DOCKERHUB_REGISTRY:${HASH_TAG} .
+
+        echo "building ${DOCKERHUB_TESTS_REGISTRY}:${HASH_TAG}..."
         cd automation
-        docker build -f Dockerfile-tests -t $TESTS_REPO:${DOCKER_TAG_TESTS} .
+        docker build -f Dockerfile-tests -t $DOCKERHUB_TESTS_REGISTRY:${HASH_TAG} .
         cd ..
 
-        if [ $DOCKER_CMD = "push" ]; then
-            echo "pushing $REPO image..."
-            docker push $REPO:${DOCKER_TAG}
-            docker tag $REPO:${DOCKER_TAG} $REPO:${BRANCH}
-            docker push $REPO:${BRANCH}
+        if [ $DOCKER_CMD="push" ]; then
+            echo "pushing ${DOCKERHUB_REGISTRY}:${HASH_TAG}..."
+            docker push $DOCKERHUB_REGISTRY:${HASH_TAG}
+            docker tag $DOCKERHUB_REGISTRY:${HASH_TAG} $DOCKERHUB_REGISTRY:${BRANCH}
+            docker push $DOCKERHUB_REGISTRY:${BRANCH}
+
+            echo "pushing ${DOCKERHUB_TESTS_REGISTRY}:${HASH_TAG}..."
+            docker push $DOCKERHUB_TESTS_REGISTRY:${HASH_TAG}
+            docker tag $DOCKERHUB_TESTS_REGISTRY:${HASH_TAG} $DOCKERHUB_TESTS_REGISTRY:${BRANCH}
+            docker push $DOCKERHUB_TESTS_REGISTRY:${BRANCH}
 
-            echo "pushing $TESTS_REPO image..."
-            docker push $TESTS_REPO:${DOCKER_TAG_TESTS}
-            docker tag $TESTS_REPO:${DOCKER_TAG_TESTS} $TESTS_REPO:${BRANCH}
-            docker push $TESTS_REPO:${BRANCH}
+            if [[ -n $GCR_REGISTRY ]]; then
+                docker tag $DOCKERHUB_REGISTRY:${HASH_TAG} $GCR_REGISTRY:${HASH_TAG}
+                gcloud docker -- push $GCR_REGISTRY:${HASH_TAG}
+            fi
         fi
     else
         echo "Not a valid docker option!  Choose either build or push (which includes build)"
     fi
 }
 
+function cleanup()
+{
+    echo "cleaning up..."
+    if [[ -n $SERVICE_ACCT_KEY_FILE ]]; then
+      gcloud auth revoke
+      rm -rf ${CLOUDSDK_CONFIG}
+    fi
+}
 
-# parse command line options
-DOCKER_CMD=
-BRANCH=${BRANCH:-$(git rev-parse --abbrev-ref HEAD)}  # default to current branch
-REPO=${REPO:-broadinstitute/$PROJECT}  # default to sam docker repo
-TESTS_REPO=$REPO-tests
-ENV=${ENV:-""}  # if env is not set, push an image with branch name
-DIRECTORY_URL=${DIRECTORY_URL:-ldap://opendj:389}
-DIRECTORY_PASSWORD=${DIRECTORY_PASSWORD:-testtesttest}
+if $MAKE_JAR; then
+    make_jar
+fi
 
-while [ "$1" != "" ]; do
-    case $1 in
-        jar) make_jar ;;
-        -d | --docker) shift
-                       echo $1
-                       DOCKER_CMD=$1
-                       docker_cmd
-                       ;;
-    esac
-    shift
-done
+if $RUN_DOCKER; then
+    docker_cmd
+fi
+
+cleanup
diff --git a/jenkins/jenkins_build.sh b/jenkins/jenkins_build.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -eux
+SVCACCT_FILE="dspci-wb-gcr-service-account.json"
+GCR_SVCACCT_VAULT="secret/dsde/dsp-techops/common/$SVCACCT_FILE"
+VAULT_TOKEN=${VAULT_TOKEN:-$(cat /etc/vault-token-dsde)}
+
+docker run --rm  -e VAULT_TOKEN=$VAULT_TOKEN \
+   broadinstitute/dsde-toolbox:latest vault read --format=json ${GCR_SVCACCT_VAULT} \
+   | jq .data > ${SVCACCT_FILE}
+
+./docker/build.sh jar -d push -g gcr.io/broad-dsp-gcr-public/${PROJECT} -k ${SVCACCT_FILE}
+
+# clean up
+rm -f ${SVCACCT_FILE}