-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcloudbuild.yaml
144 lines (121 loc) · 4.68 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
steps:
## Uncomment building of build tools if they do not exist.
# build sass tool
# - name: 'gcr.io/cloud-builders/docker'
# dir: 'build_tools/sass'
# args: ['build', '-t', 'gcr.io/$PROJECT_ID/sass_builder', '.']
# # push sass tool image
# - name: 'gcr.io/cloud-builders/docker'
# args: ['push', 'gcr.io/$PROJECT_ID/sass_builder:latest']
# # build firebase tool
# - name: 'gcr.io/cloud-builders/docker'
# dir: 'build_tools/firebase'
# args: ['build', '-t', 'gcr.io/$PROJECT_ID/firebase', '.']
# # push firebase tool image
# - name: 'gcr.io/cloud-builders/docker'
# args: ['push', 'gcr.io/$PROJECT_ID/firebase:latest']
# # build nrwl tool
# - name: 'gcr.io/cloud-builders/docker'
# dir: 'build_tools/nrwl'
# args: ['build', '-t', 'gcr.io/$PROJECT_ID/nrwl_builder', '.']
# # push nrwl tool image
# - name: 'gcr.io/cloud-builders/docker'
# args: ['push', 'gcr.io/$PROJECT_ID/nrwl_builder:latest']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['install']
# build stylesheets
- name: 'gcr.io/$PROJECT_ID/sass_builder'
args: ['./apps/sass/theme.scss', './apps/rockme/src/assets/theme.css']
# decrypt environment file
- name: gcr.io/cloud-builders/gcloud
dir: apps/rockme/src/environments
args:
- kms
- decrypt
- --ciphertext-file=environment.prod.ts.enc
- --plaintext-file=environment.ts
- --location=global
- --keyring=${_ENC_KEY_RING}
- --key=${_ENC_KEY}
# decrypt key file
- name: gcr.io/cloud-builders/gcloud
args:
- kms
- decrypt
- --ciphertext-file=key.enc
- --plaintext-file=key.json
- --location=global
- --keyring=${_ENC_KEY_RING}
- --key=${_ENC_KEY}
- --verbosity=debug
# build api image with arguments
- name: 'gcr.io/cloud-builders/docker'
entrypoint: 'bash'
args: ['-c', 'ls -al']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['run-script', 'test', 'api']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['run-script', 'test', 'rockme']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['run-script', 'build', '--prod']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['run-script', 'build', 'api', '--prod']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['run-script', 'prebuild:apipackage']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['run-script', 'prebuild:apidocker']
- name: 'gcr.io/$PROJECT_ID/nrwl_builder'
args: ['run-script', 'prebuild:apijson']
- name: 'gcr.io/cloud-builders/docker'
entrypoint: 'bash'
args: ['-c', 'cp ./key.json dist/apps/api']
# set firebase token
- name: 'gcr.io/$PROJECT_ID/firebase'
args: ['use', '$PROJECT_ID']
secretEnv: ['FIREBASE_TOKEN']
# build api image with arguments
- name: 'gcr.io/cloud-builders/docker'
dir: 'dist/apps/api'
entrypoint: 'bash'
args:
[
'-c',
'docker build -t gcr.io/$PROJECT_ID/${_API_IMAGE_NAME}:latest -f Dockerfile --build-arg BUILD_COMMIT=$SHORT_SHA --build-arg DB_PASSWORD=$$DB_PASSWORD .',
]
secretEnv: ['DB_PASSWORD']
# push api images
- name: 'gcr.io/cloud-builders/docker'
args: ['push', 'gcr.io/$PROJECT_ID/${_API_IMAGE_NAME}:latest']
# deploy API to cloud run
- name: 'gcr.io/cloud-builders/gcloud'
args:
[
'beta',
'run',
'deploy',
'${_API_SERVICE_NAME}',
'--image',
'gcr.io/$PROJECT_ID/${_API_IMAGE_NAME}',
'--region',
us-central1,
'--platform',
'managed',
'--allow-unauthenticated',
'--update-env-vars',
'DB_ENV=production,CLOUD_SQL_CONNECTION_NAME=${_SQL_CONNECTION}',
]
# deploy to firebase
- name: 'gcr.io/$PROJECT_ID/firebase'
args: ['deploy', '--only', 'hosting']
secretEnv: ['FIREBASE_TOKEN']
substitutions:
_API_SERVICE_NAME: monorockapi
_API_IMAGE_NAME: monorock-api
_ENC_KEY_RING: monorock-integration-secrets
_ENC_KEY: monorock-firebase-token
_SQL_CONNECTION: monorock:us-east1:monorock
secrets:
- kmsKeyName: projects/monorock/locations/global/keyRings/monorock-integration-secrets/cryptoKeys/monorock-firebase-token
secretEnv:
FIREBASE_TOKEN: CiQAy0NVR7SUUqDhfL1ij6knHd9sIiLX/kgy8pBEeUPIBWnF3vwSkAEAlioXGAphMnchTae3mzJ8Mav88uqFX4AgZj9s5qnkXEmSsTdgNcKd+7E+XvMoY0tDfLHh4kjFZEjsVUhE30FORC6+rDmrdaSEYpJNJ7tmJ14mrWvhLAz7AOLAqoFA0l0+yGdiM2UQYPnU4xkx51uJgtu1AS146XaVgOjk69UpyTVF1r/twGSl8Jx7cmqbGAY=
DB_PASSWORD: CiQAy0NVR4Ip2VVuFB2q5yB+jadbf+OuomW22YG6htmjlbMb2vUSOQCWKhcYat9GRMvAyq2EdfSjvR8kT+zu/Z2YCATkoCxecsDgsA42BduqH1YRPGT6U6Gu1dY+bo44sg==