Skip to content
Permalink
Browse files

Build docker image of nomulus tool (#142)

* Build docker image of nomulus tool

In the course of "gradle build", build a docker image of nomulus tool so that
users can run this to allow us to bundle the java version with the image.
  • Loading branch information...
mindhog authored and jianglai committed Jul 17, 2019
1 parent 39ceda6 commit bd480419610865adc8e2b57e00a0e236191e7d5e
@@ -4,3 +4,6 @@ python/
.*/
repos/**
**/.idea/
*.jar
!third_party/**/*.jar
!/gradle/wrapper/**/*.jar
@@ -0,0 +1,3 @@
FROM gcr.io/distroless/java:debug
ADD build/libs/nomulus.jar /nomulus.jar
ENTRYPOINT ["/usr/bin/java", "-jar", "/nomulus.jar"]
@@ -645,10 +645,11 @@ test {
}.dependsOn(fragileTest, outcastTest)

createUberJar('nomulus', 'nomulus', 'google.registry.tools.RegistryTool')
createUberJar('gtechTool', 'gtech_tool', 'google.registry.tools.GtechTool')
project.nomulus.dependsOn project(':third_party').jar
project.gtechTool.dependsOn project(':third_party').jar

project.build.dependsOn nomulus
project.build.dependsOn gtechTool
task buildToolImage(dependsOn: nomulus, type: Exec) {
commandLine 'docker', 'build', '-t', 'nomulus-tool', '.'
}

project.build.dependsOn buildToolImage
project.build.dependsOn ':stage'
@@ -31,7 +31,7 @@ if [ "${environment}" == tool ]
then
mkdir -p "${dest}"

./gradlew clean :core:nomulus \
./gradlew clean :core:buildToolImage \
-PmavenUrl=https://"${gcs_prefix}"/maven \
-PpluginsUrl=https://"${gcs_prefix}"/plugins

@@ -22,9 +22,27 @@ steps:
# Run tests
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args: ['./gradlew', 'test', '-PskipDockerIncompatibleTests=true']
# Build the tool binary.
# Build the tool binary and image.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args: ['release/build_nomulus_for_env.sh', 'tool', 'output']
# Tag the tool image and push it to the registry.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
entrypoint: /bin/bash
args:
- -c
- |
docker tag nomulus-tool gcr.io/${PROJECT_ID}/nomulus-tool:${TAG_NAME}
docker push gcr.io/${PROJECT_ID}/nomulus-tool:${TAG_NAME}
# Get the tool image digest and substitute in the digest in the tagging yaml file.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
entrypoint: /bin/bash
args:
- -c
- |
digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/nomulus-tool \
--format="get(digest)" --filter="tags = ${TAG_NAME}")
sed -i s/'$${_IMAGE}'/nomulus-tool/g release/cloudbuild-tag.yaml
sed -i s/':$${TAG_NAME}'/@$digest/g release/cloudbuild-tag.yaml
# Build and package the deployment files for alpha.
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
args: ['release/build_nomulus_for_env.sh', 'alpha', 'output']
@@ -44,6 +62,7 @@ artifacts:
paths:
- 'output/*.tar'
- 'output/nomulus.jar'
- 'release/cloudbuild-tag.yaml'
- 'release/cloudbuild-sync.yaml'
- 'release/cloudbuild-beam.yaml'
timeout: 3600s
@@ -36,16 +36,17 @@ steps:
entrypoint: /bin/bash
args:
- -c
- >
- |
digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/proxy \
--format="get(digest)" --filter="tags = ${TAG_NAME}") && \
--format="get(digest)" --filter="tags = ${TAG_NAME}")
gcloud --project=${PROJECT_ID} alpha container binauthz attestations \
sign-and-create --artifact-url=gcr.io/${PROJECT_ID}/proxy@$digest \
--attestor=build-attestor --attestor-project=${PROJECT_ID} \
--keyversion-project=${PROJECT_ID} --keyversion-location=global \
--keyversion-keyring=attestor-keys --keyversion-key=signing \
--keyversion=1
sed -i s/proxy:'$${TAG_NAME}'/proxy@$digest/g release/cloudbuild-tag.yaml
sed -i s/'$${_IMAGE}'/proxy/g release/cloudbuild-tag.yaml
sed -i s/':$${TAG_NAME}'/@$digest/g release/cloudbuild-tag.yaml
# Images to upload to GCR. Even though the image has already been uploaded, we still include it
# here so that the GCB pubsub message contains it (for Spinnaker to consume).
images: ['gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}']
@@ -57,10 +57,15 @@ steps:
docker pull gcr.io/distroless/java
docker tag gcr.io/distroless/java gcr.io/${PROJECT_ID}/base:${TAG_NAME}
docker tag gcr.io/distroless/java gcr.io/${PROJECT_ID}/base:latest
docker push gcr.io/${PROJECT_ID}/base:latest
docker push gcr.io/${PROJECT_ID}/base:${TAG_NAME}
docker pull gcr.io/distroless/java:debug
docker tag gcr.io/distroless/java:debug gcr.io/${PROJECT_ID}/base-debug:${TAG_NAME}
docker tag gcr.io/distroless/java:debug gcr.io/${PROJECT_ID}/base-debug:latest
docker push gcr.io/${PROJECT_ID}/builder:latest
docker push gcr.io/${PROJECT_ID}/builder:${TAG_NAME}
docker push gcr.io/${PROJECT_ID}/base:latest
docker push gcr.io/${PROJECT_ID}/base:${TAG_NAME}
docker push gcr.io/${PROJECT_ID}/base-debug:latest
docker push gcr.io/${PROJECT_ID}/base-debug:${TAG_NAME}
dir: 'release/builder/'
# Do text replacement in the merged repo, hardcoding image digests.
- name: 'gcr.io/cloud-builders/gcloud'
@@ -72,10 +77,15 @@ steps:
--format='get(digest)' --filter='tags = ${TAG_NAME}')
base_digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/base \
--format='get(digest)' --filter='tags = ${TAG_NAME}')
debug_digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/base-debug \
--format='get(digest)' --filter='tags = ${TAG_NAME}')
sed -i s%distroless/java%${PROJECT_ID}/base@$base_digest% proxy/Dockerfile
sed -i s%distroless/java:debug%${PROJECT_ID}/base-debug@$debug_digest% core/Dockerfile
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-proxy.yaml
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-nomulus.yaml
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-beam.yaml
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-sync.yaml
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-tag.yaml
sed -i s/GCP_PROJECT/${PROJECT_ID}/ proxy/kubernetes/proxy-*.yaml
sed -i s/'$${TAG_NAME}'/${TAG_NAME}/g release/cloudbuild-sync.yaml
sed -i s/'$${TAG_NAME}'/${TAG_NAME}/g release/cloudbuild-beam.yaml
@@ -1,11 +1,13 @@
# To run the build locally, install cloud-build-local first.
# Then run:
# cloud-build-local --config=cloudbuild-tag.yaml --dryrun=false --substitutions TAG_NAME=[TAG] ..
# This will add a "live" tag to the proxy image in gcr.io/[PROJECT_ID]/proxy:[TAG].
# cloud-build-local --config=cloudbuild-tag.yaml --dryrun=false --substitutions \
# TAG_NAME=[TAG],_IMAGE=[IMAGE] ..
# This will add a "live" tag to the image in gcr.io/[PROJECT_ID]/[IMAGE]:[TAG].
# The PROJECT_ID is the current project name that gcloud uses.
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config cloudbuild-tag.yaml --substitutions TAG_NAME=[TAG] ..
# gcloud builds submit --config cloudbuild-tag.yaml --substitutions \
# TAG_NAME=[TAG],_IMAGE=[IMAGE] ..
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
@@ -16,8 +18,8 @@ steps:
- container
- images
- add-tag
- gcr.io/${PROJECT_ID}/proxy:${TAG_NAME}
- gcr.io/${PROJECT_ID}/proxy:live
- gcr.io/${PROJECT_ID}/${_IMAGE}:${TAG_NAME}
- gcr.io/${PROJECT_ID}/${_IMAGE}:live
timeout: 3600s
options:
machineType: 'N1_HIGHCPU_8'

0 comments on commit bd48041

Please sign in to comment.
You can’t perform that action at this time.