tools/cloudbuild/create

# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Build stack images and create gcr.io/buildpacks/builder. # # NOTE: This only works inside a Bazel workspace. # # GCB config for building all the base images defined in the /stacks directory. It should be # submitted from the project root directory and provided with a `_CANDIDATE_NAME` substitution # that serves as a unique identifier of the images: # # $ gcloud builds submit --config=tools/cloudbuild/create_stacks.yaml \ # --substitutions _CANDIDATE_NAME=my-local-build _ACCOUNT_NAME=keyless steps: - id: build-bazel-pack-image name: gcr.io/cloud-builders/docker args: ['build', '-t=bazel-pack', '-f=tools/cloudbuild/Dockerfile', '.'] - id: google-18-build-stack-images name: bazel-pack env: - 'DOCKER_BUILDKIT=0' args: ['run', '//builders/gcp/base/stack:build'] - id: google-18-create-builder name: bazel-pack args: ['build', '//builders/gcp/base:builder.image'] - id: google-18-run-acceptance-tests name: bazel-pack args: - 'test' - '--test_output=errors' - '--flaky_test_attempts=3' - '--test_arg=-cloudbuild' - '--test_arg=-pull-images=false' - '--test_arg=-builder-image=gcp/base' - '--jobs=2' - '//builders/gcp/base/acceptance/...' - id: google-22-build-image name: gcr.io/cloud-builders/docker dir: stacks/google_22 args: - 'build' - '--build-arg="packages=build-packages.txt"' - '--build-arg="CANDIDATE_NAME=${_CANDIDATE_NAME}"' - '-t=gcr.io/buildpacks/google-22/build:latest' - '-f=build.Dockerfile' - '.' - id: google-22-run-image name: gcr.io/cloud-builders/docker dir: stacks/google_22 args: - 'build' - '--build-arg="packages=run-packages.txt"' - '--build-arg="CANDIDATE_NAME=${_CANDIDATE_NAME}"' - '-t=gcr.io/buildpacks/google-22/run:latest' - '-f=run.Dockerfile' - '.' - id: google-22-builder-image name: bazel-pack args: ['build', '//builders/gcp/base:google_22_builder.image'] - id: google-22-run-acceptance-tests name: bazel-pack args: - 'test' - '--test_output=errors' - '--flaky_test_attempts=3' - '--test_arg=-cloudbuild' - '--test_arg=-pull-images=false' - '--test_arg=-builder-image=google-22/builder' - '--jobs=2' - '//builders/gcp/base/acceptance/...' - id: firebase-tools-build name: bazel-pack entrypoint: /bin/bash args: - -c - | bazel build //cmd/firebase/publisher:main cp bazel-bin/cmd/firebase/publisher/main_/main stacks/firebase_app_hosting_22/publisher bazel build //cmd/firebase/preparer:main cp bazel-bin/cmd/firebase/preparer/main_/main stacks/firebase_app_hosting_22/preparer - id: firebase-app-hosting-22-build-image name: gcr.io/cloud-builders/docker dir: stacks/firebase_app_hosting_22 args: - 'build' - '--build-arg="packages=build-packages.txt"' - '--build-arg="CANDIDATE_NAME=${_CANDIDATE_NAME}"' - '-t=gcr.io/buildpacks/firebase-app-hosting-22/build:latest' - '-f=build.Dockerfile' - '.' - id: firebase-app-hosting-22-run-image name: gcr.io/cloud-builders/docker dir: stacks/firebase_app_hosting_22 args: - 'build' - '--build-arg="packages=run-packages.txt"' - '--build-arg="CANDIDATE_NAME=${_CANDIDATE_NAME}"' - '-t=gcr.io/buildpacks/firebase-app-hosting-22/run:latest' - '-f=run.Dockerfile' - '.' - id: firebase-app-hosting-22-builder-image name: bazel-pack args: ['build', '//builders/firebase/apphosting:builder.image'] - id: firebase-app-hosting-22-run-acceptance-tests name: bazel-pack args: - 'test' - '--test_output=errors' - '--flaky_test_attempts=3' - '--test_arg=-cloudbuild' - '--test_arg=-pull-images=false' - '--test_arg=-builder-image=firebase/apphosting' - '--jobs=2' - '//builders/firebase/apphosting/acceptance/...' - id: add-licenses name: bazel-pack entrypoint: /bin/bash args: ['-c', 'tools/licenses/add.sh gcp/base'] - id: validate-licenses name: gcr.io/gae-runtimes/license_validator:current args: ['-pull_images=false', 'gcp/base'] - id: add-firebase-licenses name: bazel-pack entrypoint: /bin/bash args: ['-c', 'tools/licenses/add.sh firebase/apphosting'] - id: validate-firebase-licenses name: gcr.io/gae-runtimes/license_validator:current args: ['-pull_images=false', 'firebase/apphosting'] - id: tag-images name: bazel-pack entrypoint: /bin/bash args: - -c - > docker tag gcr.io/buildpacks/gcp/run:v1 gcr.io/$PROJECT_ID/gcp/run:latest && docker tag gcr.io/buildpacks/gcp/run:v1 gcr.io/$PROJECT_ID/gcp/run:v1 && docker tag gcr.io/buildpacks/gcp/run:v1 gcr.io/$PROJECT_ID/gcp/run:$COMMIT_SHA && docker tag gcr.io/buildpacks/gcp/run:v1 gcr.io/$PROJECT_ID/gcp/run:deprecated-public-image-$COMMIT_SHA && docker tag gcr.io/buildpacks/gcp/build:v1 gcr.io/$PROJECT_ID/gcp/build:latest && docker tag gcr.io/buildpacks/gcp/build:v1 gcr.io/$PROJECT_ID/gcp/build:v1 && docker tag gcr.io/buildpacks/gcp/build:v1 gcr.io/$PROJECT_ID/gcp/build:$COMMIT_SHA && docker tag gcr.io/buildpacks/gcp/build:v1 gcr.io/$PROJECT_ID/gcp/build:deprecated-public-image-$COMMIT_SHA && docker tag gcp/base gcr.io/$PROJECT_ID/builder:v1 && docker tag gcp/base gcr.io/$PROJECT_ID/builder:$COMMIT_SHA && docker tag gcp/base gcr.io/$PROJECT_ID/builder:deprecated-public-image-$COMMIT_SHA && docker tag gcr.io/buildpacks/google-22/run:latest gcr.io/$PROJECT_ID/google-22/run:latest && docker tag gcr.io/buildpacks/google-22/run:latest gcr.io/$PROJECT_ID/google-22/run:$COMMIT_SHA && docker tag gcr.io/buildpacks/google-22/build:latest gcr.io/$PROJECT_ID/google-22/build:latest && docker tag gcr.io/buildpacks/google-22/build:latest gcr.io/$PROJECT_ID/google-22/build:$COMMIT_SHA && docker tag google-22/builder gcr.io/$PROJECT_ID/google-22/builder:latest && docker tag google-22/builder gcr.io/$PROJECT_ID/google-22/builder:$COMMIT_SHA && docker tag google-22/builder gcr.io/$PROJECT_ID/builder:google-22 && docker tag google-22/builder gcr.io/$PROJECT_ID/builder:latest && docker tag gcr.io/buildpacks/firebase-app-hosting-22/build:latest gcr.io/$PROJECT_ID/firebase-app-hosting-22/build:$COMMIT_SHA && docker tag gcr.io/buildpacks/firebase-app-hosting-22/build:latest gcr.io/$PROJECT_ID/firebase-app-hosting-22/build:latest && docker tag gcr.io/buildpacks/firebase-app-hosting-22/run:latest gcr.io/$PROJECT_ID/firebase-app-hosting-22/run:$COMMIT_SHA && docker tag gcr.io/buildpacks/firebase-app-hosting-22/run:latest gcr.io/$PROJECT_ID/firebase-app-hosting-22/run:latest && docker tag firebase/apphosting gcr.io/$PROJECT_ID/firebase-app-hosting-22/builder:$COMMIT_SHA && docker tag firebase/apphosting gcr.io/$PROJECT_ID/firebase-app-hosting-22/builder:latest - id: push_google22_builder name: 'gcr.io/cloud-builders/docker' args: ['push', 'gcr.io/$PROJECT_ID/google-22/builder:latest'] - id: google22_builder_sbom name: docker.io/anchore/syft args: - packages - gcr.io/$PROJECT_ID/google-22/builder - '-o=spdx-json' - '--file=/workspace/google22_builder_sbom.json' waitFor: - push_google22_builder - id: sign_google22_builder name: gcr.io/projectsigstore/cosign:v2.2.0 env: - REGISTRY=gcr.io - TUF_ROOT=/tmp - COSIGN_EXPERIMENTAL=1 - GOOGLE_SERVICE_ACCOUNT_NAME=${_ACCOUNT_NAME}@$PROJECT_ID.iam.gserviceaccount.com entrypoint: sh args: - '-c' - | cosign sign -y gcr.io/$PROJECT_ID/google-22/builder waitFor: - push_google22_builder - name: gcr.io/projectsigstore/cosign:v2.2.0 entrypoint: sh args: - '-c' - | cosign attach sbom --sbom=/workspace/google22_builder_sbom.json gcr.io/$PROJECT_ID/google-22/builder waitFor: - google22_builder_sbom - name: gcr.io/projectsigstore/cosign:v2.2.0 env: - REGISTRY=gcr.io - TUF_ROOT=/tmp - COSIGN_EXPERIMENTAL=1 - GOOGLE_SERVICE_ACCOUNT_NAME=${_ACCOUNT_NAME}@$PROJECT_ID.iam.gserviceaccount.com entrypoint: sh args: - '-c' - | cosign attest --predicate=/workspace/google22_builder_sbom.json -y --type=spdxjson gcr.io/$PROJECT_ID/google-22/builder waitFor: - google22_builder_sbom # Even though a :latest tag is published, it may be unstable and may be phased out eventually. # We recommend using the :v1 tag. images: - 'gcr.io/$PROJECT_ID/builder:latest' - 'gcr.io/$PROJECT_ID/builder:v1' - 'gcr.io/$PROJECT_ID/builder:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/builder:deprecated-public-image-$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/gcp/run:latest' - 'gcr.io/$PROJECT_ID/gcp/run:v1' - 'gcr.io/$PROJECT_ID/gcp/run:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/gcp/run:deprecated-public-image-$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/gcp/build:latest' - 'gcr.io/$PROJECT_ID/gcp/build:v1' - 'gcr.io/$PROJECT_ID/gcp/build:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/gcp/build:deprecated-public-image-$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/google-22/build:latest' - 'gcr.io/$PROJECT_ID/google-22/build:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/google-22/run:latest' - 'gcr.io/$PROJECT_ID/google-22/run:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/google-22/builder:latest' - 'gcr.io/$PROJECT_ID/google-22/builder:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/builder:google-22' - 'gcr.io/$PROJECT_ID/firebase-app-hosting-22/build:latest' - 'gcr.io/$PROJECT_ID/firebase-app-hosting-22/build:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/firebase-app-hosting-22/run:latest' - 'gcr.io/$PROJECT_ID/firebase-app-hosting-22/run:$COMMIT_SHA' - 'gcr.io/$PROJECT_ID/firebase-app-hosting-22/builder:latest' - 'gcr.io/$PROJECT_ID/firebase-app-hosting-22/builder:$COMMIT_SHA' substitutions: _CANDIDATE_NAME: localbuild _ACCOUNT_NAME: keyless timeout: '10800s' options: machineType: 'N1_HIGHCPU_32' logging: CLOUD_LOGGING_ONLY serviceAccount: projects/$PROJECT_ID/serviceAccounts/${_ACCOUNT_NAME}@$PROJECT_ID.iam.gserviceaccount.com

tools/cloudbuild/create_builder.yaml (228 lines of code) (raw):