googleauth 0.1.0 → 0.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. checksums.yaml +5 -5
  2. data/.github/CODEOWNERS +7 -0
  3. data/.github/CONTRIBUTING.md +74 -0
  4. data/.github/ISSUE_TEMPLATE/bug_report.md +36 -0
  5. data/.github/ISSUE_TEMPLATE/feature_request.md +21 -0
  6. data/.github/ISSUE_TEMPLATE/support_request.md +7 -0
  7. data/.github/workflows/ci.yml +55 -0
  8. data/.github/workflows/release-please.yml +39 -0
  9. data/.gitignore +3 -0
  10. data/.kokoro/populate-secrets.sh +76 -0
  11. data/.kokoro/release.cfg +52 -0
  12. data/.kokoro/release.sh +18 -0
  13. data/.kokoro/trampoline_v2.sh +489 -0
  14. data/.repo-metadata.json +5 -0
  15. data/.rubocop.yml +17 -0
  16. data/.toys/.toys.rb +45 -0
  17. data/.toys/ci.rb +43 -0
  18. data/.toys/kokoro/.toys.rb +66 -0
  19. data/.toys/kokoro/publish-docs.rb +67 -0
  20. data/.toys/kokoro/publish-gem.rb +53 -0
  21. data/.toys/linkinator.rb +43 -0
  22. data/.trampolinerc +48 -0
  23. data/CHANGELOG.md +192 -0
  24. data/CODE_OF_CONDUCT.md +43 -0
  25. data/Gemfile +22 -1
  26. data/{COPYING → LICENSE} +0 -0
  27. data/README.md +140 -17
  28. data/googleauth.gemspec +28 -28
  29. data/integration/helper.rb +31 -0
  30. data/integration/id_tokens/key_source_test.rb +74 -0
  31. data/lib/googleauth.rb +7 -37
  32. data/lib/googleauth/application_default.rb +81 -0
  33. data/lib/googleauth/client_id.rb +104 -0
  34. data/lib/googleauth/compute_engine.rb +73 -26
  35. data/lib/googleauth/credentials.rb +561 -0
  36. data/lib/googleauth/credentials_loader.rb +207 -0
  37. data/lib/googleauth/default_credentials.rb +93 -0
  38. data/lib/googleauth/iam.rb +75 -0
  39. data/lib/googleauth/id_tokens.rb +233 -0
  40. data/lib/googleauth/id_tokens/errors.rb +71 -0
  41. data/lib/googleauth/id_tokens/key_sources.rb +396 -0
  42. data/lib/googleauth/id_tokens/verifier.rb +142 -0
  43. data/lib/googleauth/json_key_reader.rb +50 -0
  44. data/lib/googleauth/scope_util.rb +61 -0
  45. data/lib/googleauth/service_account.rb +175 -67
  46. data/lib/googleauth/signet.rb +69 -8
  47. data/lib/googleauth/stores/file_token_store.rb +65 -0
  48. data/lib/googleauth/stores/redis_token_store.rb +96 -0
  49. data/lib/googleauth/token_store.rb +69 -0
  50. data/lib/googleauth/user_authorizer.rb +285 -0
  51. data/lib/googleauth/user_refresh.rb +129 -0
  52. data/lib/googleauth/version.rb +1 -1
  53. data/lib/googleauth/web_user_authorizer.rb +295 -0
  54. data/spec/googleauth/apply_auth_examples.rb +96 -94
  55. data/spec/googleauth/client_id_spec.rb +160 -0
  56. data/spec/googleauth/compute_engine_spec.rb +125 -55
  57. data/spec/googleauth/credentials_spec.rb +600 -0
  58. data/spec/googleauth/get_application_default_spec.rb +232 -80
  59. data/spec/googleauth/iam_spec.rb +80 -0
  60. data/spec/googleauth/scope_util_spec.rb +77 -0
  61. data/spec/googleauth/service_account_spec.rb +422 -68
  62. data/spec/googleauth/signet_spec.rb +101 -25
  63. data/spec/googleauth/stores/file_token_store_spec.rb +57 -0
  64. data/spec/googleauth/stores/redis_token_store_spec.rb +50 -0
  65. data/spec/googleauth/stores/store_examples.rb +58 -0
  66. data/spec/googleauth/user_authorizer_spec.rb +343 -0
  67. data/spec/googleauth/user_refresh_spec.rb +359 -0
  68. data/spec/googleauth/web_user_authorizer_spec.rb +172 -0
  69. data/spec/spec_helper.rb +51 -10
  70. data/test/helper.rb +33 -0
  71. data/test/id_tokens/key_sources_test.rb +240 -0
  72. data/test/id_tokens/verifier_test.rb +269 -0
  73. metadata +112 -75
  74. data/.travis.yml +0 -18
  75. data/CONTRIBUTING.md +0 -32
  76. data/Rakefile +0 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 296c6ddfcc4f4a1150e7bfc14e00fc37d60ba933
4
- data.tar.gz: 4e3921f83b5816e22e8509ce7a1912376322ba95
2
+ SHA256:
3
+ metadata.gz: eefa2fdbe4ecb149c7072c85db0981ab2f697be2d3ce2c1687b3f66972bcfcb2
4
+ data.tar.gz: df22fda656cb43999edfdd48dfd82c1a25766cc58143d9341c86d5e11aa2c4af
5
5
  SHA512:
6
- metadata.gz: cc0469ce9a49f4b41cf5be4f0682395f9616940e2eae99af294b22ea646a35a8efbd527ce865056d719cd00d5f473c6bb3c07ffe28a77c82ba8f8e1bd2ba7168
7
- data.tar.gz: b5217485091a72f408dce0fd08e6f9a5d45450f3c16783b8c5f2b8dd13fdeaf96eea90f9bc8b80ec9c10d0c1ee5925536b64f4b0cf8dc9abdd187470f825bcb0
6
+ metadata.gz: de6485517a6497011e7b91482d1b2f4ba54cd9fc792fb8d237df38897c217e2e0793ee4210f8be6058d9b077b5478c1513f4b3c3486546494473ba9d624cf0fc
7
+ data.tar.gz: 0dab952b230dfc40e1cb8b5010a8fc8ce5e3de03755517408dad390470ab181439f482764f46d6acd77cb52c17f3545c170d51821a2e9b669f21f7db2e52f9a1
@@ -0,0 +1,7 @@
1
+ # Code owners file.
2
+ # This file controls who is tagged for review for any given pull request.
3
+ #
4
+ # For syntax help see:
5
+ # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
6
+
7
+ * @googleapis/yoshi-ruby
@@ -0,0 +1,74 @@
1
+ # How to become a contributor and submit your own code
2
+
3
+ ## Contributor License Agreements
4
+
5
+ We'd love to accept your sample apps and patches! Before we can take them, we
6
+ have to jump a couple of legal hurdles.
7
+
8
+ Please fill out either the individual or corporate Contributor License Agreement
9
+ (CLA).
10
+
11
+ * If you are an individual writing original source code and you're sure you
12
+ own the intellectual property, then you'll need to sign an [individual CLA].
13
+ * If you work for a company that wants to allow you to contribute your work,
14
+ then you'll need to sign a [corporate CLA].
15
+
16
+ [individual CLA]: http://code.google.com/legal/individual-cla-v1.0.html
17
+ [corporate CLA]: http://code.google.com/legal/corporate-cla-v1.0.html
18
+
19
+ Follow either of the two links above to access the appropriate CLA and
20
+ instructions for how to sign and return it. Once we receive it, we'll be able to
21
+ accept your pull requests.
22
+
23
+ ## Issue reporting
24
+
25
+ * Check that the issue has not already been reported.
26
+ * Check that the issue has not already been fixed in the latest code
27
+ (a.k.a. `master`).
28
+ * Be clear, concise and precise in your description of the problem.
29
+ * Open an issue with a descriptive title and a summary in grammatically correct,
30
+ complete sentences.
31
+ * Include any relevant code to the issue summary.
32
+
33
+ ## Pull requests
34
+
35
+ * Read [how to properly contribute to open source projects on Github][2].
36
+ * Fork the project.
37
+ * Use a topic/feature branch to easily amend a pull request later, if necessary.
38
+ * Write [good commit messages][3].
39
+ * Use the same coding conventions as the rest of the project.
40
+ * Commit and push until you are happy with your contribution.
41
+ * Make sure to add tests for it. This is important so I don't break it
42
+ in a future version unintentionally.
43
+ * Add an entry to the [Changelog](CHANGELOG.md) accordingly. See [changelog entry format](#changelog-entry-format).
44
+ * Please try not to mess with the Rakefile, version, or history. If you want to
45
+ have your own version, or is otherwise necessary, that is fine, but please
46
+ isolate to its own commit so I can cherry-pick around it.
47
+ * Make sure the test suite is passing and the code you wrote doesn't produce
48
+ RuboCop offenses.
49
+ * [Squash related commits together][5].
50
+ * Open a [pull request][4] that relates to *only* one subject with a clear title
51
+ and description in grammatically correct, complete sentences.
52
+
53
+ ### Changelog entry format
54
+
55
+ Here are a few examples:
56
+
57
+ ```
58
+ * makes the scope parameter's optional in all APIs. (@tbetbetbe[])
59
+ * [#14](https://github.com/google/google-auth-library-ruby/issues/14): ADC Support for JWT Service Tokens. ([@tbetbetbe][])
60
+ ```
61
+
62
+ * Mark it up in [Markdown syntax][6].
63
+ * The entry line should start with `* ` (an asterisk and a space).
64
+ * If the change has a related GitHub issue (e.g. a bug fix for a reported issue), put a link to the issue as `[#123](https://github.com/google/google-auth-library-ruby/issues/11): `.
65
+ * Describe the brief of the change. The sentence should end with a punctuation.
66
+ * At the end of the entry, add an implicit link to your GitHub user page as `([@username][])`.
67
+ * If this is your first contribution to google-auth-library-ruby project, add a link definition for the implicit link to the bottom of the changelog as `[@username]: https://github.com/username`.
68
+
69
+ [1]: https://github.com/google/google-auth-ruby-library/issues
70
+ [2]: http://gun.io/blog/how-to-github-fork-branch-and-pull-request
71
+ [3]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
72
+ [4]: https://help.github.com/articles/using-pull-requests
73
+ [5]: http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html
74
+ [6]: http://daringfireball.net/projects/markdown/syntax
@@ -0,0 +1,36 @@
1
+ ---
2
+ name: Bug report
3
+ about: Create a report to help us improve
4
+
5
+ ---
6
+
7
+ Thanks for stopping by to let us know something could be better!
8
+
9
+ **PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
10
+
11
+ Please run down the following list and make sure you've tried the usual "quick fixes":
12
+
13
+ - Search the issues already opened: https://github.com/googleapis/google-auth-library-ruby/issues
14
+ - Search Stack Overflow: https://stackoverflow.com/questions/tagged/google-auth-library-ruby
15
+
16
+ If you are still having issues, please be sure to include as much information as possible:
17
+
18
+ #### Environment details
19
+
20
+ - OS:
21
+ - Ruby version:
22
+ - Gem name and version:
23
+
24
+ #### Steps to reproduce
25
+
26
+ 1. ...
27
+
28
+ #### Code example
29
+
30
+ ```ruby
31
+ # example
32
+ ```
33
+
34
+ Making sure to follow these steps will guarantee the quickest resolution possible.
35
+
36
+ Thanks!
@@ -0,0 +1,21 @@
1
+ ---
2
+ name: Feature request
3
+ about: Suggest an idea for this library
4
+
5
+ ---
6
+
7
+ Thanks for stopping by to let us know something could be better!
8
+
9
+ **PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
10
+
11
+ **Is your feature request related to a problem? Please describe.**
12
+ A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
13
+
14
+ **Describe the solution you'd like**
15
+ A clear and concise description of what you want to happen.
16
+
17
+ **Describe alternatives you've considered**
18
+ A clear and concise description of any alternative solutions or features you've considered.
19
+
20
+ **Additional context**
21
+ Add any other context or screenshots about the feature request here.
@@ -0,0 +1,7 @@
1
+ ---
2
+ name: Support request
3
+ about: If you have a support contract with Google, please create an issue in the Google Cloud Support console.
4
+
5
+ ---
6
+
7
+ **PLEASE READ**: If you have a support contract with Google, please create an issue in the [support console](https://cloud.google.com/support/) instead of filing on GitHub. This will ensure a timely response.
@@ -0,0 +1,55 @@
1
+ name: CI
2
+ on:
3
+ pull_request:
4
+ branches:
5
+ - master
6
+ push:
7
+ branches:
8
+ - master
9
+ workflow_dispatch:
10
+ jobs:
11
+ CI:
12
+ if: ${{ github.repository == 'googleapis/google-auth-library-ruby' }}
13
+ strategy:
14
+ matrix:
15
+ include:
16
+ - os: ubuntu-latest
17
+ ruby: "2.5"
18
+ task: test , spec
19
+ - os: ubuntu-latest
20
+ ruby: "2.6"
21
+ task: test , spec
22
+ - os: ubuntu-latest
23
+ ruby: "2.7"
24
+ task: test , spec
25
+ - os: ubuntu-latest
26
+ ruby: "3.0"
27
+ task: test , spec
28
+ - os: macos-latest
29
+ ruby: "2.7"
30
+ task: test , spec
31
+ - os: windows-latest
32
+ ruby: "2.7"
33
+ task: test , spec
34
+ - os: ubuntu-latest
35
+ ruby: "2.7"
36
+ task: rubocop , integration , build , yardoc , linkinator
37
+ fail-fast: false
38
+ runs-on: ${{ matrix.os }}
39
+ steps:
40
+ - name: Checkout repo
41
+ uses: actions/checkout@v2
42
+ - name: Install Ruby ${{ matrix.ruby }}
43
+ uses: ruby/setup-ruby@v1
44
+ with:
45
+ ruby-version: "${{ matrix.ruby }}"
46
+ - name: Install NodeJS 14.x
47
+ uses: actions/setup-node@v1
48
+ with:
49
+ node-version: "14.x"
50
+ - name: Install dependencies
51
+ shell: bash
52
+ run: "gem install --no-document toys && bundle install"
53
+ - name: Test ${{ matrix.task }}
54
+ shell: bash
55
+ run: toys do ${{ matrix.task }} < /dev/null
@@ -0,0 +1,39 @@
1
+ on:
2
+ schedule:
3
+ - cron: '29 9 * * *'
4
+ workflow_dispatch:
5
+
6
+ name: release-please
7
+ jobs:
8
+ release-please:
9
+ env:
10
+ ENABLE_RELEASE_PLEASE: ${{ secrets.ENABLE_RELEASE_PLEASE }}
11
+ runs-on: ubuntu-latest
12
+ steps:
13
+ - name: ReleasePlease
14
+ id: release-please
15
+ if: ${{ env.ENABLE_RELEASE_PLEASE || github.event_name == 'workflow_dispatch' }}
16
+ uses: GoogleCloudPlatform/release-please-action@v2
17
+ with:
18
+ command: release-pr
19
+ token: ${{ secrets.YOSHI_CODE_BOT_TOKEN }}
20
+ fork: true
21
+ release-type: ruby
22
+ package-name: google-auth-library-ruby
23
+ version-file: lib/googleauth/version.rb
24
+ monorepo-tags: true
25
+ bump-minor-pre-major: true
26
+ - name: ReleaseLabel
27
+ id: release-label
28
+ if: ${{ steps.release-please.outputs.pr }}
29
+ uses: actions/github-script@v2
30
+ with:
31
+ github-token: ${{secrets.YOSHI_APPROVER_TOKEN}}
32
+ script: |
33
+ core.info("Labeling release");
34
+ github.issues.addLabels({
35
+ owner: 'googleapis',
36
+ repo: 'google-auth-library-ruby',
37
+ issue_number: ${{ steps.release-please.outputs.pr }},
38
+ labels: ["autorelease: pending"]
39
+ });
data/.gitignore CHANGED
@@ -34,3 +34,6 @@ build/
34
34
 
35
35
  # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
36
36
  .rvmrc
37
+
38
+ /node_modules
39
+ /package-lock.json
@@ -0,0 +1,76 @@
1
+ #!/bin/bash
2
+ # Copyright 2020 Google LLC.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ # This file is called in the early stage of `trampoline_v2.sh` to
17
+ # populate secrets needed for the CI builds.
18
+
19
+ set -eo pipefail
20
+
21
+ function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n' ;}
22
+ function msg { println "$*" >&2 ;}
23
+ function println { printf '%s\n' "$(now) $*" ;}
24
+
25
+ # Populates requested secrets set in SECRET_MANAGER_KEYS
26
+
27
+ # In Kokoro CI builds, we use the service account attached to the
28
+ # Kokoro VM. This means we need to setup auth on other CI systems.
29
+ # For local run, we just use the gcloud command for retrieving the
30
+ # secrets.
31
+
32
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
33
+ GCLOUD_COMMANDS=(
34
+ "docker"
35
+ "run"
36
+ "--entrypoint=gcloud"
37
+ "--volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR}"
38
+ "gcr.io/google.com/cloudsdktool/cloud-sdk"
39
+ )
40
+ if [[ "${TRAMPOLINE_CI:-}" == "kokoro" ]]; then
41
+ SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
42
+ else
43
+ echo "Authentication for this CI system is not implemented yet."
44
+ exit 2
45
+ # TODO: Determine appropriate SECRET_LOCATION and the GCLOUD_COMMANDS.
46
+ fi
47
+ else
48
+ # For local run, use /dev/shm or temporary directory for
49
+ # KOKORO_GFILE_DIR.
50
+ if [[ -d "/dev/shm" ]]; then
51
+ export KOKORO_GFILE_DIR=/dev/shm
52
+ else
53
+ export KOKORO_GFILE_DIR=$(mktemp -d -t ci-XXXXXXXX)
54
+ fi
55
+ SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
56
+ GCLOUD_COMMANDS=("gcloud")
57
+ fi
58
+
59
+ msg "Creating folder on disk for secrets: ${SECRET_LOCATION}"
60
+ mkdir -p ${SECRET_LOCATION}
61
+
62
+ for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g")
63
+ do
64
+ msg "Retrieving secret ${key}"
65
+ "${GCLOUD_COMMANDS[@]}" \
66
+ secrets versions access latest \
67
+ --project cloud-devrel-kokoro-resources \
68
+ --secret $key > \
69
+ "$SECRET_LOCATION/$key"
70
+ if [[ $? == 0 ]]; then
71
+ msg "Secret written to ${SECRET_LOCATION}/${key}"
72
+ else
73
+ msg "Error retrieving secret ${key}"
74
+ exit 2
75
+ fi
76
+ done
@@ -0,0 +1,52 @@
1
+ # Format: //devtools/kokoro/config/proto/build.proto
2
+
3
+ # Build logs will be here
4
+ action {
5
+ define_artifacts {
6
+ regex: "**/*sponge_log.xml"
7
+ }
8
+ }
9
+
10
+ # Fetch the token needed for reporting release status to GitHub
11
+ before_action {
12
+ fetch_keystore {
13
+ keystore_resource {
14
+ keystore_config_id: 73713
15
+ keyname: "yoshi-automation-github-key"
16
+ }
17
+ }
18
+ }
19
+
20
+ before_action {
21
+ fetch_keystore {
22
+ keystore_resource {
23
+ keystore_config_id: 73713
24
+ keyname: "docuploader_service_account"
25
+ }
26
+ }
27
+ }
28
+
29
+ # Download resources for system tests (service account key, etc.)
30
+ gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-ruby"
31
+
32
+ # Download trampoline resources.
33
+ gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
34
+
35
+ # Use the trampoline script to run in docker.
36
+ build_file: "google-auth-library-ruby/.kokoro/trampoline_v2.sh"
37
+
38
+ # Configure the docker image for kokoro-trampoline.
39
+ env_vars: {
40
+ key: "TRAMPOLINE_IMAGE"
41
+ value: "gcr.io/cloud-devrel-kokoro-resources/yoshi-ruby/release"
42
+ }
43
+
44
+ env_vars: {
45
+ key: "TRAMPOLINE_BUILD_FILE"
46
+ value: ".kokoro/release.sh"
47
+ }
48
+
49
+ env_vars: {
50
+ key: "SECRET_MANAGER_KEYS"
51
+ value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
52
+ }
@@ -0,0 +1,18 @@
1
+ #!/bin/bash
2
+
3
+ set -eo pipefail
4
+
5
+ # Install gems in the user directory because the default install directory
6
+ # is in a read-only location.
7
+ export GEM_HOME=$HOME/.gem
8
+ export PATH=$GEM_HOME/bin:$PATH
9
+
10
+ python3 -m pip install git+https://github.com/googleapis/releasetool
11
+ python3 -m pip install gcp-docuploader
12
+ gem install --no-document toys
13
+ bundle install
14
+
15
+ python3 -m releasetool publish-reporter-script > /tmp/publisher-script; source /tmp/publisher-script
16
+
17
+ toys kokoro publish-gem < /dev/null
18
+ toys kokoro publish-docs < /dev/null
@@ -0,0 +1,489 @@
1
+ #!/usr/bin/env bash
2
+ # Copyright 2020 Google LLC
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ # trampoline_v2.sh
17
+ #
18
+ # If you want to make a change to this file, consider doing so at:
19
+ # https://github.com/googlecloudplatform/docker-ci-helper
20
+ #
21
+ # This script is for running CI builds. For Kokoro builds, we
22
+ # set this script to `build_file` field in the Kokoro configuration.
23
+
24
+ # This script does 3 things.
25
+ #
26
+ # 1. Prepare the Docker image for the test
27
+ # 2. Run the Docker with appropriate flags to run the test
28
+ # 3. Upload the newly built Docker image
29
+ #
30
+ # in a way that is somewhat compatible with trampoline_v1.
31
+ #
32
+ # These environment variables are required:
33
+ # TRAMPOLINE_IMAGE: The docker image to use.
34
+ # TRAMPOLINE_DOCKERFILE: The location of the Dockerfile.
35
+ #
36
+ # You can optionally change these environment variables:
37
+ # TRAMPOLINE_IMAGE_UPLOAD:
38
+ # (true|false): Whether to upload the Docker image after the
39
+ # successful builds.
40
+ # TRAMPOLINE_BUILD_FILE: The script to run in the docker container.
41
+ # TRAMPOLINE_WORKSPACE: The workspace path in the docker container.
42
+ # Defaults to /workspace.
43
+ # Potentially there are some repo specific envvars in .trampolinerc in
44
+ # the project root.
45
+ #
46
+ # Here is an example for running this script.
47
+ # TRAMPOLINE_IMAGE=gcr.io/cloud-devrel-kokoro-resources/node:10-user \
48
+ # TRAMPOLINE_BUILD_FILE=.kokoro/system-test.sh \
49
+ # .kokoro/trampoline_v2.sh
50
+
51
+ set -euo pipefail
52
+
53
+ TRAMPOLINE_VERSION="2.0.10"
54
+
55
+ if command -v tput >/dev/null && [[ -n "${TERM:-}" ]]; then
56
+ readonly IO_COLOR_RED="$(tput setaf 1)"
57
+ readonly IO_COLOR_GREEN="$(tput setaf 2)"
58
+ readonly IO_COLOR_YELLOW="$(tput setaf 3)"
59
+ readonly IO_COLOR_RESET="$(tput sgr0)"
60
+ else
61
+ readonly IO_COLOR_RED=""
62
+ readonly IO_COLOR_GREEN=""
63
+ readonly IO_COLOR_YELLOW=""
64
+ readonly IO_COLOR_RESET=""
65
+ fi
66
+
67
+ function function_exists {
68
+ [ $(LC_ALL=C type -t $1)"" == "function" ]
69
+ }
70
+
71
+ # Logs a message using the given color. The first argument must be one
72
+ # of the IO_COLOR_* variables defined above, such as
73
+ # "${IO_COLOR_YELLOW}". The remaining arguments will be logged in the
74
+ # given color. The log message will also have an RFC-3339 timestamp
75
+ # prepended (in UTC). You can disable the color output by setting
76
+ # TERM=vt100.
77
+ function log_impl() {
78
+ local color="$1"
79
+ shift
80
+ local timestamp="$(date -u "+%Y-%m-%dT%H:%M:%SZ")"
81
+ echo "================================================================"
82
+ echo "${color}${timestamp}:" "$@" "${IO_COLOR_RESET}"
83
+ echo "================================================================"
84
+ }
85
+
86
+ # Logs the given message with normal coloring and a timestamp.
87
+ function log() {
88
+ log_impl "${IO_COLOR_RESET}" "$@"
89
+ }
90
+
91
+ # Logs the given message in green with a timestamp.
92
+ function log_green() {
93
+ log_impl "${IO_COLOR_GREEN}" "$@"
94
+ }
95
+
96
+ # Logs the given message in yellow with a timestamp.
97
+ function log_yellow() {
98
+ log_impl "${IO_COLOR_YELLOW}" "$@"
99
+ }
100
+
101
+ # Logs the given message in red with a timestamp.
102
+ function log_red() {
103
+ log_impl "${IO_COLOR_RED}" "$@"
104
+ }
105
+
106
+ readonly tmpdir=$(mktemp -d -t ci-XXXXXXXX)
107
+ readonly tmphome="${tmpdir}/h"
108
+ mkdir -p "${tmphome}"
109
+
110
+ function cleanup() {
111
+ rm -rf "${tmpdir}"
112
+ }
113
+ trap cleanup EXIT
114
+
115
+ RUNNING_IN_CI="${RUNNING_IN_CI:-false}"
116
+
117
+ # The workspace in the container, defaults to /workspace.
118
+ TRAMPOLINE_WORKSPACE="${TRAMPOLINE_WORKSPACE:-/workspace}"
119
+
120
+ pass_down_envvars=(
121
+ # TRAMPOLINE_V2 variables.
122
+ # Tells scripts whether they are running as part of CI or not.
123
+ "RUNNING_IN_CI"
124
+ # Indicates which CI system we're in.
125
+ "TRAMPOLINE_CI"
126
+ # Indicates the version of the script.
127
+ "TRAMPOLINE_VERSION"
128
+ )
129
+
130
+ log_yellow "Building with Trampoline ${TRAMPOLINE_VERSION}"
131
+
132
+ # Detect which CI systems we're in. If we're in any of the CI systems
133
+ # we support, `RUNNING_IN_CI` will be true and `TRAMPOLINE_CI` will be
134
+ # the name of the CI system. Both envvars will be passing down to the
135
+ # container for telling which CI system we're in.
136
+ if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
137
+ # descriptive env var for indicating it's on CI.
138
+ RUNNING_IN_CI="true"
139
+ TRAMPOLINE_CI="kokoro"
140
+ if [[ "${TRAMPOLINE_USE_LEGACY_SERVICE_ACCOUNT:-}" == "true" ]]; then
141
+ if [[ ! -f "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" ]]; then
142
+ log_red "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json does not exist. Did you forget to mount cloud-devrel-kokoro-resources/trampoline? Aborting."
143
+ exit 1
144
+ fi
145
+ # This service account will be activated later.
146
+ TRAMPOLINE_SERVICE_ACCOUNT="${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json"
147
+ else
148
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
149
+ gcloud auth list
150
+ fi
151
+ log_yellow "Configuring Container Registry access"
152
+ gcloud auth configure-docker --quiet
153
+ fi
154
+ pass_down_envvars+=(
155
+ # KOKORO dynamic variables.
156
+ "KOKORO_BUILD_NUMBER"
157
+ "KOKORO_BUILD_ID"
158
+ "KOKORO_JOB_NAME"
159
+ "KOKORO_GIT_COMMIT"
160
+ "KOKORO_GITHUB_COMMIT"
161
+ "KOKORO_GITHUB_PULL_REQUEST_NUMBER"
162
+ "KOKORO_GITHUB_PULL_REQUEST_COMMIT"
163
+ # For Flaky Bot
164
+ "KOKORO_GITHUB_COMMIT_URL"
165
+ "KOKORO_GITHUB_PULL_REQUEST_URL"
166
+ "KOKORO_BUILD_ARTIFACTS_SUBDIR"
167
+ )
168
+ elif [[ "${TRAVIS:-}" == "true" ]]; then
169
+ RUNNING_IN_CI="true"
170
+ TRAMPOLINE_CI="travis"
171
+ pass_down_envvars+=(
172
+ "TRAVIS_BRANCH"
173
+ "TRAVIS_BUILD_ID"
174
+ "TRAVIS_BUILD_NUMBER"
175
+ "TRAVIS_BUILD_WEB_URL"
176
+ "TRAVIS_COMMIT"
177
+ "TRAVIS_COMMIT_MESSAGE"
178
+ "TRAVIS_COMMIT_RANGE"
179
+ "TRAVIS_JOB_NAME"
180
+ "TRAVIS_JOB_NUMBER"
181
+ "TRAVIS_JOB_WEB_URL"
182
+ "TRAVIS_PULL_REQUEST"
183
+ "TRAVIS_PULL_REQUEST_BRANCH"
184
+ "TRAVIS_PULL_REQUEST_SHA"
185
+ "TRAVIS_PULL_REQUEST_SLUG"
186
+ "TRAVIS_REPO_SLUG"
187
+ "TRAVIS_SECURE_ENV_VARS"
188
+ "TRAVIS_TAG"
189
+ )
190
+ elif [[ -n "${GITHUB_RUN_ID:-}" ]]; then
191
+ RUNNING_IN_CI="true"
192
+ TRAMPOLINE_CI="github-workflow"
193
+ pass_down_envvars+=(
194
+ "GITHUB_WORKFLOW"
195
+ "GITHUB_RUN_ID"
196
+ "GITHUB_RUN_NUMBER"
197
+ "GITHUB_ACTION"
198
+ "GITHUB_ACTIONS"
199
+ "GITHUB_ACTOR"
200
+ "GITHUB_REPOSITORY"
201
+ "GITHUB_EVENT_NAME"
202
+ "GITHUB_EVENT_PATH"
203
+ "GITHUB_SHA"
204
+ "GITHUB_REF"
205
+ "GITHUB_HEAD_REF"
206
+ "GITHUB_BASE_REF"
207
+ )
208
+ elif [[ "${CIRCLECI:-}" == "true" ]]; then
209
+ RUNNING_IN_CI="true"
210
+ TRAMPOLINE_CI="circleci"
211
+ pass_down_envvars+=(
212
+ "CIRCLE_BRANCH"
213
+ "CIRCLE_BUILD_NUM"
214
+ "CIRCLE_BUILD_URL"
215
+ "CIRCLE_COMPARE_URL"
216
+ "CIRCLE_JOB"
217
+ "CIRCLE_NODE_INDEX"
218
+ "CIRCLE_NODE_TOTAL"
219
+ "CIRCLE_PREVIOUS_BUILD_NUM"
220
+ "CIRCLE_PROJECT_REPONAME"
221
+ "CIRCLE_PROJECT_USERNAME"
222
+ "CIRCLE_REPOSITORY_URL"
223
+ "CIRCLE_SHA1"
224
+ "CIRCLE_STAGE"
225
+ "CIRCLE_USERNAME"
226
+ "CIRCLE_WORKFLOW_ID"
227
+ "CIRCLE_WORKFLOW_JOB_ID"
228
+ "CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS"
229
+ "CIRCLE_WORKFLOW_WORKSPACE_ID"
230
+ )
231
+ fi
232
+
233
+ # Configure the service account for pulling the docker image.
234
+ function repo_root() {
235
+ local dir="$1"
236
+ while [[ ! -d "${dir}/.git" ]]; do
237
+ dir="$(dirname "$dir")"
238
+ done
239
+ echo "${dir}"
240
+ }
241
+
242
+ # Detect the project root. In CI builds, we assume the script is in
243
+ # the git tree and traverse from there, otherwise, traverse from `pwd`
244
+ # to find `.git` directory.
245
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
246
+ PROGRAM_PATH="$(realpath "$0")"
247
+ PROGRAM_DIR="$(dirname "${PROGRAM_PATH}")"
248
+ PROJECT_ROOT="$(repo_root "${PROGRAM_DIR}")"
249
+ else
250
+ PROJECT_ROOT="$(repo_root $(pwd))"
251
+ fi
252
+
253
+ log_yellow "Changing to the project root: ${PROJECT_ROOT}."
254
+ cd "${PROJECT_ROOT}"
255
+
256
+ # To support relative path for `TRAMPOLINE_SERVICE_ACCOUNT`, we need
257
+ # to use this environment variable in `PROJECT_ROOT`.
258
+ if [[ -n "${TRAMPOLINE_SERVICE_ACCOUNT:-}" ]]; then
259
+
260
+ mkdir -p "${tmpdir}/gcloud"
261
+ gcloud_config_dir="${tmpdir}/gcloud"
262
+
263
+ log_yellow "Using isolated gcloud config: ${gcloud_config_dir}."
264
+ export CLOUDSDK_CONFIG="${gcloud_config_dir}"
265
+
266
+ log_yellow "Using ${TRAMPOLINE_SERVICE_ACCOUNT} for authentication."
267
+ gcloud auth activate-service-account \
268
+ --key-file "${TRAMPOLINE_SERVICE_ACCOUNT}"
269
+ log_yellow "Configuring Container Registry access"
270
+ gcloud auth configure-docker --quiet
271
+ fi
272
+
273
+ required_envvars=(
274
+ # The basic trampoline configurations.
275
+ "TRAMPOLINE_IMAGE"
276
+ "TRAMPOLINE_BUILD_FILE"
277
+ )
278
+
279
+ if [[ -f "${PROJECT_ROOT}/.trampolinerc" ]]; then
280
+ source "${PROJECT_ROOT}/.trampolinerc"
281
+ fi
282
+
283
+ log_yellow "Checking environment variables."
284
+ for e in "${required_envvars[@]}"
285
+ do
286
+ if [[ -z "${!e:-}" ]]; then
287
+ log "Missing ${e} env var. Aborting."
288
+ exit 1
289
+ fi
290
+ done
291
+
292
+ # We want to support legacy style TRAMPOLINE_BUILD_FILE used with V1
293
+ # script: e.g. "github/repo-name/.kokoro/run_tests.sh"
294
+ TRAMPOLINE_BUILD_FILE="${TRAMPOLINE_BUILD_FILE#github/*/}"
295
+ log_yellow "Using TRAMPOLINE_BUILD_FILE: ${TRAMPOLINE_BUILD_FILE}"
296
+
297
+ # ignore error on docker operations and test execution
298
+ set +e
299
+
300
+ log_yellow "Preparing Docker image."
301
+ # We only download the docker image in CI builds.
302
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
303
+ # Download the docker image specified by `TRAMPOLINE_IMAGE`
304
+
305
+ # We may want to add --max-concurrent-downloads flag.
306
+
307
+ log_yellow "Start pulling the Docker image: ${TRAMPOLINE_IMAGE}."
308
+ if docker pull "${TRAMPOLINE_IMAGE}"; then
309
+ log_green "Finished pulling the Docker image: ${TRAMPOLINE_IMAGE}."
310
+ has_image="true"
311
+ else
312
+ log_red "Failed pulling the Docker image: ${TRAMPOLINE_IMAGE}."
313
+ has_image="false"
314
+ fi
315
+ else
316
+ # For local run, check if we have the image.
317
+ if docker images "${TRAMPOLINE_IMAGE}" | grep "${TRAMPOLINE_IMAGE%:*}"; then
318
+ has_image="true"
319
+ else
320
+ has_image="false"
321
+ fi
322
+ fi
323
+
324
+
325
+ # The default user for a Docker container has uid 0 (root). To avoid
326
+ # creating root-owned files in the build directory we tell docker to
327
+ # use the current user ID.
328
+ user_uid="$(id -u)"
329
+ user_gid="$(id -g)"
330
+ user_name="$(id -un)"
331
+
332
+ # To allow docker in docker, we add the user to the docker group in
333
+ # the host os.
334
+ docker_gid=$(cut -d: -f3 < <(getent group docker))
335
+
336
+ update_cache="false"
337
+ if [[ "${TRAMPOLINE_DOCKERFILE:-none}" != "none" ]]; then
338
+ # Build the Docker image from the source.
339
+ context_dir=$(dirname "${TRAMPOLINE_DOCKERFILE}")
340
+ docker_build_flags=(
341
+ "-f" "${TRAMPOLINE_DOCKERFILE}"
342
+ "-t" "${TRAMPOLINE_IMAGE}"
343
+ "--build-arg" "UID=${user_uid}"
344
+ "--build-arg" "USERNAME=${user_name}"
345
+ )
346
+ if [[ "${has_image}" == "true" ]]; then
347
+ docker_build_flags+=("--cache-from" "${TRAMPOLINE_IMAGE}")
348
+ fi
349
+
350
+ log_yellow "Start building the docker image."
351
+ if [[ "${TRAMPOLINE_VERBOSE:-false}" == "true" ]]; then
352
+ echo "docker build" "${docker_build_flags[@]}" "${context_dir}"
353
+ fi
354
+
355
+ # ON CI systems, we want to suppress docker build logs, only
356
+ # output the logs when it fails.
357
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
358
+ if docker build "${docker_build_flags[@]}" "${context_dir}" \
359
+ > "${tmpdir}/docker_build.log" 2>&1; then
360
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
361
+ cat "${tmpdir}/docker_build.log"
362
+ fi
363
+
364
+ log_green "Finished building the docker image."
365
+ update_cache="true"
366
+ else
367
+ log_red "Failed to build the Docker image, aborting."
368
+ log_yellow "Dumping the build logs:"
369
+ cat "${tmpdir}/docker_build.log"
370
+ exit 1
371
+ fi
372
+ else
373
+ if docker build "${docker_build_flags[@]}" "${context_dir}"; then
374
+ log_green "Finished building the docker image."
375
+ update_cache="true"
376
+ else
377
+ log_red "Failed to build the Docker image, aborting."
378
+ exit 1
379
+ fi
380
+ fi
381
+ else
382
+ if [[ "${has_image}" != "true" ]]; then
383
+ log_red "We do not have ${TRAMPOLINE_IMAGE} locally, aborting."
384
+ exit 1
385
+ fi
386
+ fi
387
+
388
+ # We use an array for the flags so they are easier to document.
389
+ docker_flags=(
390
+ # Remove the container after it exists.
391
+ "--rm"
392
+
393
+ # Use the host network.
394
+ "--network=host"
395
+
396
+ # Run in priviledged mode. We are not using docker for sandboxing or
397
+ # isolation, just for packaging our dev tools.
398
+ "--privileged"
399
+
400
+ # Run the docker script with the user id. Because the docker image gets to
401
+ # write in ${PWD} you typically want this to be your user id.
402
+ # To allow docker in docker, we need to use docker gid on the host.
403
+ "--user" "${user_uid}:${docker_gid}"
404
+
405
+ # Pass down the USER.
406
+ "--env" "USER=${user_name}"
407
+
408
+ # Mount the project directory inside the Docker container.
409
+ "--volume" "${PROJECT_ROOT}:${TRAMPOLINE_WORKSPACE}"
410
+ "--workdir" "${TRAMPOLINE_WORKSPACE}"
411
+ "--env" "PROJECT_ROOT=${TRAMPOLINE_WORKSPACE}"
412
+
413
+ # Mount the temporary home directory.
414
+ "--volume" "${tmphome}:/h"
415
+ "--env" "HOME=/h"
416
+
417
+ # Allow docker in docker.
418
+ "--volume" "/var/run/docker.sock:/var/run/docker.sock"
419
+
420
+ # Mount the /tmp so that docker in docker can mount the files
421
+ # there correctly.
422
+ "--volume" "/tmp:/tmp"
423
+ # Pass down the KOKORO_GFILE_DIR and KOKORO_KEYSTORE_DIR
424
+ # TODO(tmatsuo): This part is not portable.
425
+ "--env" "TRAMPOLINE_SECRET_DIR=/secrets"
426
+ "--volume" "${KOKORO_GFILE_DIR:-/dev/shm}:/secrets/gfile"
427
+ "--env" "KOKORO_GFILE_DIR=/secrets/gfile"
428
+ "--volume" "${KOKORO_KEYSTORE_DIR:-/dev/shm}:/secrets/keystore"
429
+ "--env" "KOKORO_KEYSTORE_DIR=/secrets/keystore"
430
+ )
431
+
432
+ # Add an option for nicer output if the build gets a tty.
433
+ if [[ -t 0 ]]; then
434
+ docker_flags+=("-it")
435
+ fi
436
+
437
+ # Passing down env vars
438
+ for e in "${pass_down_envvars[@]}"
439
+ do
440
+ if [[ -n "${!e:-}" ]]; then
441
+ docker_flags+=("--env" "${e}=${!e}")
442
+ fi
443
+ done
444
+
445
+ # If arguments are given, all arguments will become the commands run
446
+ # in the container, otherwise run TRAMPOLINE_BUILD_FILE.
447
+ if [[ $# -ge 1 ]]; then
448
+ log_yellow "Running the given commands '" "${@:1}" "' in the container."
449
+ readonly commands=("${@:1}")
450
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
451
+ echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
452
+ fi
453
+ docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
454
+ else
455
+ log_yellow "Running the tests in a Docker container."
456
+ docker_flags+=("--entrypoint=${TRAMPOLINE_BUILD_FILE}")
457
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
458
+ echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
459
+ fi
460
+ docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
461
+ fi
462
+
463
+
464
+ test_retval=$?
465
+
466
+ if [[ ${test_retval} -eq 0 ]]; then
467
+ log_green "Build finished with ${test_retval}"
468
+ else
469
+ log_red "Build finished with ${test_retval}"
470
+ fi
471
+
472
+ # Only upload it when the test passes.
473
+ if [[ "${update_cache}" == "true" ]] && \
474
+ [[ $test_retval == 0 ]] && \
475
+ [[ "${TRAMPOLINE_IMAGE_UPLOAD:-false}" == "true" ]]; then
476
+ log_yellow "Uploading the Docker image."
477
+ if docker push "${TRAMPOLINE_IMAGE}"; then
478
+ log_green "Finished uploading the Docker image."
479
+ else
480
+ log_red "Failed uploading the Docker image."
481
+ fi
482
+ # Call trampoline_after_upload_hook if it's defined.
483
+ if function_exists trampoline_after_upload_hook; then
484
+ trampoline_after_upload_hook
485
+ fi
486
+
487
+ fi
488
+
489
+ exit "${test_retval}"