googleauth 0.13.1 → 0.16.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/CODEOWNERS +7 -0
- data/.github/workflows/ci.yml +55 -0
- data/.github/workflows/release-please.yml +39 -0
- data/.gitignore +3 -0
- data/.kokoro/populate-secrets.sh +76 -0
- data/.kokoro/release.cfg +7 -49
- data/.kokoro/release.sh +18 -0
- data/.kokoro/trampoline_v2.sh +489 -0
- data/.rubocop.yml +0 -2
- data/.toys/.toys.rb +45 -0
- data/.toys/ci.rb +43 -0
- data/.toys/kokoro/.toys.rb +66 -0
- data/.toys/kokoro/publish-docs.rb +67 -0
- data/.toys/kokoro/publish-gem.rb +53 -0
- data/.toys/linkinator.rb +43 -0
- data/.trampolinerc +48 -0
- data/CHANGELOG.md +66 -26
- data/Gemfile +2 -7
- data/{COPYING → LICENSE} +0 -0
- data/README.md +9 -7
- data/googleauth.gemspec +2 -1
- data/lib/googleauth/compute_engine.rb +30 -8
- data/lib/googleauth/credentials.rb +167 -48
- data/lib/googleauth/credentials_loader.rb +1 -1
- data/lib/googleauth/iam.rb +1 -1
- data/lib/googleauth/id_tokens/key_sources.rb +7 -5
- data/lib/googleauth/id_tokens/verifier.rb +7 -9
- data/lib/googleauth/scope_util.rb +1 -1
- data/lib/googleauth/service_account.rb +31 -21
- data/lib/googleauth/signet.rb +1 -1
- data/lib/googleauth/stores/file_token_store.rb +1 -0
- data/lib/googleauth/stores/redis_token_store.rb +1 -0
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +4 -7
- data/spec/googleauth/compute_engine_spec.rb +36 -4
- data/spec/googleauth/credentials_spec.rb +228 -106
- data/spec/googleauth/service_account_spec.rb +8 -0
- metadata +18 -23
- data/.kokoro/build.bat +0 -16
- data/.kokoro/build.sh +0 -4
- data/.kokoro/continuous/common.cfg +0 -24
- data/.kokoro/continuous/linux.cfg +0 -25
- data/.kokoro/continuous/osx.cfg +0 -8
- data/.kokoro/continuous/post.cfg +0 -30
- data/.kokoro/continuous/windows.cfg +0 -29
- data/.kokoro/osx.sh +0 -4
- data/.kokoro/presubmit/common.cfg +0 -24
- data/.kokoro/presubmit/linux.cfg +0 -24
- data/.kokoro/presubmit/osx.cfg +0 -8
- data/.kokoro/presubmit/windows.cfg +0 -29
- data/.kokoro/trampoline.bat +0 -10
- data/.kokoro/trampoline.sh +0 -4
- data/Rakefile +0 -132
- data/rakelib/devsite_builder.rb +0 -45
- data/rakelib/link_checker.rb +0 -64
- data/rakelib/repo_metadata.rb +0 -59
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eefa2fdbe4ecb149c7072c85db0981ab2f697be2d3ce2c1687b3f66972bcfcb2
|
4
|
+
data.tar.gz: df22fda656cb43999edfdd48dfd82c1a25766cc58143d9341c86d5e11aa2c4af
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: de6485517a6497011e7b91482d1b2f4ba54cd9fc792fb8d237df38897c217e2e0793ee4210f8be6058d9b077b5478c1513f4b3c3486546494473ba9d624cf0fc
|
7
|
+
data.tar.gz: 0dab952b230dfc40e1cb8b5010a8fc8ce5e3de03755517408dad390470ab181439f482764f46d6acd77cb52c17f3545c170d51821a2e9b669f21f7db2e52f9a1
|
data/.github/CODEOWNERS
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
# Code owners file.
|
2
|
+
# This file controls who is tagged for review for any given pull request.
|
3
|
+
#
|
4
|
+
# For syntax help see:
|
5
|
+
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
|
6
|
+
|
7
|
+
* @googleapis/yoshi-ruby
|
@@ -0,0 +1,55 @@
|
|
1
|
+
name: CI
|
2
|
+
on:
|
3
|
+
pull_request:
|
4
|
+
branches:
|
5
|
+
- master
|
6
|
+
push:
|
7
|
+
branches:
|
8
|
+
- master
|
9
|
+
workflow_dispatch:
|
10
|
+
jobs:
|
11
|
+
CI:
|
12
|
+
if: ${{ github.repository == 'googleapis/google-auth-library-ruby' }}
|
13
|
+
strategy:
|
14
|
+
matrix:
|
15
|
+
include:
|
16
|
+
- os: ubuntu-latest
|
17
|
+
ruby: "2.5"
|
18
|
+
task: test , spec
|
19
|
+
- os: ubuntu-latest
|
20
|
+
ruby: "2.6"
|
21
|
+
task: test , spec
|
22
|
+
- os: ubuntu-latest
|
23
|
+
ruby: "2.7"
|
24
|
+
task: test , spec
|
25
|
+
- os: ubuntu-latest
|
26
|
+
ruby: "3.0"
|
27
|
+
task: test , spec
|
28
|
+
- os: macos-latest
|
29
|
+
ruby: "2.7"
|
30
|
+
task: test , spec
|
31
|
+
- os: windows-latest
|
32
|
+
ruby: "2.7"
|
33
|
+
task: test , spec
|
34
|
+
- os: ubuntu-latest
|
35
|
+
ruby: "2.7"
|
36
|
+
task: rubocop , integration , build , yardoc , linkinator
|
37
|
+
fail-fast: false
|
38
|
+
runs-on: ${{ matrix.os }}
|
39
|
+
steps:
|
40
|
+
- name: Checkout repo
|
41
|
+
uses: actions/checkout@v2
|
42
|
+
- name: Install Ruby ${{ matrix.ruby }}
|
43
|
+
uses: ruby/setup-ruby@v1
|
44
|
+
with:
|
45
|
+
ruby-version: "${{ matrix.ruby }}"
|
46
|
+
- name: Install NodeJS 14.x
|
47
|
+
uses: actions/setup-node@v1
|
48
|
+
with:
|
49
|
+
node-version: "14.x"
|
50
|
+
- name: Install dependencies
|
51
|
+
shell: bash
|
52
|
+
run: "gem install --no-document toys && bundle install"
|
53
|
+
- name: Test ${{ matrix.task }}
|
54
|
+
shell: bash
|
55
|
+
run: toys do ${{ matrix.task }} < /dev/null
|
@@ -0,0 +1,39 @@
|
|
1
|
+
on:
|
2
|
+
schedule:
|
3
|
+
- cron: '29 9 * * *'
|
4
|
+
workflow_dispatch:
|
5
|
+
|
6
|
+
name: release-please
|
7
|
+
jobs:
|
8
|
+
release-please:
|
9
|
+
env:
|
10
|
+
ENABLE_RELEASE_PLEASE: ${{ secrets.ENABLE_RELEASE_PLEASE }}
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
steps:
|
13
|
+
- name: ReleasePlease
|
14
|
+
id: release-please
|
15
|
+
if: ${{ env.ENABLE_RELEASE_PLEASE || github.event_name == 'workflow_dispatch' }}
|
16
|
+
uses: GoogleCloudPlatform/release-please-action@v2
|
17
|
+
with:
|
18
|
+
command: release-pr
|
19
|
+
token: ${{ secrets.YOSHI_CODE_BOT_TOKEN }}
|
20
|
+
fork: true
|
21
|
+
release-type: ruby
|
22
|
+
package-name: google-auth-library-ruby
|
23
|
+
version-file: lib/googleauth/version.rb
|
24
|
+
monorepo-tags: true
|
25
|
+
bump-minor-pre-major: true
|
26
|
+
- name: ReleaseLabel
|
27
|
+
id: release-label
|
28
|
+
if: ${{ steps.release-please.outputs.pr }}
|
29
|
+
uses: actions/github-script@v2
|
30
|
+
with:
|
31
|
+
github-token: ${{secrets.YOSHI_APPROVER_TOKEN}}
|
32
|
+
script: |
|
33
|
+
core.info("Labeling release");
|
34
|
+
github.issues.addLabels({
|
35
|
+
owner: 'googleapis',
|
36
|
+
repo: 'google-auth-library-ruby',
|
37
|
+
issue_number: ${{ steps.release-please.outputs.pr }},
|
38
|
+
labels: ["autorelease: pending"]
|
39
|
+
});
|
data/.gitignore
CHANGED
@@ -0,0 +1,76 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
# Copyright 2020 Google LLC.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
|
16
|
+
# This file is called in the early stage of `trampoline_v2.sh` to
|
17
|
+
# populate secrets needed for the CI builds.
|
18
|
+
|
19
|
+
set -eo pipefail
|
20
|
+
|
21
|
+
function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n' ;}
|
22
|
+
function msg { println "$*" >&2 ;}
|
23
|
+
function println { printf '%s\n' "$(now) $*" ;}
|
24
|
+
|
25
|
+
# Populates requested secrets set in SECRET_MANAGER_KEYS
|
26
|
+
|
27
|
+
# In Kokoro CI builds, we use the service account attached to the
|
28
|
+
# Kokoro VM. This means we need to setup auth on other CI systems.
|
29
|
+
# For local run, we just use the gcloud command for retrieving the
|
30
|
+
# secrets.
|
31
|
+
|
32
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
33
|
+
GCLOUD_COMMANDS=(
|
34
|
+
"docker"
|
35
|
+
"run"
|
36
|
+
"--entrypoint=gcloud"
|
37
|
+
"--volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR}"
|
38
|
+
"gcr.io/google.com/cloudsdktool/cloud-sdk"
|
39
|
+
)
|
40
|
+
if [[ "${TRAMPOLINE_CI:-}" == "kokoro" ]]; then
|
41
|
+
SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
|
42
|
+
else
|
43
|
+
echo "Authentication for this CI system is not implemented yet."
|
44
|
+
exit 2
|
45
|
+
# TODO: Determine appropriate SECRET_LOCATION and the GCLOUD_COMMANDS.
|
46
|
+
fi
|
47
|
+
else
|
48
|
+
# For local run, use /dev/shm or temporary directory for
|
49
|
+
# KOKORO_GFILE_DIR.
|
50
|
+
if [[ -d "/dev/shm" ]]; then
|
51
|
+
export KOKORO_GFILE_DIR=/dev/shm
|
52
|
+
else
|
53
|
+
export KOKORO_GFILE_DIR=$(mktemp -d -t ci-XXXXXXXX)
|
54
|
+
fi
|
55
|
+
SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
|
56
|
+
GCLOUD_COMMANDS=("gcloud")
|
57
|
+
fi
|
58
|
+
|
59
|
+
msg "Creating folder on disk for secrets: ${SECRET_LOCATION}"
|
60
|
+
mkdir -p ${SECRET_LOCATION}
|
61
|
+
|
62
|
+
for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g")
|
63
|
+
do
|
64
|
+
msg "Retrieving secret ${key}"
|
65
|
+
"${GCLOUD_COMMANDS[@]}" \
|
66
|
+
secrets versions access latest \
|
67
|
+
--project cloud-devrel-kokoro-resources \
|
68
|
+
--secret $key > \
|
69
|
+
"$SECRET_LOCATION/$key"
|
70
|
+
if [[ $? == 0 ]]; then
|
71
|
+
msg "Secret written to ${SECRET_LOCATION}/${key}"
|
72
|
+
else
|
73
|
+
msg "Error retrieving secret ${key}"
|
74
|
+
exit 2
|
75
|
+
fi
|
76
|
+
done
|
data/.kokoro/release.cfg
CHANGED
@@ -17,28 +17,6 @@ before_action {
|
|
17
17
|
}
|
18
18
|
}
|
19
19
|
|
20
|
-
# Fetch magictoken to use with Magic Github Proxy
|
21
|
-
before_action {
|
22
|
-
fetch_keystore {
|
23
|
-
keystore_resource {
|
24
|
-
keystore_config_id: 73713
|
25
|
-
keyname: "releasetool-magictoken"
|
26
|
-
backend_type: FASTCONFIGPUSH
|
27
|
-
}
|
28
|
-
}
|
29
|
-
}
|
30
|
-
|
31
|
-
# Fetch api key to use with Magic Github Proxy
|
32
|
-
before_action {
|
33
|
-
fetch_keystore {
|
34
|
-
keystore_resource {
|
35
|
-
keystore_config_id: 73713
|
36
|
-
keyname: "magic-github-proxy-api-key"
|
37
|
-
backend_type: FASTCONFIGPUSH
|
38
|
-
}
|
39
|
-
}
|
40
|
-
}
|
41
|
-
|
42
20
|
before_action {
|
43
21
|
fetch_keystore {
|
44
22
|
keystore_resource {
|
@@ -55,40 +33,20 @@ gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-ruby"
|
|
55
33
|
gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
|
56
34
|
|
57
35
|
# Use the trampoline script to run in docker.
|
58
|
-
build_file: "google-auth-library-ruby/.kokoro/
|
36
|
+
build_file: "google-auth-library-ruby/.kokoro/trampoline_v2.sh"
|
59
37
|
|
60
38
|
# Configure the docker image for kokoro-trampoline.
|
61
39
|
env_vars: {
|
62
|
-
|
63
|
-
|
64
|
-
}
|
65
|
-
|
66
|
-
env_vars: {
|
67
|
-
key: "TRAMPOLINE_BUILD_FILE"
|
68
|
-
value: "github/google-auth-library-ruby/.kokoro/build.sh"
|
69
|
-
}
|
70
|
-
|
71
|
-
env_vars: {
|
72
|
-
key: "TRAMPOLINE_SCRIPT"
|
73
|
-
value: "trampoline_v1.py"
|
74
|
-
}
|
75
|
-
|
76
|
-
env_vars: {
|
77
|
-
key: "JOB_TYPE"
|
78
|
-
value: "release"
|
79
|
-
}
|
80
|
-
|
81
|
-
env_vars: {
|
82
|
-
key: "OS"
|
83
|
-
value: "linux"
|
40
|
+
key: "TRAMPOLINE_IMAGE"
|
41
|
+
value: "gcr.io/cloud-devrel-kokoro-resources/yoshi-ruby/release"
|
84
42
|
}
|
85
43
|
|
86
44
|
env_vars: {
|
87
|
-
|
88
|
-
|
45
|
+
key: "TRAMPOLINE_BUILD_FILE"
|
46
|
+
value: ".kokoro/release.sh"
|
89
47
|
}
|
90
48
|
|
91
49
|
env_vars: {
|
92
|
-
|
93
|
-
|
50
|
+
key: "SECRET_MANAGER_KEYS"
|
51
|
+
value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
|
94
52
|
}
|
data/.kokoro/release.sh
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
set -eo pipefail
|
4
|
+
|
5
|
+
# Install gems in the user directory because the default install directory
|
6
|
+
# is in a read-only location.
|
7
|
+
export GEM_HOME=$HOME/.gem
|
8
|
+
export PATH=$GEM_HOME/bin:$PATH
|
9
|
+
|
10
|
+
python3 -m pip install git+https://github.com/googleapis/releasetool
|
11
|
+
python3 -m pip install gcp-docuploader
|
12
|
+
gem install --no-document toys
|
13
|
+
bundle install
|
14
|
+
|
15
|
+
python3 -m releasetool publish-reporter-script > /tmp/publisher-script; source /tmp/publisher-script
|
16
|
+
|
17
|
+
toys kokoro publish-gem < /dev/null
|
18
|
+
toys kokoro publish-docs < /dev/null
|
@@ -0,0 +1,489 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
# Copyright 2020 Google LLC
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
|
16
|
+
# trampoline_v2.sh
|
17
|
+
#
|
18
|
+
# If you want to make a change to this file, consider doing so at:
|
19
|
+
# https://github.com/googlecloudplatform/docker-ci-helper
|
20
|
+
#
|
21
|
+
# This script is for running CI builds. For Kokoro builds, we
|
22
|
+
# set this script to `build_file` field in the Kokoro configuration.
|
23
|
+
|
24
|
+
# This script does 3 things.
|
25
|
+
#
|
26
|
+
# 1. Prepare the Docker image for the test
|
27
|
+
# 2. Run the Docker with appropriate flags to run the test
|
28
|
+
# 3. Upload the newly built Docker image
|
29
|
+
#
|
30
|
+
# in a way that is somewhat compatible with trampoline_v1.
|
31
|
+
#
|
32
|
+
# These environment variables are required:
|
33
|
+
# TRAMPOLINE_IMAGE: The docker image to use.
|
34
|
+
# TRAMPOLINE_DOCKERFILE: The location of the Dockerfile.
|
35
|
+
#
|
36
|
+
# You can optionally change these environment variables:
|
37
|
+
# TRAMPOLINE_IMAGE_UPLOAD:
|
38
|
+
# (true|false): Whether to upload the Docker image after the
|
39
|
+
# successful builds.
|
40
|
+
# TRAMPOLINE_BUILD_FILE: The script to run in the docker container.
|
41
|
+
# TRAMPOLINE_WORKSPACE: The workspace path in the docker container.
|
42
|
+
# Defaults to /workspace.
|
43
|
+
# Potentially there are some repo specific envvars in .trampolinerc in
|
44
|
+
# the project root.
|
45
|
+
#
|
46
|
+
# Here is an example for running this script.
|
47
|
+
# TRAMPOLINE_IMAGE=gcr.io/cloud-devrel-kokoro-resources/node:10-user \
|
48
|
+
# TRAMPOLINE_BUILD_FILE=.kokoro/system-test.sh \
|
49
|
+
# .kokoro/trampoline_v2.sh
|
50
|
+
|
51
|
+
set -euo pipefail
|
52
|
+
|
53
|
+
TRAMPOLINE_VERSION="2.0.10"
|
54
|
+
|
55
|
+
if command -v tput >/dev/null && [[ -n "${TERM:-}" ]]; then
|
56
|
+
readonly IO_COLOR_RED="$(tput setaf 1)"
|
57
|
+
readonly IO_COLOR_GREEN="$(tput setaf 2)"
|
58
|
+
readonly IO_COLOR_YELLOW="$(tput setaf 3)"
|
59
|
+
readonly IO_COLOR_RESET="$(tput sgr0)"
|
60
|
+
else
|
61
|
+
readonly IO_COLOR_RED=""
|
62
|
+
readonly IO_COLOR_GREEN=""
|
63
|
+
readonly IO_COLOR_YELLOW=""
|
64
|
+
readonly IO_COLOR_RESET=""
|
65
|
+
fi
|
66
|
+
|
67
|
+
function function_exists {
|
68
|
+
[ $(LC_ALL=C type -t $1)"" == "function" ]
|
69
|
+
}
|
70
|
+
|
71
|
+
# Logs a message using the given color. The first argument must be one
|
72
|
+
# of the IO_COLOR_* variables defined above, such as
|
73
|
+
# "${IO_COLOR_YELLOW}". The remaining arguments will be logged in the
|
74
|
+
# given color. The log message will also have an RFC-3339 timestamp
|
75
|
+
# prepended (in UTC). You can disable the color output by setting
|
76
|
+
# TERM=vt100.
|
77
|
+
function log_impl() {
|
78
|
+
local color="$1"
|
79
|
+
shift
|
80
|
+
local timestamp="$(date -u "+%Y-%m-%dT%H:%M:%SZ")"
|
81
|
+
echo "================================================================"
|
82
|
+
echo "${color}${timestamp}:" "$@" "${IO_COLOR_RESET}"
|
83
|
+
echo "================================================================"
|
84
|
+
}
|
85
|
+
|
86
|
+
# Logs the given message with normal coloring and a timestamp.
|
87
|
+
function log() {
|
88
|
+
log_impl "${IO_COLOR_RESET}" "$@"
|
89
|
+
}
|
90
|
+
|
91
|
+
# Logs the given message in green with a timestamp.
|
92
|
+
function log_green() {
|
93
|
+
log_impl "${IO_COLOR_GREEN}" "$@"
|
94
|
+
}
|
95
|
+
|
96
|
+
# Logs the given message in yellow with a timestamp.
|
97
|
+
function log_yellow() {
|
98
|
+
log_impl "${IO_COLOR_YELLOW}" "$@"
|
99
|
+
}
|
100
|
+
|
101
|
+
# Logs the given message in red with a timestamp.
|
102
|
+
function log_red() {
|
103
|
+
log_impl "${IO_COLOR_RED}" "$@"
|
104
|
+
}
|
105
|
+
|
106
|
+
readonly tmpdir=$(mktemp -d -t ci-XXXXXXXX)
|
107
|
+
readonly tmphome="${tmpdir}/h"
|
108
|
+
mkdir -p "${tmphome}"
|
109
|
+
|
110
|
+
function cleanup() {
|
111
|
+
rm -rf "${tmpdir}"
|
112
|
+
}
|
113
|
+
trap cleanup EXIT
|
114
|
+
|
115
|
+
RUNNING_IN_CI="${RUNNING_IN_CI:-false}"
|
116
|
+
|
117
|
+
# The workspace in the container, defaults to /workspace.
|
118
|
+
TRAMPOLINE_WORKSPACE="${TRAMPOLINE_WORKSPACE:-/workspace}"
|
119
|
+
|
120
|
+
pass_down_envvars=(
|
121
|
+
# TRAMPOLINE_V2 variables.
|
122
|
+
# Tells scripts whether they are running as part of CI or not.
|
123
|
+
"RUNNING_IN_CI"
|
124
|
+
# Indicates which CI system we're in.
|
125
|
+
"TRAMPOLINE_CI"
|
126
|
+
# Indicates the version of the script.
|
127
|
+
"TRAMPOLINE_VERSION"
|
128
|
+
)
|
129
|
+
|
130
|
+
log_yellow "Building with Trampoline ${TRAMPOLINE_VERSION}"
|
131
|
+
|
132
|
+
# Detect which CI systems we're in. If we're in any of the CI systems
|
133
|
+
# we support, `RUNNING_IN_CI` will be true and `TRAMPOLINE_CI` will be
|
134
|
+
# the name of the CI system. Both envvars will be passing down to the
|
135
|
+
# container for telling which CI system we're in.
|
136
|
+
if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
|
137
|
+
# descriptive env var for indicating it's on CI.
|
138
|
+
RUNNING_IN_CI="true"
|
139
|
+
TRAMPOLINE_CI="kokoro"
|
140
|
+
if [[ "${TRAMPOLINE_USE_LEGACY_SERVICE_ACCOUNT:-}" == "true" ]]; then
|
141
|
+
if [[ ! -f "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" ]]; then
|
142
|
+
log_red "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json does not exist. Did you forget to mount cloud-devrel-kokoro-resources/trampoline? Aborting."
|
143
|
+
exit 1
|
144
|
+
fi
|
145
|
+
# This service account will be activated later.
|
146
|
+
TRAMPOLINE_SERVICE_ACCOUNT="${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json"
|
147
|
+
else
|
148
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
149
|
+
gcloud auth list
|
150
|
+
fi
|
151
|
+
log_yellow "Configuring Container Registry access"
|
152
|
+
gcloud auth configure-docker --quiet
|
153
|
+
fi
|
154
|
+
pass_down_envvars+=(
|
155
|
+
# KOKORO dynamic variables.
|
156
|
+
"KOKORO_BUILD_NUMBER"
|
157
|
+
"KOKORO_BUILD_ID"
|
158
|
+
"KOKORO_JOB_NAME"
|
159
|
+
"KOKORO_GIT_COMMIT"
|
160
|
+
"KOKORO_GITHUB_COMMIT"
|
161
|
+
"KOKORO_GITHUB_PULL_REQUEST_NUMBER"
|
162
|
+
"KOKORO_GITHUB_PULL_REQUEST_COMMIT"
|
163
|
+
# For Flaky Bot
|
164
|
+
"KOKORO_GITHUB_COMMIT_URL"
|
165
|
+
"KOKORO_GITHUB_PULL_REQUEST_URL"
|
166
|
+
"KOKORO_BUILD_ARTIFACTS_SUBDIR"
|
167
|
+
)
|
168
|
+
elif [[ "${TRAVIS:-}" == "true" ]]; then
|
169
|
+
RUNNING_IN_CI="true"
|
170
|
+
TRAMPOLINE_CI="travis"
|
171
|
+
pass_down_envvars+=(
|
172
|
+
"TRAVIS_BRANCH"
|
173
|
+
"TRAVIS_BUILD_ID"
|
174
|
+
"TRAVIS_BUILD_NUMBER"
|
175
|
+
"TRAVIS_BUILD_WEB_URL"
|
176
|
+
"TRAVIS_COMMIT"
|
177
|
+
"TRAVIS_COMMIT_MESSAGE"
|
178
|
+
"TRAVIS_COMMIT_RANGE"
|
179
|
+
"TRAVIS_JOB_NAME"
|
180
|
+
"TRAVIS_JOB_NUMBER"
|
181
|
+
"TRAVIS_JOB_WEB_URL"
|
182
|
+
"TRAVIS_PULL_REQUEST"
|
183
|
+
"TRAVIS_PULL_REQUEST_BRANCH"
|
184
|
+
"TRAVIS_PULL_REQUEST_SHA"
|
185
|
+
"TRAVIS_PULL_REQUEST_SLUG"
|
186
|
+
"TRAVIS_REPO_SLUG"
|
187
|
+
"TRAVIS_SECURE_ENV_VARS"
|
188
|
+
"TRAVIS_TAG"
|
189
|
+
)
|
190
|
+
elif [[ -n "${GITHUB_RUN_ID:-}" ]]; then
|
191
|
+
RUNNING_IN_CI="true"
|
192
|
+
TRAMPOLINE_CI="github-workflow"
|
193
|
+
pass_down_envvars+=(
|
194
|
+
"GITHUB_WORKFLOW"
|
195
|
+
"GITHUB_RUN_ID"
|
196
|
+
"GITHUB_RUN_NUMBER"
|
197
|
+
"GITHUB_ACTION"
|
198
|
+
"GITHUB_ACTIONS"
|
199
|
+
"GITHUB_ACTOR"
|
200
|
+
"GITHUB_REPOSITORY"
|
201
|
+
"GITHUB_EVENT_NAME"
|
202
|
+
"GITHUB_EVENT_PATH"
|
203
|
+
"GITHUB_SHA"
|
204
|
+
"GITHUB_REF"
|
205
|
+
"GITHUB_HEAD_REF"
|
206
|
+
"GITHUB_BASE_REF"
|
207
|
+
)
|
208
|
+
elif [[ "${CIRCLECI:-}" == "true" ]]; then
|
209
|
+
RUNNING_IN_CI="true"
|
210
|
+
TRAMPOLINE_CI="circleci"
|
211
|
+
pass_down_envvars+=(
|
212
|
+
"CIRCLE_BRANCH"
|
213
|
+
"CIRCLE_BUILD_NUM"
|
214
|
+
"CIRCLE_BUILD_URL"
|
215
|
+
"CIRCLE_COMPARE_URL"
|
216
|
+
"CIRCLE_JOB"
|
217
|
+
"CIRCLE_NODE_INDEX"
|
218
|
+
"CIRCLE_NODE_TOTAL"
|
219
|
+
"CIRCLE_PREVIOUS_BUILD_NUM"
|
220
|
+
"CIRCLE_PROJECT_REPONAME"
|
221
|
+
"CIRCLE_PROJECT_USERNAME"
|
222
|
+
"CIRCLE_REPOSITORY_URL"
|
223
|
+
"CIRCLE_SHA1"
|
224
|
+
"CIRCLE_STAGE"
|
225
|
+
"CIRCLE_USERNAME"
|
226
|
+
"CIRCLE_WORKFLOW_ID"
|
227
|
+
"CIRCLE_WORKFLOW_JOB_ID"
|
228
|
+
"CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS"
|
229
|
+
"CIRCLE_WORKFLOW_WORKSPACE_ID"
|
230
|
+
)
|
231
|
+
fi
|
232
|
+
|
233
|
+
# Configure the service account for pulling the docker image.
|
234
|
+
function repo_root() {
|
235
|
+
local dir="$1"
|
236
|
+
while [[ ! -d "${dir}/.git" ]]; do
|
237
|
+
dir="$(dirname "$dir")"
|
238
|
+
done
|
239
|
+
echo "${dir}"
|
240
|
+
}
|
241
|
+
|
242
|
+
# Detect the project root. In CI builds, we assume the script is in
|
243
|
+
# the git tree and traverse from there, otherwise, traverse from `pwd`
|
244
|
+
# to find `.git` directory.
|
245
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
246
|
+
PROGRAM_PATH="$(realpath "$0")"
|
247
|
+
PROGRAM_DIR="$(dirname "${PROGRAM_PATH}")"
|
248
|
+
PROJECT_ROOT="$(repo_root "${PROGRAM_DIR}")"
|
249
|
+
else
|
250
|
+
PROJECT_ROOT="$(repo_root $(pwd))"
|
251
|
+
fi
|
252
|
+
|
253
|
+
log_yellow "Changing to the project root: ${PROJECT_ROOT}."
|
254
|
+
cd "${PROJECT_ROOT}"
|
255
|
+
|
256
|
+
# To support relative path for `TRAMPOLINE_SERVICE_ACCOUNT`, we need
|
257
|
+
# to use this environment variable in `PROJECT_ROOT`.
|
258
|
+
if [[ -n "${TRAMPOLINE_SERVICE_ACCOUNT:-}" ]]; then
|
259
|
+
|
260
|
+
mkdir -p "${tmpdir}/gcloud"
|
261
|
+
gcloud_config_dir="${tmpdir}/gcloud"
|
262
|
+
|
263
|
+
log_yellow "Using isolated gcloud config: ${gcloud_config_dir}."
|
264
|
+
export CLOUDSDK_CONFIG="${gcloud_config_dir}"
|
265
|
+
|
266
|
+
log_yellow "Using ${TRAMPOLINE_SERVICE_ACCOUNT} for authentication."
|
267
|
+
gcloud auth activate-service-account \
|
268
|
+
--key-file "${TRAMPOLINE_SERVICE_ACCOUNT}"
|
269
|
+
log_yellow "Configuring Container Registry access"
|
270
|
+
gcloud auth configure-docker --quiet
|
271
|
+
fi
|
272
|
+
|
273
|
+
required_envvars=(
|
274
|
+
# The basic trampoline configurations.
|
275
|
+
"TRAMPOLINE_IMAGE"
|
276
|
+
"TRAMPOLINE_BUILD_FILE"
|
277
|
+
)
|
278
|
+
|
279
|
+
if [[ -f "${PROJECT_ROOT}/.trampolinerc" ]]; then
|
280
|
+
source "${PROJECT_ROOT}/.trampolinerc"
|
281
|
+
fi
|
282
|
+
|
283
|
+
log_yellow "Checking environment variables."
|
284
|
+
for e in "${required_envvars[@]}"
|
285
|
+
do
|
286
|
+
if [[ -z "${!e:-}" ]]; then
|
287
|
+
log "Missing ${e} env var. Aborting."
|
288
|
+
exit 1
|
289
|
+
fi
|
290
|
+
done
|
291
|
+
|
292
|
+
# We want to support legacy style TRAMPOLINE_BUILD_FILE used with V1
|
293
|
+
# script: e.g. "github/repo-name/.kokoro/run_tests.sh"
|
294
|
+
TRAMPOLINE_BUILD_FILE="${TRAMPOLINE_BUILD_FILE#github/*/}"
|
295
|
+
log_yellow "Using TRAMPOLINE_BUILD_FILE: ${TRAMPOLINE_BUILD_FILE}"
|
296
|
+
|
297
|
+
# ignore error on docker operations and test execution
|
298
|
+
set +e
|
299
|
+
|
300
|
+
log_yellow "Preparing Docker image."
|
301
|
+
# We only download the docker image in CI builds.
|
302
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
303
|
+
# Download the docker image specified by `TRAMPOLINE_IMAGE`
|
304
|
+
|
305
|
+
# We may want to add --max-concurrent-downloads flag.
|
306
|
+
|
307
|
+
log_yellow "Start pulling the Docker image: ${TRAMPOLINE_IMAGE}."
|
308
|
+
if docker pull "${TRAMPOLINE_IMAGE}"; then
|
309
|
+
log_green "Finished pulling the Docker image: ${TRAMPOLINE_IMAGE}."
|
310
|
+
has_image="true"
|
311
|
+
else
|
312
|
+
log_red "Failed pulling the Docker image: ${TRAMPOLINE_IMAGE}."
|
313
|
+
has_image="false"
|
314
|
+
fi
|
315
|
+
else
|
316
|
+
# For local run, check if we have the image.
|
317
|
+
if docker images "${TRAMPOLINE_IMAGE}" | grep "${TRAMPOLINE_IMAGE%:*}"; then
|
318
|
+
has_image="true"
|
319
|
+
else
|
320
|
+
has_image="false"
|
321
|
+
fi
|
322
|
+
fi
|
323
|
+
|
324
|
+
|
325
|
+
# The default user for a Docker container has uid 0 (root). To avoid
|
326
|
+
# creating root-owned files in the build directory we tell docker to
|
327
|
+
# use the current user ID.
|
328
|
+
user_uid="$(id -u)"
|
329
|
+
user_gid="$(id -g)"
|
330
|
+
user_name="$(id -un)"
|
331
|
+
|
332
|
+
# To allow docker in docker, we add the user to the docker group in
|
333
|
+
# the host os.
|
334
|
+
docker_gid=$(cut -d: -f3 < <(getent group docker))
|
335
|
+
|
336
|
+
update_cache="false"
|
337
|
+
if [[ "${TRAMPOLINE_DOCKERFILE:-none}" != "none" ]]; then
|
338
|
+
# Build the Docker image from the source.
|
339
|
+
context_dir=$(dirname "${TRAMPOLINE_DOCKERFILE}")
|
340
|
+
docker_build_flags=(
|
341
|
+
"-f" "${TRAMPOLINE_DOCKERFILE}"
|
342
|
+
"-t" "${TRAMPOLINE_IMAGE}"
|
343
|
+
"--build-arg" "UID=${user_uid}"
|
344
|
+
"--build-arg" "USERNAME=${user_name}"
|
345
|
+
)
|
346
|
+
if [[ "${has_image}" == "true" ]]; then
|
347
|
+
docker_build_flags+=("--cache-from" "${TRAMPOLINE_IMAGE}")
|
348
|
+
fi
|
349
|
+
|
350
|
+
log_yellow "Start building the docker image."
|
351
|
+
if [[ "${TRAMPOLINE_VERBOSE:-false}" == "true" ]]; then
|
352
|
+
echo "docker build" "${docker_build_flags[@]}" "${context_dir}"
|
353
|
+
fi
|
354
|
+
|
355
|
+
# ON CI systems, we want to suppress docker build logs, only
|
356
|
+
# output the logs when it fails.
|
357
|
+
if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
|
358
|
+
if docker build "${docker_build_flags[@]}" "${context_dir}" \
|
359
|
+
> "${tmpdir}/docker_build.log" 2>&1; then
|
360
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
361
|
+
cat "${tmpdir}/docker_build.log"
|
362
|
+
fi
|
363
|
+
|
364
|
+
log_green "Finished building the docker image."
|
365
|
+
update_cache="true"
|
366
|
+
else
|
367
|
+
log_red "Failed to build the Docker image, aborting."
|
368
|
+
log_yellow "Dumping the build logs:"
|
369
|
+
cat "${tmpdir}/docker_build.log"
|
370
|
+
exit 1
|
371
|
+
fi
|
372
|
+
else
|
373
|
+
if docker build "${docker_build_flags[@]}" "${context_dir}"; then
|
374
|
+
log_green "Finished building the docker image."
|
375
|
+
update_cache="true"
|
376
|
+
else
|
377
|
+
log_red "Failed to build the Docker image, aborting."
|
378
|
+
exit 1
|
379
|
+
fi
|
380
|
+
fi
|
381
|
+
else
|
382
|
+
if [[ "${has_image}" != "true" ]]; then
|
383
|
+
log_red "We do not have ${TRAMPOLINE_IMAGE} locally, aborting."
|
384
|
+
exit 1
|
385
|
+
fi
|
386
|
+
fi
|
387
|
+
|
388
|
+
# We use an array for the flags so they are easier to document.
|
389
|
+
docker_flags=(
|
390
|
+
# Remove the container after it exists.
|
391
|
+
"--rm"
|
392
|
+
|
393
|
+
# Use the host network.
|
394
|
+
"--network=host"
|
395
|
+
|
396
|
+
# Run in priviledged mode. We are not using docker for sandboxing or
|
397
|
+
# isolation, just for packaging our dev tools.
|
398
|
+
"--privileged"
|
399
|
+
|
400
|
+
# Run the docker script with the user id. Because the docker image gets to
|
401
|
+
# write in ${PWD} you typically want this to be your user id.
|
402
|
+
# To allow docker in docker, we need to use docker gid on the host.
|
403
|
+
"--user" "${user_uid}:${docker_gid}"
|
404
|
+
|
405
|
+
# Pass down the USER.
|
406
|
+
"--env" "USER=${user_name}"
|
407
|
+
|
408
|
+
# Mount the project directory inside the Docker container.
|
409
|
+
"--volume" "${PROJECT_ROOT}:${TRAMPOLINE_WORKSPACE}"
|
410
|
+
"--workdir" "${TRAMPOLINE_WORKSPACE}"
|
411
|
+
"--env" "PROJECT_ROOT=${TRAMPOLINE_WORKSPACE}"
|
412
|
+
|
413
|
+
# Mount the temporary home directory.
|
414
|
+
"--volume" "${tmphome}:/h"
|
415
|
+
"--env" "HOME=/h"
|
416
|
+
|
417
|
+
# Allow docker in docker.
|
418
|
+
"--volume" "/var/run/docker.sock:/var/run/docker.sock"
|
419
|
+
|
420
|
+
# Mount the /tmp so that docker in docker can mount the files
|
421
|
+
# there correctly.
|
422
|
+
"--volume" "/tmp:/tmp"
|
423
|
+
# Pass down the KOKORO_GFILE_DIR and KOKORO_KEYSTORE_DIR
|
424
|
+
# TODO(tmatsuo): This part is not portable.
|
425
|
+
"--env" "TRAMPOLINE_SECRET_DIR=/secrets"
|
426
|
+
"--volume" "${KOKORO_GFILE_DIR:-/dev/shm}:/secrets/gfile"
|
427
|
+
"--env" "KOKORO_GFILE_DIR=/secrets/gfile"
|
428
|
+
"--volume" "${KOKORO_KEYSTORE_DIR:-/dev/shm}:/secrets/keystore"
|
429
|
+
"--env" "KOKORO_KEYSTORE_DIR=/secrets/keystore"
|
430
|
+
)
|
431
|
+
|
432
|
+
# Add an option for nicer output if the build gets a tty.
|
433
|
+
if [[ -t 0 ]]; then
|
434
|
+
docker_flags+=("-it")
|
435
|
+
fi
|
436
|
+
|
437
|
+
# Passing down env vars
|
438
|
+
for e in "${pass_down_envvars[@]}"
|
439
|
+
do
|
440
|
+
if [[ -n "${!e:-}" ]]; then
|
441
|
+
docker_flags+=("--env" "${e}=${!e}")
|
442
|
+
fi
|
443
|
+
done
|
444
|
+
|
445
|
+
# If arguments are given, all arguments will become the commands run
|
446
|
+
# in the container, otherwise run TRAMPOLINE_BUILD_FILE.
|
447
|
+
if [[ $# -ge 1 ]]; then
|
448
|
+
log_yellow "Running the given commands '" "${@:1}" "' in the container."
|
449
|
+
readonly commands=("${@:1}")
|
450
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
451
|
+
echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
|
452
|
+
fi
|
453
|
+
docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
|
454
|
+
else
|
455
|
+
log_yellow "Running the tests in a Docker container."
|
456
|
+
docker_flags+=("--entrypoint=${TRAMPOLINE_BUILD_FILE}")
|
457
|
+
if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
|
458
|
+
echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
|
459
|
+
fi
|
460
|
+
docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
|
461
|
+
fi
|
462
|
+
|
463
|
+
|
464
|
+
test_retval=$?
|
465
|
+
|
466
|
+
if [[ ${test_retval} -eq 0 ]]; then
|
467
|
+
log_green "Build finished with ${test_retval}"
|
468
|
+
else
|
469
|
+
log_red "Build finished with ${test_retval}"
|
470
|
+
fi
|
471
|
+
|
472
|
+
# Only upload it when the test passes.
|
473
|
+
if [[ "${update_cache}" == "true" ]] && \
|
474
|
+
[[ $test_retval == 0 ]] && \
|
475
|
+
[[ "${TRAMPOLINE_IMAGE_UPLOAD:-false}" == "true" ]]; then
|
476
|
+
log_yellow "Uploading the Docker image."
|
477
|
+
if docker push "${TRAMPOLINE_IMAGE}"; then
|
478
|
+
log_green "Finished uploading the Docker image."
|
479
|
+
else
|
480
|
+
log_red "Failed uploading the Docker image."
|
481
|
+
fi
|
482
|
+
# Call trampoline_after_upload_hook if it's defined.
|
483
|
+
if function_exists trampoline_after_upload_hook; then
|
484
|
+
trampoline_after_upload_hook
|
485
|
+
fi
|
486
|
+
|
487
|
+
fi
|
488
|
+
|
489
|
+
exit "${test_retval}"
|