New cloud build scripts.

releasing/cloudbuild.sh

@@ -1,75 +1,67 @@
 #!/bin/bash
+#
+# Usage (from top of repo):
+#
+#  releasing/cloudbuild.sh TAG [--snapshot]
+#
+# Where TAG is in the form
+#
+#   api/v1.2.3
+#   kustomize/v1.2.3
+#   cmd/config/v1.2.3
+#   ... etc.
+#
+# Cloud build should be configured to trigger on tags
+# matching:
+#
+#   [\w/]+/v\d+\.\d+\.\d+
+#
+# This script runs goreleaser (http://goreleaser.com),
+# presumably from a cloudbuild.yaml step that installed it.
+
 set -e
 set -x
 
-# Script to run http://goreleaser.com
+fullTag=$1
+shift
+echo "fullTag=$fullTag"
 
-# Removed from `build` stanza
-# binary: $module
+remainingArgs="$@"
+echo "Remaining args:  $remainingArgs"
 
-module=$1
-shift
+# Take everything before the last slash.
+# This is expected to match $module.
+module=${fullTag%/*}
+echo "module=$module"
 
-function setSemVer {
-  # Check the tag for consistency with module name.
-  # The following assumes git tags formatted like
-  # "api/v1.2.3" and splits on the slash.
-  # Goreleaser doesn't know what to do with this
-  # tag format, and fails when creating an archive
-  # with a / in the name.
-  local fullTag=$(git describe)
-  local tModule=${fullTag%/*}
-  semVer=${fullTag#*/}
-
-  # Make sure version has no slash
-  # (k8s/v0.1.0 becomes v0.1.0)
-  local tmp=${semVer#*/}
-  if [ "$tmp" != "$semVer" ]; then
-    semVer="$tmp"
-  fi
-
-  echo "tModule=$tModule"
-  echo "semVer=$semVer"
-  if [ "$module" != "$tModule" ]; then
-    # Tag and argument sanity check
-    echo "Unexpected mismatch: moduleFromArg=$module, moduleFromTag=$tModule"
-    echo "Either the module arg to this script is wrong, or the git tag is wrong."
-    exit 1
-  fi
-}
-
-setSemVer
+# Take everything after the last slash.
+# This should be something like "v1.2.3".
+semVer=`echo $fullTag | sed "s|$module/||"`
+echo "semVer=$semVer"
 
-cd $module
+# This is probably a directory called /workspace
+echo "pwd = $PWD"
 
-# 2020/May/11 Windows build temporaraily removed
-# ("- windows" removed from the goos: list below)
-# because of https://github.com/microsoft/go-winio/issues/161
-# Seeing the following in builds:
-#   : /go/pkg/mod/golang.org/x/crypto@v0.0.0-20190923035154-9ee001bba392/ssh/terminal/util_windows.go:97:61:
-#  multiple-value "golang.org/x/sys/windows".GetCurrentProcess() in single-value context
+# Sanity check
+echo "### ls -las . ################################"
+ls -las .
+# echo "### ls -C /usr/bin ################################"
+# ls -C /usr/bin
+echo "###################################"
+
+
+# CD into the module directory.
+# This directory expected to contain a main.go, so there's
+# no need for extra details in the `build` stanza below.
+cd $module
 
 configFile=$(mktemp)
 cat <<EOF >$configFile
 project_name: $module
-env:
-- CGO_ENABLED=0
-- GO111MODULE=on
-checksum:
-  name_template: 'checksums.txt'
-changelog:
-  sort: asc
-  filters:
-    exclude:
-    - '^docs:'
-    - '^test:'
-    - Merge pull request
-    - Merge branch
-release:
-  github:
-    owner: kubernetes-sigs
-    name: kustomize
-  draft: true
+
+archives:
+- name_template: "${module}_${semVer}_{{ .Os }}_{{ .Arch }}"
+
 builds:
 - ldflags: >
     -s
@@ -81,12 +73,34 @@ builds:
   - linux
   - darwin
   - windows
+
   goarch:
   - amd64
-archives:
--  name_template: "${module}_${semVer}_{{ .Os }}_{{ .Arch }}"
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+    - '^docs:'
+    - '^test:'
+    - Merge pull request
+    - Merge branch
+
+checksum:
+  name_template: 'checksums.txt'
+
+env:
+- CGO_ENABLED=0
+- GO111MODULE=on
+
+release:
+  github:
+    owner: monopole
+    name: kustomize
+  draft: true
+
 EOF
 
 cat $configFile
 
-/bin/goreleaser release --config=$configFile --rm-dist --skip-validate $@
+/bin/goreleaser release --config=$configFile --rm-dist --skip-validate $remainingArgs

releasing/cloudbuild.yaml

@@ -0,0 +1,58 @@
+steps:
+- name: 'bash'
+  args:
+  - 'echo'
+  - 'Cloud build substitution check: '
+  - 'BUILD_ID=$BUILD_ID'
+  - 'PROJECT_ID=$PROJECT_ID'
+  - 'REVISION_ID=$REVISION_ID'
+  - 'REPO_NAME=$REPO_NAME'
+  - 'COMMIT_SHA=$COMMIT_SHA'
+  - 'BRANCH_NAME=$BRANCH_NAME'
+  - 'TAG_NAME=$TAG_NAME'
+
+# Cloud build has already copied the repo at the tag that
+# that triggered the build to its /workspace directory, but
+# hasn't actually _cloned_ the repo (there's no .git directory).
+#
+# The goreleaser tool, however, needs the repo and its history
+# to produce release notes.
+#
+# So clone the repo to /workspace/myClone to avoid directory
+# name collision.
+#
+- name: gcr.io/cloud-builders/git
+  args:
+  - clone
+  - https://github.com/kubernetes-sigs/kustomize.git
+  - myClone
+
+# Checkout the proper tag.
+- name: gcr.io/cloud-builders/git
+  dir: myClone
+  args:
+  - checkout
+  - $TAG_NAME
+
+# Run goreleaser indirectly via a shell script
+# to configure it properly.
+- name: goreleaser/goreleaser:v0.138.0
+  entrypoint: /bin/sh
+  dir: myClone
+  secretEnv: ['GITHUB_TOKEN']
+  args:
+  - releasing/cloudbuild.sh
+  - $TAG_NAME
+  # - '--snapshot'
+  # Use this final arg in a local build, to suppress
+  # the release and leave the 'dist' directory in place.
+
+# golreleaser expects the GITHUB_TOKEN env var to hold the github token
+# it needs to write the released package and notes back to github.
+# The raw token was encrypted by gcloud kms (Key Management Service)
+# The base64 of that is shown below.  It's decrypted by cloud build
+# and provided back to goreleaser.
+secrets:
+- kmsKeyName: projects/jregan-corp-gke-dev/locations/global/keyRings/kust-cloud-key-ring/cryptoKeys/kust-cloud-key-name
+  secretEnv:
+    GITHUB_TOKEN: CiQAwfbOkSP4tJf3ZJZMjzHaRPZ2RxiQhORZ3xxlVtpoy8631uQSUACk6WMKjtkpsRkRl+uxWUVvN29M5qveyXjaDDO094/qwsSc8RiYlHYt7Ii1bWkkz3P1kG0nHfG7Fd46A+GJ6R5NhmNfingd/nu9iKrNwLXK

releasing/localbuild.sh

@@ -1,67 +1,33 @@
 #!/bin/bash
 #
-# To test the release process, this script attempts to
-# use Google cloudbuild configuration to create a release
-# locally.
-#
-# Usage: from the repo root, enter:
-#
-#     module=kustomize
-#     module=pluginator  # pick one
-#     module=api
-#
-#     ./releasing/localbuild.sh $module
-#
+# To test the release process, this script attempts
+# to use a Google cloudbuild configuration to create
+# release artifacts locally.
 #
 # See https://cloud.google.com/cloud-build/docs/build-debug-locally
 #
-# At the time of writing,
-#
-#   https://pantheon.corp.google.com/cloud-build/triggers?project=jregan-corp-gke-dev
-#
-# has a trigger such that whenever a git tag is
-# applied to the kustomize repo, the cloud builder
-# reads the repository-relative file
-#
-#   releasing/cloudbuild_${module}.yaml
-#
-# Inside this yaml file is a reference to the script
+# Usage: from the repo root, enter:
 #
-#   releasing/cloudbuild.sh
+#   ./releasing/localbuild.sh kustomize/v1.2.3
 #
-# which runs goreleaser from the proper directory, with the
-# proper config.
+# or some other valid tag value.
 #
-# The script you are reading now does something
-# analogous via docker tricks.
+# IMPORTANT:
+#   The process clones the repo at the given tag,
+#   so the repo must have the tag applied upstream.
+#   Either use an old tag, or disable the cloud build
+#   trigger so that a new testing tag can be applied
+#   without setting off a cloud build.
 
 set -e
 
-module=$1
-case "$module" in
-  api)
-  ;;
-  kustomize)
-  ;;
-  pluginator)
-  ;;
-  *)
-    echo "Don't recognize module=$module"
-    exit 1
-  ;;
-esac
-
 config=$(mktemp)
-cp releasing/cloudbuild_${module}.yaml $config
-
-# Delete the cloud-builders/git step, which isn't needed
-# for a local run.
-sed -i '2,3d'  $config
+cp releasing/cloudbuild.yaml $config
 
 # Add the --snapshot flag to suppress the
 # github release and leave the build output
 # in the kustomize/dist directory.
-sed -i 's|"\]$|", "--snapshot"]|' $config
+sed -i "s|# - '--snapshot|- '--snapshot|" $config
 
 echo "Executing cloud-build-local with:"
 echo "========================="
@@ -70,10 +36,12 @@ echo "========================="
 
 cloud-build-local \
     --config=$config \
-    --bind-mount-source \
+    --substitutions=TAG_NAME=$1 \
     --dryrun=false \
     .
 
+#  --bind-mount-source \
+
 echo " "
 echo "Result of local build:"
 echo "##########################################"