forked from google/nomulus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild-sync-db-objects.yaml
64 lines (63 loc) · 2.27 KB
/
cloudbuild-sync-db-objects.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# This will sync the configuration files in the internal repo with their
# corresponding objects in the database.
#
# To manually trigger a build on GCB, run:
# gcloud builds submit --config cloudbuild-sync-db-objects.yaml --substitutions \
# _INTERNAL_REPO_URL=[URL] ..
#
# To trigger a build automatically, follow the instructions below and add a trigger:
# https://cloud.google.com/cloud-build/docs/running-builds/automate-builds
#
# Note that the release process hardens the tags and variables in this file:
# - The 'latest' tag on docker images will be replaced by their image digests.
# - The ${_ENV} pattern will be replaced by the actual environment name.
# Please refer to ./cloudbuild-release.yaml for more details.
#
steps:
# Check out the internal repo.
- name: 'gcr.io/cloud-builders/git:latest'
entrypoint: /bin/bash
args:
- -c
- |
set -e
git clone https://gerrit.googlesource.com/gcompute-tools
if [ ! -f /usr/bin/python ]; then
ln -s /usr/bin/python3 /usr/bin/python
fi
./gcompute-tools/git-cookie-authdaemon
git clone ${_INTERNAL_REPO_URL} nomulus-internal
# Download and decrypt the nomulus tool credential
- name: 'gcr.io/$PROJECT_ID/builder:live'
entrypoint: /bin/bash
args:
- -c
- |
set -e
gcloud secrets versions access latest \
--secret nomulus-tool-cloudbuild-credential \
> nomulus_tool_credential.json
# Configure the TLDs using the stored configuration files in the internal repo
- name: 'gcr.io/$PROJECT_ID/db_object_updater:live'
args:
- ${_ENV}
- ./nomulus_tool_credential.json
- configure_tld
- nomulus-internal/core/src/main/java/google/registry/config/files/tld/
# Configure the premium lists using the stored configuration files in the internal repo
- name: 'gcr.io/$PROJECT_ID/db_object_updater:live'
args:
- ${_ENV}
- ./nomulus_tool_credential.json
- update_premium_list
- nomulus-internal/core/src/main/java/google/registry/config/files/premium/
# Configure the reserved lists using the stored configuration files in the internal repo
- name: 'gcr.io/$PROJECT_ID/db_object_updater:live'
args:
- ${_ENV}
- ./nomulus_tool_credential.json
- update_reserved_list
- nomulus-internal/core/src/main/java/google/registry/config/files/reserved/
timeout: 7200s
options:
machineType: 'E2_HIGHCPU_32'