googleauth 0.1.0 → 0.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/CODEOWNERS +7 -0
- data/.github/CONTRIBUTING.md +74 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +36 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +21 -0
- data/.github/ISSUE_TEMPLATE/support_request.md +7 -0
- data/.github/workflows/ci.yml +55 -0
- data/.github/workflows/release-please.yml +39 -0
- data/.gitignore +3 -0
- data/.kokoro/populate-secrets.sh +76 -0
- data/.kokoro/release.cfg +52 -0
- data/.kokoro/release.sh +18 -0
- data/.kokoro/trampoline_v2.sh +489 -0
- data/.repo-metadata.json +5 -0
- data/.rubocop.yml +17 -0
- data/.toys/.toys.rb +45 -0
- data/.toys/ci.rb +43 -0
- data/.toys/kokoro/.toys.rb +66 -0
- data/.toys/kokoro/publish-docs.rb +67 -0
- data/.toys/kokoro/publish-gem.rb +53 -0
- data/.toys/linkinator.rb +43 -0
- data/.trampolinerc +48 -0
- data/CHANGELOG.md +192 -0
- data/CODE_OF_CONDUCT.md +43 -0
- data/Gemfile +22 -1
- data/{COPYING → LICENSE} +0 -0
- data/README.md +140 -17
- data/googleauth.gemspec +28 -28
- data/integration/helper.rb +31 -0
- data/integration/id_tokens/key_source_test.rb +74 -0
- data/lib/googleauth.rb +7 -37
- data/lib/googleauth/application_default.rb +81 -0
- data/lib/googleauth/client_id.rb +104 -0
- data/lib/googleauth/compute_engine.rb +73 -26
- data/lib/googleauth/credentials.rb +561 -0
- data/lib/googleauth/credentials_loader.rb +207 -0
- data/lib/googleauth/default_credentials.rb +93 -0
- data/lib/googleauth/iam.rb +75 -0
- data/lib/googleauth/id_tokens.rb +233 -0
- data/lib/googleauth/id_tokens/errors.rb +71 -0
- data/lib/googleauth/id_tokens/key_sources.rb +396 -0
- data/lib/googleauth/id_tokens/verifier.rb +142 -0
- data/lib/googleauth/json_key_reader.rb +50 -0
- data/lib/googleauth/scope_util.rb +61 -0
- data/lib/googleauth/service_account.rb +175 -67
- data/lib/googleauth/signet.rb +69 -8
- data/lib/googleauth/stores/file_token_store.rb +65 -0
- data/lib/googleauth/stores/redis_token_store.rb +96 -0
- data/lib/googleauth/token_store.rb +69 -0
- data/lib/googleauth/user_authorizer.rb +285 -0
- data/lib/googleauth/user_refresh.rb +129 -0
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +295 -0
- data/spec/googleauth/apply_auth_examples.rb +96 -94
- data/spec/googleauth/client_id_spec.rb +160 -0
- data/spec/googleauth/compute_engine_spec.rb +125 -55
- data/spec/googleauth/credentials_spec.rb +600 -0
- data/spec/googleauth/get_application_default_spec.rb +232 -80
- data/spec/googleauth/iam_spec.rb +80 -0
- data/spec/googleauth/scope_util_spec.rb +77 -0
- data/spec/googleauth/service_account_spec.rb +422 -68
- data/spec/googleauth/signet_spec.rb +101 -25
- data/spec/googleauth/stores/file_token_store_spec.rb +57 -0
- data/spec/googleauth/stores/redis_token_store_spec.rb +50 -0
- data/spec/googleauth/stores/store_examples.rb +58 -0
- data/spec/googleauth/user_authorizer_spec.rb +343 -0
- data/spec/googleauth/user_refresh_spec.rb +359 -0
- data/spec/googleauth/web_user_authorizer_spec.rb +172 -0
- data/spec/spec_helper.rb +51 -10
- data/test/helper.rb +33 -0
- data/test/id_tokens/key_sources_test.rb +240 -0
- data/test/id_tokens/verifier_test.rb +269 -0
- metadata +112 -75
- data/.travis.yml +0 -18
- data/CONTRIBUTING.md +0 -32
- data/Rakefile +0 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: eefa2fdbe4ecb149c7072c85db0981ab2f697be2d3ce2c1687b3f66972bcfcb2
|
4
|
+
data.tar.gz: df22fda656cb43999edfdd48dfd82c1a25766cc58143d9341c86d5e11aa2c4af
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: de6485517a6497011e7b91482d1b2f4ba54cd9fc792fb8d237df38897c217e2e0793ee4210f8be6058d9b077b5478c1513f4b3c3486546494473ba9d624cf0fc
|
7
|
+
data.tar.gz: 0dab952b230dfc40e1cb8b5010a8fc8ce5e3de03755517408dad390470ab181439f482764f46d6acd77cb52c17f3545c170d51821a2e9b669f21f7db2e52f9a1
|
data/.github/CODEOWNERS
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
# Code owners file.
|
2
|
+
# This file controls who is tagged for review for any given pull request.
|
3
|
+
#
|
4
|
+
# For syntax help see:
|
5
|
+
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
|
6
|
+
|
7
|
+
* @googleapis/yoshi-ruby
|
@@ -0,0 +1,74 @@
|
|
1
|
+
# How to become a contributor and submit your own code
|
2
|
+
|
3
|
+
## Contributor License Agreements
|
4
|
+
|
5
|
+
We'd love to accept your sample apps and patches! Before we can take them, we
|
6
|
+
have to jump a couple of legal hurdles.
|
7
|
+
|
8
|
+
Please fill out either the individual or corporate Contributor License Agreement
|
9
|
+
(CLA).
|
10
|
+
|
11
|
+
* If you are an individual writing original source code and you're sure you
|
12
|
+
own the intellectual property, then you'll need to sign an [individual CLA].
|
13
|
+
* If you work for a company that wants to allow you to contribute your work,
|
14
|
+
then you'll need to sign a [corporate CLA].
|
15
|
+
|
16
|
+
[individual CLA]: http://code.google.com/legal/individual-cla-v1.0.html
|
17
|
+
[corporate CLA]: http://code.google.com/legal/corporate-cla-v1.0.html
|
18
|
+
|
19
|
+
Follow either of the two links above to access the appropriate CLA and
|
20
|
+
instructions for how to sign and return it. Once we receive it, we'll be able to
|
21
|
+
accept your pull requests.
|
22
|
+
|
23
|
+
## Issue reporting
|
24
|
+
|
25
|
+
* Check that the issue has not already been reported.
|
26
|
+
* Check that the issue has not already been fixed in the latest code
|
27
|
+
(a.k.a. `master`).
|
28
|
+
* Be clear, concise and precise in your description of the problem.
|
29
|
+
* Open an issue with a descriptive title and a summary in grammatically correct,
|
30
|
+
complete sentences.
|
31
|
+
* Include any relevant code to the issue summary.
|
32
|
+
|
33
|
+
## Pull requests
|
34
|
+
|
35
|
+
* Read [how to properly contribute to open source projects on Github][2].
|
36
|
+
* Fork the project.
|
37
|
+
* Use a topic/feature branch to easily amend a pull request later, if necessary.
|
38
|
+
* Write [good commit messages][3].
|
39
|
+
* Use the same coding conventions as the rest of the project.
|
40
|
+
* Commit and push until you are happy with your contribution.
|
41
|
+
* Make sure to add tests for it. This is important so I don't break it
|
42
|
+
in a future version unintentionally.
|
43
|
+
* Add an entry to the [Changelog](CHANGELOG.md) accordingly. See [changelog entry format](#changelog-entry-format).
|
44
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to
|
45
|
+
have your own version, or is otherwise necessary, that is fine, but please
|
46
|
+
isolate to its own commit so I can cherry-pick around it.
|
47
|
+
* Make sure the test suite is passing and the code you wrote doesn't produce
|
48
|
+
RuboCop offenses.
|
49
|
+
* [Squash related commits together][5].
|
50
|
+
* Open a [pull request][4] that relates to *only* one subject with a clear title
|
51
|
+
and description in grammatically correct, complete sentences.
|
52
|
+
|
53
|
+
### Changelog entry format
|
54
|
+
|
55
|
+
Here are a few examples:
|
56
|
+
|
57
|
+
```
|
58
|
+
* makes the scope parameter's optional in all APIs. (@tbetbetbe[])
|
59
|
+
* [#14](https://github.com/google/google-auth-library-ruby/issues/14): ADC Support for JWT Service Tokens. ([@tbetbetbe][])
|
60
|
+
```
|
61
|
+
|
62
|
+
* Mark it up in [Markdown syntax][6].
|
63
|
+
* The entry line should start with `* ` (an asterisk and a space).
|
64
|
+
* If the change has a related GitHub issue (e.g. a bug fix for a reported issue), put a link to the issue as `[#123](https://github.com/google/google-auth-library-ruby/issues/11): `.
|
65
|
+
* Describe the brief of the change. The sentence should end with a punctuation.
|
66
|
+
* At the end of the entry, add an implicit link to your GitHub user page as `([@username][])`.
|
67
|
+
* If this is your first contribution to google-auth-library-ruby project, add a link definition for the implicit link to the bottom of the changelog as `[@username]: https://github.com/username`.
|
68
|
+
|
69
|
+
[1]: https://github.com/google/google-auth-ruby-library/issues
|
70
|
+
[2]: http://gun.io/blog/how-to-github-fork-branch-and-pull-request
|
71
|
+
[3]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
|
72
|
+
[4]: https://help.github.com/articles/using-pull-requests
|
73
|
+
[5]: http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html
|
74
|
+
[6]: http://daringfireball.net/projects/markdown/syntax
|
@@ -0,0 +1,36 @@
|
|
1
|
+
---
|
2
|
+
name: Bug report
|
3
|
+
about: Create a report to help us improve
|
4
|
+
|
5
|
+
---
|
6
|
+
|
7
|
+
Thanks for stopping by to let us know something could be better!
|
8
|
+
|
9
|
+
**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
|
10
|
+
|
11
|
+
Please run down the following list and make sure you've tried the usual "quick fixes":
|
12
|
+
|
13
|
+
- Search the issues already opened: https://github.com/googleapis/google-auth-library-ruby/issues
|
14
|
+
- Search Stack Overflow: https://stackoverflow.com/questions/tagged/google-auth-library-ruby
|
15
|
+
|
16
|
+
If you are still having issues, please be sure to include as much information as possible:
|
17
|
+
|
18
|
+
#### Environment details
|
19
|
+
|
20
|
+
- OS:
|
21
|
+
- Ruby version:
|
22
|
+
- Gem name and version:
|
23
|
+
|
24
|
+
#### Steps to reproduce
|
25
|
+
|
26
|
+
1. ...
|
27
|
+
|
28
|
+
#### Code example
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
# example
|
32
|
+
```
|
33
|
+
|
34
|
+
Making sure to follow these steps will guarantee the quickest resolution possible.
|
35
|
+
|
36
|
+
Thanks!
|
@@ -0,0 +1,21 @@
|
|
1
|
+
---
|
2
|
+
name: Feature request
|
3
|
+
about: Suggest an idea for this library
|
4
|
+
|
5
|
+
---
|
6
|
+
|
7
|
+
Thanks for stopping by to let us know something could be better!
|
8
|
+
|
9
|
+
**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
|
10
|
+
|
11
|
+
**Is your feature request related to a problem? Please describe.**
|
12
|
+
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
|
13
|
+
|
14
|
+
**Describe the solution you'd like**
|
15
|
+
A clear and concise description of what you want to happen.
|
16
|
+
|
17
|
+
**Describe alternatives you've considered**
|
18
|
+
A clear and concise description of any alternative solutions or features you've considered.
|
19
|
+
|
20
|
+
**Additional context**
|
21
|
+
Add any other context or screenshots about the feature request here.
|
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
name: Support request
|
3
|
+
about: If you have a support contract with Google, please create an issue in the Google Cloud Support console.
|
4
|
+
|
5
|
+
---
|
6
|
+
|
7
|
+
**PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
|
@@ -0,0 +1,55 @@
|
|
1
|
+
name: CI
|
2
|
+
on:
|
3
|
+
pull_request:
|
4
|
+
branches:
|
5
|
+
- master
|
6
|
+
push:
|
7
|
+
branches:
|
8
|
+
- master
|
9
|
+
workflow_dispatch:
|
10
|
+
jobs:
|
11
|
+
CI:
|
12
|
+
if: ${{ github.repository == 'googleapis/google-auth-library-ruby' }}
|
13
|
+
strategy:
|
14
|
+
matrix:
|
15
|
+
include:
|
16
|
+
- os: ubuntu-latest
|
17
|
+
ruby: "2.5"
|
18
|
+
task: test , spec
|
19
|
+
- os: ubuntu-latest
|
20
|
+
ruby: "2.6"
|
21
|
+
task: test , spec
|
22
|
+
- os: ubuntu-latest
|
23
|
+
ruby: "2.7"
|
24
|
+
task: test , spec
|
25
|
+
- os: ubuntu-latest
|
26
|
+
ruby: "3.0"
|
27
|
+
task: test , spec
|
28
|
+
- os: macos-latest
|
29
|
+
ruby: "2.7"
|
30
|
+
task: test , spec
|
31
|
+
- os: windows-latest
|
32
|
+
ruby: "2.7"
|
33
|
+
task: test , spec
|
34
|
+
- os: ubuntu-latest
|
35
|
+
ruby: "2.7"
|
36
|
+
task: rubocop , integration , build , yardoc , linkinator
|
37
|
+
fail-fast: false
|
38
|
+
runs-on: ${{ matrix.os }}
|
39
|
+
steps:
|
40
|
+
- name: Checkout repo
|
41
|
+
uses: actions/checkout@v2
|
42
|
+
- name: Install Ruby ${{ matrix.ruby }}
|
43
|
+
uses: ruby/setup-ruby@v1
|
44
|
+
with:
|
45
|
+
ruby-version: "${{ matrix.ruby }}"
|
46
|
+
- name: Install NodeJS 14.x
|
47
|
+
uses: actions/setup-node@v1
|
48
|
+
with:
|
49
|
+
node-version: "14.x"
|
50
|
+
- name: Install dependencies
|
51
|
+
shell: bash
|
52
|
+
run: "gem install --no-document toys && bundle install"
|
53
|
+
- name: Test ${{ matrix.task }}
|
54
|
+
shell: bash
|
55
|
+
run: toys do ${{ matrix.task }} < /dev/null
|
@@ -0,0 +1,39 @@
|
|
1
|
+
on:
|
2
|
+
schedule:
|
3
|
+
- cron: '29 9 * * *'
|
4
|
+
workflow_dispatch:
|
5
|
+
|
6
|
+
name: release-please
|
7
|
+
jobs:
|
8
|
+
release-please:
|
9
|
+
env:
|
10
|
+
ENABLE_RELEASE_PLEASE: ${{ secrets.ENABLE_RELEASE_PLEASE }}
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
steps:
|
13
|
+
- name: ReleasePlease
|
14
|
+
id: release-please
|
15
|
+
if: ${{ env.ENABLE_RELEASE_PLEASE || github.event_name == 'workflow_dispatch' }}
|
16
|
+
uses: GoogleCloudPlatform/release-please-action@v2
|
17
|
+
with:
|
18
|
+
command: release-pr
|
19
|
+
token: ${{ secrets.YOSHI_CODE_BOT_TOKEN }}
|
20
|
+
fork: true
|
21
|
+
release-type: ruby
|
22
|
+
package-name: google-auth-library-ruby
|
23
|
+
version-file: lib/googleauth/version.rb
|
24
|
+
monorepo-tags: true
|
25
|
+
bump-minor-pre-major: true
|
26
|
+
- name: ReleaseLabel
|
27
|
+
id: release-label
|
28
|
+
if: ${{ steps.release-please.outputs.pr }}
|
29
|
+
uses: actions/github-script@v2
|
30
|
+
with:
|
31
|
+
github-token: ${{secrets.YOSHI_APPROVER_TOKEN}}
|
32
|
+
script: |
|
33
|
+
core.info("Labeling release");
|
34
|
+
github.issues.addLabels({
|
35
|
+
owner: 'googleapis',
|
36
|
+
repo: 'google-auth-library-ruby',
|
37
|
+
issue_number: ${{ steps.release-please.outputs.pr }},
|
38
|
+
labels: ["autorelease: pending"]
|
39
|
+
});
|
data/.gitignore
CHANGED
@@ -0,0 +1,76 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
# Copyright 2020 Google LLC.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
|
16
|
+
# This file is called in the early stage of `trampoline_v2.sh` to
|
17
|
+
# populate secrets needed for the CI builds.
|
18
|
+
|
19
|
+
set -eo pipefail
|
20
|
+
|
21
|
+
function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n' ;}
|
22
|
+
function msg { println "$*" >&2 ;}
|
23
|
+
function println { printf '%s\n' "$(now) $*" ;}
|
24
|
+
|
25
|
+
# Populates requested secrets set in SECRET_MANAGER_KEYS
|
26
|
+
|
27
|
+
# In Kokoro CI builds, we use the service account attached to the
|
28
|
+
# Kokoro VM. This means we need to setup auth on other CI systems.
|
29
|
+
# For local run, we just use the gcloud command for retrieving the
|
30
|
+
# secrets.
|
31
|
+
|
32
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
33
|
+
GCLOUD_COMMANDS=(
|
34
|
+
"docker"
|
35
|
+
"run"
|
36
|
+
"--entrypoint=gcloud"
|
37
|
+
"--volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR}"
|
38
|
+
"gcr.io/google.com/cloudsdktool/cloud-sdk"
|
39
|
+
)
|
40
|
+
if [[ "${TRAMPOLINE_CI:-}" == "kokoro" ]]; then
|
41
|
+
SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
|
42
|
+
else
|
43
|
+
echo "Authentication for this CI system is not implemented yet."
|
44
|
+
exit 2
|
45
|
+
# TODO: Determine appropriate SECRET_LOCATION and the GCLOUD_COMMANDS.
|
46
|
+
fi
|
47
|
+
else
|
48
|
+
# For local run, use /dev/shm or temporary directory for
|
49
|
+
# KOKORO_GFILE_DIR.
|
50
|
+
if [[ -d "/dev/shm" ]]; then
|
51
|
+
export KOKORO_GFILE_DIR=/dev/shm
|
52
|
+
else
|
53
|
+
export KOKORO_GFILE_DIR=$(mktemp -d -t ci-XXXXXXXX)
|
54
|
+
fi
|
55
|
+
SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
|
56
|
+
GCLOUD_COMMANDS=("gcloud")
|
57
|
+
fi
|
58
|
+
|
59
|
+
msg "Creating folder on disk for secrets: ${SECRET_LOCATION}"
|
60
|
+
mkdir -p ${SECRET_LOCATION}
|
61
|
+
|
62
|
+
for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g")
|
63
|
+
do
|
64
|
+
msg "Retrieving secret ${key}"
|
65
|
+
"${GCLOUD_COMMANDS[@]}" \
|
66
|
+
secrets versions access latest \
|
67
|
+
--project cloud-devrel-kokoro-resources \
|
68
|
+
--secret $key > \
|
69
|
+
"$SECRET_LOCATION/$key"
|
70
|
+
if [[ $? == 0 ]]; then
|
71
|
+
msg "Secret written to ${SECRET_LOCATION}/${key}"
|
72
|
+
else
|
73
|
+
msg "Error retrieving secret ${key}"
|
74
|
+
exit 2
|
75
|
+
fi
|
76
|
+
done
|
data/.kokoro/release.cfg
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
# Format: //devtools/kokoro/config/proto/build.proto
|
2
|
+
|
3
|
+
# Build logs will be here
|
4
|
+
action {
|
5
|
+
define_artifacts {
|
6
|
+
regex: "**/*sponge_log.xml"
|
7
|
+
}
|
8
|
+
}
|
9
|
+
|
10
|
+
# Fetch the token needed for reporting release status to GitHub
|
11
|
+
before_action {
|
12
|
+
fetch_keystore {
|
13
|
+
keystore_resource {
|
14
|
+
keystore_config_id: 73713
|
15
|
+
keyname: "yoshi-automation-github-key"
|
16
|
+
}
|
17
|
+
}
|
18
|
+
}
|
19
|
+
|
20
|
+
before_action {
|
21
|
+
fetch_keystore {
|
22
|
+
keystore_resource {
|
23
|
+
keystore_config_id: 73713
|
24
|
+
keyname: "docuploader_service_account"
|
25
|
+
}
|
26
|
+
}
|
27
|
+
}
|
28
|
+
|
29
|
+
# Download resources for system tests (service account key, etc.)
|
30
|
+
gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-ruby"
|
31
|
+
|
32
|
+
# Download trampoline resources.
|
33
|
+
gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
|
34
|
+
|
35
|
+
# Use the trampoline script to run in docker.
|
36
|
+
build_file: "google-auth-library-ruby/.kokoro/trampoline_v2.sh"
|
37
|
+
|
38
|
+
# Configure the docker image for kokoro-trampoline.
|
39
|
+
env_vars: {
|
40
|
+
key: "TRAMPOLINE_IMAGE"
|
41
|
+
value: "gcr.io/cloud-devrel-kokoro-resources/yoshi-ruby/release"
|
42
|
+
}
|
43
|
+
|
44
|
+
env_vars: {
|
45
|
+
key: "TRAMPOLINE_BUILD_FILE"
|
46
|
+
value: ".kokoro/release.sh"
|
47
|
+
}
|
48
|
+
|
49
|
+
env_vars: {
|
50
|
+
key: "SECRET_MANAGER_KEYS"
|
51
|
+
value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
|
52
|
+
}
|
data/.kokoro/release.sh
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
set -eo pipefail
|
4
|
+
|
5
|
+
# Install gems in the user directory because the default install directory
|
6
|
+
# is in a read-only location.
|
7
|
+
export GEM_HOME=$HOME/.gem
|
8
|
+
export PATH=$GEM_HOME/bin:$PATH
|
9
|
+
|
10
|
+
python3 -m pip install git+https://github.com/googleapis/releasetool
|
11
|
+
python3 -m pip install gcp-docuploader
|
12
|
+
gem install --no-document toys
|
13
|
+
bundle install
|
14
|
+
|
15
|
+
python3 -m releasetool publish-reporter-script > /tmp/publisher-script; source /tmp/publisher-script
|
16
|
+
|
17
|
+
toys kokoro publish-gem < /dev/null
|
18
|
+
toys kokoro publish-docs < /dev/null
|
@@ -0,0 +1,489 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
# Copyright 2020 Google LLC
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
|
16
|
+
# trampoline_v2.sh
|
17
|
+
#
|
18
|
+
# If you want to make a change to this file, consider doing so at:
|
19
|
+
# https://github.com/googlecloudplatform/docker-ci-helper
|
20
|
+
#
|
21
|
+
# This script is for running CI builds. For Kokoro builds, we
|
22
|
+
# set this script to `build_file` field in the Kokoro configuration.
|
23
|
+
|
24
|
+
# This script does 3 things.
|
25
|
+
#
|
26
|
+
# 1. Prepare the Docker image for the test
|
27
|
+
# 2. Run the Docker with appropriate flags to run the test
|
28
|
+
# 3. Upload the newly built Docker image
|
29
|
+
#
|
30
|
+
# in a way that is somewhat compatible with trampoline_v1.
|
31
|
+
#
|
32
|
+
# These environment variables are required:
|
33
|
+
# TRAMPOLINE_IMAGE: The docker image to use.
|
34
|
+
# TRAMPOLINE_DOCKERFILE: The location of the Dockerfile.
|
35
|
+
#
|
36
|
+
# You can optionally change these environment variables:
|
37
|
+
# TRAMPOLINE_IMAGE_UPLOAD:
|
38
|
+
# (true|false): Whether to upload the Docker image after the
|
39
|
+
# successful builds.
|
40
|
+
# TRAMPOLINE_BUILD_FILE: The script to run in the docker container.
|
41
|
+
# TRAMPOLINE_WORKSPACE: The workspace path in the docker container.
|
42
|
+
# Defaults to /workspace.
|
43
|
+
# Potentially there are some repo specific envvars in .trampolinerc in
|
44
|
+
# the project root.
|
45
|
+
#
|
46
|
+
# Here is an example for running this script.
|
47
|
+
# TRAMPOLINE_IMAGE=gcr.io/cloud-devrel-kokoro-resources/node:10-user \
|
48
|
+
# TRAMPOLINE_BUILD_FILE=.kokoro/system-test.sh \
|
49
|
+
# .kokoro/trampoline_v2.sh
|
50
|
+
|
51
|
+
set -euo pipefail
|
52
|
+
|
53
|
+
TRAMPOLINE_VERSION="2.0.10"
|
54
|
+
|
55
|
+
if command -v tput >/dev/null && [[ -n "${TERM:-}" ]]; then
|
56
|
+
readonly IO_COLOR_RED="$(tput setaf 1)"
|
57
|
+
readonly IO_COLOR_GREEN="$(tput setaf 2)"
|
58
|
+
readonly IO_COLOR_YELLOW="$(tput setaf 3)"
|
59
|
+
readonly IO_COLOR_RESET="$(tput sgr0)"
|
60
|
+
else
|
61
|
+
readonly IO_COLOR_RED=""
|
62
|
+
readonly IO_COLOR_GREEN=""
|
63
|
+
readonly IO_COLOR_YELLOW=""
|
64
|
+
readonly IO_COLOR_RESET=""
|
65
|
+
fi
|
66
|
+
|
67
|
+
function function_exists {
|
68
|
+
[ $(LC_ALL=C type -t $1)"" == "function" ]
|
69
|
+
}
|
70
|
+
|
71
|
+
# Logs a message using the given color. The first argument must be one
|
72
|
+
# of the IO_COLOR_* variables defined above, such as
|
73
|
+
# "${IO_COLOR_YELLOW}". The remaining arguments will be logged in the
|
74
|
+
# given color. The log message will also have an RFC-3339 timestamp
|
75
|
+
# prepended (in UTC). You can disable the color output by setting
|
76
|
+
# TERM=vt100.
|
77
|
+
function log_impl() {
|
78
|
+
local color="$1"
|
79
|
+
shift
|
80
|
+
local timestamp="$(date -u "+%Y-%m-%dT%H:%M:%SZ")"
|
81
|
+
echo "================================================================"
|
82
|
+
echo "${color}${timestamp}:" "$@" "${IO_COLOR_RESET}"
|
83
|
+
echo "================================================================"
|
84
|
+
}
|
85
|
+
|
86
|
+
# Logs the given message with normal coloring and a timestamp.
|
87
|
+
function log() {
|
88
|
+
log_impl "${IO_COLOR_RESET}" "$@"
|
89
|
+
}
|
90
|
+
|
91
|
+
# Logs the given message in green with a timestamp.
|
92
|
+
function log_green() {
|
93
|
+
log_impl "${IO_COLOR_GREEN}" "$@"
|
94
|
+
}
|
95
|
+
|
96
|
+
# Logs the given message in yellow with a timestamp.
|
97
|
+
function log_yellow() {
|
98
|
+
log_impl "${IO_COLOR_YELLOW}" "$@"
|
99
|
+
}
|
100
|
+
|
101
|
+
# Logs the given message in red with a timestamp.
|
102
|
+
function log_red() {
|
103
|
+
log_impl "${IO_COLOR_RED}" "$@"
|
104
|
+
}
|
105
|
+
|
106
|
+
readonly tmpdir=$(mktemp -d -t ci-XXXXXXXX)
|
107
|
+
readonly tmphome="${tmpdir}/h"
|
108
|
+
mkdir -p "${tmphome}"
|
109
|
+
|
110
|
+
function cleanup() {
|
111
|
+
rm -rf "${tmpdir}"
|
112
|
+
}
|
113
|
+
trap cleanup EXIT
|
114
|
+
|
115
|
+
RUNNING_IN_CI="${RUNNING_IN_CI:-false}"
|
116
|
+
|
117
|
+
# The workspace in the container, defaults to /workspace.
|
118
|
+
TRAMPOLINE_WORKSPACE="${TRAMPOLINE_WORKSPACE:-/workspace}"
|
119
|
+
|
120
|
+
pass_down_envvars=(
|
121
|
+
# TRAMPOLINE_V2 variables.
|
122
|
+
# Tells scripts whether they are running as part of CI or not.
|
123
|
+
"RUNNING_IN_CI"
|
124
|
+
# Indicates which CI system we're in.
|
125
|
+
"TRAMPOLINE_CI"
|
126
|
+
# Indicates the version of the script.
|
127
|
+
"TRAMPOLINE_VERSION"
|
128
|
+
)
|
129
|
+
|
130
|
+
log_yellow "Building with Trampoline ${TRAMPOLINE_VERSION}"
|
131
|
+
|
132
|
+
# Detect which CI systems we're in. If we're in any of the CI systems
|
133
|
+
# we support, `RUNNING_IN_CI` will be true and `TRAMPOLINE_CI` will be
|
134
|
+
# the name of the CI system. Both envvars will be passing down to the
|
135
|
+
# container for telling which CI system we're in.
|
136
|
+
if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
|
137
|
+
# descriptive env var for indicating it's on CI.
|
138
|
+
RUNNING_IN_CI="true"
|
139
|
+
TRAMPOLINE_CI="kokoro"
|
140
|
+
if [[ "${TRAMPOLINE_USE_LEGACY_SERVICE_ACCOUNT:-}" == "true" ]]; then
|
141
|
+
if [[ ! -f "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" ]]; then
|
142
|
+
log_red "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json does not exist. Did you forget to mount cloud-devrel-kokoro-resources/trampoline? Aborting."
|
143
|
+
exit 1
|
144
|
+
fi
|
145
|
+
# This service account will be activated later.
|
146
|
+
TRAMPOLINE_SERVICE_ACCOUNT="${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json"
|
147
|
+
else
|
148
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
149
|
+
gcloud auth list
|
150
|
+
fi
|
151
|
+
log_yellow "Configuring Container Registry access"
|
152
|
+
gcloud auth configure-docker --quiet
|
153
|
+
fi
|
154
|
+
pass_down_envvars+=(
|
155
|
+
# KOKORO dynamic variables.
|
156
|
+
"KOKORO_BUILD_NUMBER"
|
157
|
+
"KOKORO_BUILD_ID"
|
158
|
+
"KOKORO_JOB_NAME"
|
159
|
+
"KOKORO_GIT_COMMIT"
|
160
|
+
"KOKORO_GITHUB_COMMIT"
|
161
|
+
"KOKORO_GITHUB_PULL_REQUEST_NUMBER"
|
162
|
+
"KOKORO_GITHUB_PULL_REQUEST_COMMIT"
|
163
|
+
# For Flaky Bot
|
164
|
+
"KOKORO_GITHUB_COMMIT_URL"
|
165
|
+
"KOKORO_GITHUB_PULL_REQUEST_URL"
|
166
|
+
"KOKORO_BUILD_ARTIFACTS_SUBDIR"
|
167
|
+
)
|
168
|
+
elif [[ "${TRAVIS:-}" == "true" ]]; then
|
169
|
+
RUNNING_IN_CI="true"
|
170
|
+
TRAMPOLINE_CI="travis"
|
171
|
+
pass_down_envvars+=(
|
172
|
+
"TRAVIS_BRANCH"
|
173
|
+
"TRAVIS_BUILD_ID"
|
174
|
+
"TRAVIS_BUILD_NUMBER"
|
175
|
+
"TRAVIS_BUILD_WEB_URL"
|
176
|
+
"TRAVIS_COMMIT"
|
177
|
+
"TRAVIS_COMMIT_MESSAGE"
|
178
|
+
"TRAVIS_COMMIT_RANGE"
|
179
|
+
"TRAVIS_JOB_NAME"
|
180
|
+
"TRAVIS_JOB_NUMBER"
|
181
|
+
"TRAVIS_JOB_WEB_URL"
|
182
|
+
"TRAVIS_PULL_REQUEST"
|
183
|
+
"TRAVIS_PULL_REQUEST_BRANCH"
|
184
|
+
"TRAVIS_PULL_REQUEST_SHA"
|
185
|
+
"TRAVIS_PULL_REQUEST_SLUG"
|
186
|
+
"TRAVIS_REPO_SLUG"
|
187
|
+
"TRAVIS_SECURE_ENV_VARS"
|
188
|
+
"TRAVIS_TAG"
|
189
|
+
)
|
190
|
+
elif [[ -n "${GITHUB_RUN_ID:-}" ]]; then
|
191
|
+
RUNNING_IN_CI="true"
|
192
|
+
TRAMPOLINE_CI="github-workflow"
|
193
|
+
pass_down_envvars+=(
|
194
|
+
"GITHUB_WORKFLOW"
|
195
|
+
"GITHUB_RUN_ID"
|
196
|
+
"GITHUB_RUN_NUMBER"
|
197
|
+
"GITHUB_ACTION"
|
198
|
+
"GITHUB_ACTIONS"
|
199
|
+
"GITHUB_ACTOR"
|
200
|
+
"GITHUB_REPOSITORY"
|
201
|
+
"GITHUB_EVENT_NAME"
|
202
|
+
"GITHUB_EVENT_PATH"
|
203
|
+
"GITHUB_SHA"
|
204
|
+
"GITHUB_REF"
|
205
|
+
"GITHUB_HEAD_REF"
|
206
|
+
"GITHUB_BASE_REF"
|
207
|
+
)
|
208
|
+
elif [[ "${CIRCLECI:-}" == "true" ]]; then
|
209
|
+
RUNNING_IN_CI="true"
|
210
|
+
TRAMPOLINE_CI="circleci"
|
211
|
+
pass_down_envvars+=(
|
212
|
+
"CIRCLE_BRANCH"
|
213
|
+
"CIRCLE_BUILD_NUM"
|
214
|
+
"CIRCLE_BUILD_URL"
|
215
|
+
"CIRCLE_COMPARE_URL"
|
216
|
+
"CIRCLE_JOB"
|
217
|
+
"CIRCLE_NODE_INDEX"
|
218
|
+
"CIRCLE_NODE_TOTAL"
|
219
|
+
"CIRCLE_PREVIOUS_BUILD_NUM"
|
220
|
+
"CIRCLE_PROJECT_REPONAME"
|
221
|
+
"CIRCLE_PROJECT_USERNAME"
|
222
|
+
"CIRCLE_REPOSITORY_URL"
|
223
|
+
"CIRCLE_SHA1"
|
224
|
+
"CIRCLE_STAGE"
|
225
|
+
"CIRCLE_USERNAME"
|
226
|
+
"CIRCLE_WORKFLOW_ID"
|
227
|
+
"CIRCLE_WORKFLOW_JOB_ID"
|
228
|
+
"CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS"
|
229
|
+
"CIRCLE_WORKFLOW_WORKSPACE_ID"
|
230
|
+
)
|
231
|
+
fi
|
232
|
+
|
233
|
+
# Configure the service account for pulling the docker image.
|
234
|
+
function repo_root() {
|
235
|
+
local dir="$1"
|
236
|
+
while [[ ! -d "${dir}/.git" ]]; do
|
237
|
+
dir="$(dirname "$dir")"
|
238
|
+
done
|
239
|
+
echo "${dir}"
|
240
|
+
}
|
241
|
+
|
242
|
+
# Detect the project root. In CI builds, we assume the script is in
|
243
|
+
# the git tree and traverse from there, otherwise, traverse from `pwd`
|
244
|
+
# to find `.git` directory.
|
245
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
246
|
+
PROGRAM_PATH="$(realpath "$0")"
|
247
|
+
PROGRAM_DIR="$(dirname "${PROGRAM_PATH}")"
|
248
|
+
PROJECT_ROOT="$(repo_root "${PROGRAM_DIR}")"
|
249
|
+
else
|
250
|
+
PROJECT_ROOT="$(repo_root $(pwd))"
|
251
|
+
fi
|
252
|
+
|
253
|
+
log_yellow "Changing to the project root: ${PROJECT_ROOT}."
|
254
|
+
cd "${PROJECT_ROOT}"
|
255
|
+
|
256
|
+
# To support relative path for `TRAMPOLINE_SERVICE_ACCOUNT`, we need
|
257
|
+
# to use this environment variable in `PROJECT_ROOT`.
|
258
|
+
if [[ -n "${TRAMPOLINE_SERVICE_ACCOUNT:-}" ]]; then
|
259
|
+
|
260
|
+
mkdir -p "${tmpdir}/gcloud"
|
261
|
+
gcloud_config_dir="${tmpdir}/gcloud"
|
262
|
+
|
263
|
+
log_yellow "Using isolated gcloud config: ${gcloud_config_dir}."
|
264
|
+
export CLOUDSDK_CONFIG="${gcloud_config_dir}"
|
265
|
+
|
266
|
+
log_yellow "Using ${TRAMPOLINE_SERVICE_ACCOUNT} for authentication."
|
267
|
+
gcloud auth activate-service-account \
|
268
|
+
--key-file "${TRAMPOLINE_SERVICE_ACCOUNT}"
|
269
|
+
log_yellow "Configuring Container Registry access"
|
270
|
+
gcloud auth configure-docker --quiet
|
271
|
+
fi
|
272
|
+
|
273
|
+
required_envvars=(
|
274
|
+
# The basic trampoline configurations.
|
275
|
+
"TRAMPOLINE_IMAGE"
|
276
|
+
"TRAMPOLINE_BUILD_FILE"
|
277
|
+
)
|
278
|
+
|
279
|
+
if [[ -f "${PROJECT_ROOT}/.trampolinerc" ]]; then
|
280
|
+
source "${PROJECT_ROOT}/.trampolinerc"
|
281
|
+
fi
|
282
|
+
|
283
|
+
log_yellow "Checking environment variables."
|
284
|
+
for e in "${required_envvars[@]}"
|
285
|
+
do
|
286
|
+
if [[ -z "${!e:-}" ]]; then
|
287
|
+
log "Missing ${e} env var. Aborting."
|
288
|
+
exit 1
|
289
|
+
fi
|
290
|
+
done
|
291
|
+
|
292
|
+
# We want to support legacy style TRAMPOLINE_BUILD_FILE used with V1
|
293
|
+
# script: e.g. "github/repo-name/.kokoro/run_tests.sh"
|
294
|
+
TRAMPOLINE_BUILD_FILE="${TRAMPOLINE_BUILD_FILE#github/*/}"
|
295
|
+
log_yellow "Using TRAMPOLINE_BUILD_FILE: ${TRAMPOLINE_BUILD_FILE}"
|
296
|
+
|
297
|
+
# ignore error on docker operations and test execution
|
298
|
+
set +e
|
299
|
+
|
300
|
+
log_yellow "Preparing Docker image."
|
301
|
+
# We only download the docker image in CI builds.
|
302
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
303
|
+
# Download the docker image specified by `TRAMPOLINE_IMAGE`
|
304
|
+
|
305
|
+
# We may want to add --max-concurrent-downloads flag.
|
306
|
+
|
307
|
+
log_yellow "Start pulling the Docker image: ${TRAMPOLINE_IMAGE}."
|
308
|
+
if docker pull "${TRAMPOLINE_IMAGE}"; then
|
309
|
+
log_green "Finished pulling the Docker image: ${TRAMPOLINE_IMAGE}."
|
310
|
+
has_image="true"
|
311
|
+
else
|
312
|
+
log_red "Failed pulling the Docker image: ${TRAMPOLINE_IMAGE}."
|
313
|
+
has_image="false"
|
314
|
+
fi
|
315
|
+
else
|
316
|
+
# For local run, check if we have the image.
|
317
|
+
if docker images "${TRAMPOLINE_IMAGE}" | grep "${TRAMPOLINE_IMAGE%:*}"; then
|
318
|
+
has_image="true"
|
319
|
+
else
|
320
|
+
has_image="false"
|
321
|
+
fi
|
322
|
+
fi
|
323
|
+
|
324
|
+
|
325
|
+
# The default user for a Docker container has uid 0 (root). To avoid
|
326
|
+
# creating root-owned files in the build directory we tell docker to
|
327
|
+
# use the current user ID.
|
328
|
+
user_uid="$(id -u)"
|
329
|
+
user_gid="$(id -g)"
|
330
|
+
user_name="$(id -un)"
|
331
|
+
|
332
|
+
# To allow docker in docker, we add the user to the docker group in
|
333
|
+
# the host os.
|
334
|
+
docker_gid=$(cut -d: -f3 < <(getent group docker))
|
335
|
+
|
336
|
+
update_cache="false"
|
337
|
+
if [[ "${TRAMPOLINE_DOCKERFILE:-none}" != "none" ]]; then
|
338
|
+
# Build the Docker image from the source.
|
339
|
+
context_dir=$(dirname "${TRAMPOLINE_DOCKERFILE}")
|
340
|
+
docker_build_flags=(
|
341
|
+
"-f" "${TRAMPOLINE_DOCKERFILE}"
|
342
|
+
"-t" "${TRAMPOLINE_IMAGE}"
|
343
|
+
"--build-arg" "UID=${user_uid}"
|
344
|
+
"--build-arg" "USERNAME=${user_name}"
|
345
|
+
)
|
346
|
+
if [[ "${has_image}" == "true" ]]; then
|
347
|
+
docker_build_flags+=("--cache-from" "${TRAMPOLINE_IMAGE}")
|
348
|
+
fi
|
349
|
+
|
350
|
+
log_yellow "Start building the docker image."
|
351
|
+
if [[ "${TRAMPOLINE_VERBOSE:-false}" == "true" ]]; then
|
352
|
+
echo "docker build" "${docker_build_flags[@]}" "${context_dir}"
|
353
|
+
fi
|
354
|
+
|
355
|
+
# ON CI systems, we want to suppress docker build logs, only
|
356
|
+
# output the logs when it fails.
|
357
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
358
|
+
if docker build "${docker_build_flags[@]}" "${context_dir}" \
|
359
|
+
> "${tmpdir}/docker_build.log" 2>&1; then
|
360
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
361
|
+
cat "${tmpdir}/docker_build.log"
|
362
|
+
fi
|
363
|
+
|
364
|
+
log_green "Finished building the docker image."
|
365
|
+
update_cache="true"
|
366
|
+
else
|
367
|
+
log_red "Failed to build the Docker image, aborting."
|
368
|
+
log_yellow "Dumping the build logs:"
|
369
|
+
cat "${tmpdir}/docker_build.log"
|
370
|
+
exit 1
|
371
|
+
fi
|
372
|
+
else
|
373
|
+
if docker build "${docker_build_flags[@]}" "${context_dir}"; then
|
374
|
+
log_green "Finished building the docker image."
|
375
|
+
update_cache="true"
|
376
|
+
else
|
377
|
+
log_red "Failed to build the Docker image, aborting."
|
378
|
+
exit 1
|
379
|
+
fi
|
380
|
+
fi
|
381
|
+
else
|
382
|
+
if [[ "${has_image}" != "true" ]]; then
|
383
|
+
log_red "We do not have ${TRAMPOLINE_IMAGE} locally, aborting."
|
384
|
+
exit 1
|
385
|
+
fi
|
386
|
+
fi
|
387
|
+
|
388
|
+
# We use an array for the flags so they are easier to document.
|
389
|
+
docker_flags=(
|
390
|
+
# Remove the container after it exists.
|
391
|
+
"--rm"
|
392
|
+
|
393
|
+
# Use the host network.
|
394
|
+
"--network=host"
|
395
|
+
|
396
|
+
# Run in priviledged mode. We are not using docker for sandboxing or
|
397
|
+
# isolation, just for packaging our dev tools.
|
398
|
+
"--privileged"
|
399
|
+
|
400
|
+
# Run the docker script with the user id. Because the docker image gets to
|
401
|
+
# write in ${PWD} you typically want this to be your user id.
|
402
|
+
# To allow docker in docker, we need to use docker gid on the host.
|
403
|
+
"--user" "${user_uid}:${docker_gid}"
|
404
|
+
|
405
|
+
# Pass down the USER.
|
406
|
+
"--env" "USER=${user_name}"
|
407
|
+
|
408
|
+
# Mount the project directory inside the Docker container.
|
409
|
+
"--volume" "${PROJECT_ROOT}:${TRAMPOLINE_WORKSPACE}"
|
410
|
+
"--workdir" "${TRAMPOLINE_WORKSPACE}"
|
411
|
+
"--env" "PROJECT_ROOT=${TRAMPOLINE_WORKSPACE}"
|
412
|
+
|
413
|
+
# Mount the temporary home directory.
|
414
|
+
"--volume" "${tmphome}:/h"
|
415
|
+
"--env" "HOME=/h"
|
416
|
+
|
417
|
+
# Allow docker in docker.
|
418
|
+
"--volume" "/var/run/docker.sock:/var/run/docker.sock"
|
419
|
+
|
420
|
+
# Mount the /tmp so that docker in docker can mount the files
|
421
|
+
# there correctly.
|
422
|
+
"--volume" "/tmp:/tmp"
|
423
|
+
# Pass down the KOKORO_GFILE_DIR and KOKORO_KEYSTORE_DIR
|
424
|
+
# TODO(tmatsuo): This part is not portable.
|
425
|
+
"--env" "TRAMPOLINE_SECRET_DIR=/secrets"
|
426
|
+
"--volume" "${KOKORO_GFILE_DIR:-/dev/shm}:/secrets/gfile"
|
427
|
+
"--env" "KOKORO_GFILE_DIR=/secrets/gfile"
|
428
|
+
"--volume" "${KOKORO_KEYSTORE_DIR:-/dev/shm}:/secrets/keystore"
|
429
|
+
"--env" "KOKORO_KEYSTORE_DIR=/secrets/keystore"
|
430
|
+
)
|
431
|
+
|
432
|
+
# Add an option for nicer output if the build gets a tty.
|
433
|
+
if [[ -t 0 ]]; then
|
434
|
+
docker_flags+=("-it")
|
435
|
+
fi
|
436
|
+
|
437
|
+
# Passing down env vars
|
438
|
+
for e in "${pass_down_envvars[@]}"
|
439
|
+
do
|
440
|
+
if [[ -n "${!e:-}" ]]; then
|
441
|
+
docker_flags+=("--env" "${e}=${!e}")
|
442
|
+
fi
|
443
|
+
done
|
444
|
+
|
445
|
+
# If arguments are given, all arguments will become the commands run
|
446
|
+
# in the container, otherwise run TRAMPOLINE_BUILD_FILE.
|
447
|
+
if [[ $# -ge 1 ]]; then
|
448
|
+
log_yellow "Running the given commands '" "${@:1}" "' in the container."
|
449
|
+
readonly commands=("${@:1}")
|
450
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
451
|
+
echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
|
452
|
+
fi
|
453
|
+
docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
|
454
|
+
else
|
455
|
+
log_yellow "Running the tests in a Docker container."
|
456
|
+
docker_flags+=("--entrypoint=${TRAMPOLINE_BUILD_FILE}")
|
457
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
458
|
+
echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
|
459
|
+
fi
|
460
|
+
docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
|
461
|
+
fi
|
462
|
+
|
463
|
+
|
464
|
+
test_retval=$?
|
465
|
+
|
466
|
+
if [[ ${test_retval} -eq 0 ]]; then
|
467
|
+
log_green "Build finished with ${test_retval}"
|
468
|
+
else
|
469
|
+
log_red "Build finished with ${test_retval}"
|
470
|
+
fi
|
471
|
+
|
472
|
+
# Only upload it when the test passes.
|
473
|
+
if [[ "${update_cache}" == "true" ]] && \
|
474
|
+
[[ $test_retval == 0 ]] && \
|
475
|
+
[[ "${TRAMPOLINE_IMAGE_UPLOAD:-false}" == "true" ]]; then
|
476
|
+
log_yellow "Uploading the Docker image."
|
477
|
+
if docker push "${TRAMPOLINE_IMAGE}"; then
|
478
|
+
log_green "Finished uploading the Docker image."
|
479
|
+
else
|
480
|
+
log_red "Failed uploading the Docker image."
|
481
|
+
fi
|
482
|
+
# Call trampoline_after_upload_hook if it's defined.
|
483
|
+
if function_exists trampoline_after_upload_hook; then
|
484
|
+
trampoline_after_upload_hook
|
485
|
+
fi
|
486
|
+
|
487
|
+
fi
|
488
|
+
|
489
|
+
exit "${test_retval}"
|