googleauth 0.14.0 → 0.16.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.github/renovate.json +6 -0
  3. data/.github/sync-repo-settings.yaml +18 -0
  4. data/.github/workflows/ci.yml +55 -0
  5. data/.github/workflows/release-please.yml +39 -0
  6. data/.gitignore +3 -0
  7. data/.kokoro/populate-secrets.sh +76 -0
  8. data/.kokoro/release.cfg +7 -49
  9. data/.kokoro/release.sh +18 -0
  10. data/.kokoro/trampoline_v2.sh +489 -0
  11. data/.rubocop.yml +0 -2
  12. data/.toys/.toys.rb +45 -0
  13. data/.toys/ci.rb +43 -0
  14. data/.toys/kokoro/.toys.rb +66 -0
  15. data/.toys/kokoro/publish-docs.rb +67 -0
  16. data/.toys/kokoro/publish-gem.rb +53 -0
  17. data/.toys/linkinator.rb +43 -0
  18. data/.trampolinerc +48 -0
  19. data/CHANGELOG.md +69 -27
  20. data/Gemfile +2 -7
  21. data/README.md +9 -7
  22. data/googleauth.gemspec +2 -1
  23. data/lib/googleauth/compute_engine.rb +6 -5
  24. data/lib/googleauth/credentials.rb +167 -48
  25. data/lib/googleauth/credentials_loader.rb +1 -1
  26. data/lib/googleauth/iam.rb +1 -1
  27. data/lib/googleauth/id_tokens/key_sources.rb +7 -5
  28. data/lib/googleauth/id_tokens/verifier.rb +7 -9
  29. data/lib/googleauth/scope_util.rb +1 -1
  30. data/lib/googleauth/service_account.rb +35 -23
  31. data/lib/googleauth/signet.rb +1 -1
  32. data/lib/googleauth/stores/file_token_store.rb +1 -0
  33. data/lib/googleauth/stores/redis_token_store.rb +1 -0
  34. data/lib/googleauth/version.rb +1 -1
  35. data/lib/googleauth/web_user_authorizer.rb +4 -7
  36. data/spec/googleauth/compute_engine_spec.rb +18 -0
  37. data/spec/googleauth/credentials_spec.rb +228 -106
  38. data/spec/googleauth/service_account_spec.rb +8 -0
  39. metadata +18 -22
  40. data/.kokoro/build.bat +0 -16
  41. data/.kokoro/build.sh +0 -4
  42. data/.kokoro/continuous/common.cfg +0 -24
  43. data/.kokoro/continuous/linux.cfg +0 -25
  44. data/.kokoro/continuous/osx.cfg +0 -8
  45. data/.kokoro/continuous/post.cfg +0 -30
  46. data/.kokoro/continuous/windows.cfg +0 -29
  47. data/.kokoro/osx.sh +0 -4
  48. data/.kokoro/presubmit/common.cfg +0 -24
  49. data/.kokoro/presubmit/linux.cfg +0 -24
  50. data/.kokoro/presubmit/osx.cfg +0 -8
  51. data/.kokoro/presubmit/windows.cfg +0 -29
  52. data/.kokoro/trampoline.bat +0 -10
  53. data/.kokoro/trampoline.sh +0 -4
  54. data/Rakefile +0 -132
  55. data/rakelib/devsite_builder.rb +0 -45
  56. data/rakelib/link_checker.rb +0 -64
  57. data/rakelib/repo_metadata.rb +0 -59
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8846e57d325ff993c15ca691e299b9c2c4b7472b1b0a9e905b36cdb99216e061
4
- data.tar.gz: 2fcee29e36a6fd57420b9cd0106cf3ab73bf447e94e2f6bdce61a973d256cd5e
3
+ metadata.gz: a1f96ad8fd7b2aae5671af839775b83db2c3f6b9c31e36622c2dc983d647e54d
4
+ data.tar.gz: 58db2385909da01755365839451a6a8bbb79fceaabd76de313dab9496a7ea0dd
5
5
  SHA512:
6
- metadata.gz: dd54bce055240fc1db34ccfe2850ab49f23b17f55f5336dfeccf380c2f93b8b9e29100a1c53f360564e8387805a9c4bf74d09eb2ca58b5bda666cdab3b061f45
7
- data.tar.gz: 27dae4439e8163194604e912918709d2cd623c61856f70f7c350b08dfac010fdff50ad703934b88631c2759dcf7e5aab5b315a884cb160790c153115ee88bdfe
6
+ metadata.gz: 39f9a7e75bbb27ff0cd9bb50ebc077751f83ee22fec724d4de9ed54c3bde97a92e5a9f577859784d2c298405fa9cf57491bddf73043ff5a0cb6a567379fc2cbb
7
+ data.tar.gz: 543d6c2e8175ea1262c4235e581124378ef932fe96b7c63e27b75654a2e7cdfc5e427c6f9668141de1b06d770dedfb97ca8b94b1df800d0bdf04c1860644dc2c
@@ -0,0 +1,6 @@
1
+ {
2
+ "extends": [
3
+ "config:base"
4
+ ],
5
+ "rangeStrategy": "widen"
6
+ }
@@ -0,0 +1,18 @@
1
+ rebaseMergeAllowed: true
2
+ squashMergeAllowed: true
3
+ mergeCommitAllowed: false
4
+ branchProtectionRules:
5
+ - pattern: master
6
+ isAdminEnforced: false
7
+ requiredStatusCheckContexts:
8
+ - 'cla/google'
9
+ requiredApprovingReviewCount: 1
10
+ requiresCodeOwnerReviews: true
11
+ requiresStrictStatusChecks: true
12
+ permissionRules:
13
+ - team: yoshi-admins
14
+ permission: admin
15
+ - team: yoshi-ruby-admins
16
+ permission: admin
17
+ - team: yoshi-ruby
18
+ permission: push
@@ -0,0 +1,55 @@
1
+ name: CI
2
+ on:
3
+ pull_request:
4
+ branches:
5
+ - master
6
+ push:
7
+ branches:
8
+ - master
9
+ workflow_dispatch:
10
+ jobs:
11
+ CI:
12
+ if: ${{ github.repository == 'googleapis/google-auth-library-ruby' }}
13
+ strategy:
14
+ matrix:
15
+ include:
16
+ - os: ubuntu-latest
17
+ ruby: "2.5"
18
+ task: test , spec
19
+ - os: ubuntu-latest
20
+ ruby: "2.6"
21
+ task: test , spec
22
+ - os: ubuntu-latest
23
+ ruby: "2.7"
24
+ task: test , spec
25
+ - os: ubuntu-latest
26
+ ruby: "3.0"
27
+ task: test , spec
28
+ - os: macos-latest
29
+ ruby: "2.7"
30
+ task: test , spec
31
+ - os: windows-latest
32
+ ruby: "2.7"
33
+ task: test , spec
34
+ - os: ubuntu-latest
35
+ ruby: "2.7"
36
+ task: rubocop , integration , build , yardoc , linkinator
37
+ fail-fast: false
38
+ runs-on: ${{ matrix.os }}
39
+ steps:
40
+ - name: Checkout repo
41
+ uses: actions/checkout@v2
42
+ - name: Install Ruby ${{ matrix.ruby }}
43
+ uses: ruby/setup-ruby@v1
44
+ with:
45
+ ruby-version: "${{ matrix.ruby }}"
46
+ - name: Install NodeJS 14.x
47
+ uses: actions/setup-node@v2
48
+ with:
49
+ node-version: "14.x"
50
+ - name: Install dependencies
51
+ shell: bash
52
+ run: "gem install --no-document toys && bundle install"
53
+ - name: Test ${{ matrix.task }}
54
+ shell: bash
55
+ run: toys do ${{ matrix.task }} < /dev/null
@@ -0,0 +1,39 @@
1
+ on:
2
+ schedule:
3
+ - cron: '29 9 * * *'
4
+ workflow_dispatch:
5
+
6
+ name: release-please
7
+ jobs:
8
+ release-please:
9
+ env:
10
+ ENABLE_RELEASE_PLEASE: ${{ secrets.ENABLE_RELEASE_PLEASE }}
11
+ runs-on: ubuntu-latest
12
+ steps:
13
+ - name: ReleasePlease
14
+ id: release-please
15
+ if: ${{ env.ENABLE_RELEASE_PLEASE || github.event_name == 'workflow_dispatch' }}
16
+ uses: GoogleCloudPlatform/release-please-action@v2
17
+ with:
18
+ command: release-pr
19
+ token: ${{ secrets.YOSHI_CODE_BOT_TOKEN }}
20
+ fork: true
21
+ release-type: ruby
22
+ package-name: google-auth-library-ruby
23
+ version-file: lib/googleauth/version.rb
24
+ monorepo-tags: true
25
+ bump-minor-pre-major: true
26
+ - name: ReleaseLabel
27
+ id: release-label
28
+ if: ${{ steps.release-please.outputs.pr }}
29
+ uses: actions/github-script@v4
30
+ with:
31
+ github-token: ${{secrets.YOSHI_APPROVER_TOKEN}}
32
+ script: |
33
+ core.info("Labeling release");
34
+ github.issues.addLabels({
35
+ owner: 'googleapis',
36
+ repo: 'google-auth-library-ruby',
37
+ issue_number: ${{ steps.release-please.outputs.pr }},
38
+ labels: ["autorelease: pending"]
39
+ });
data/.gitignore CHANGED
@@ -34,3 +34,6 @@ build/
34
34
 
35
35
  # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
36
36
  .rvmrc
37
+
38
+ /node_modules
39
+ /package-lock.json
@@ -0,0 +1,76 @@
1
+ #!/bin/bash
2
+ # Copyright 2020 Google LLC.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ # This file is called in the early stage of `trampoline_v2.sh` to
17
+ # populate secrets needed for the CI builds.
18
+
19
+ set -eo pipefail
20
+
21
+ function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n' ;}
22
+ function msg { println "$*" >&2 ;}
23
+ function println { printf '%s\n' "$(now) $*" ;}
24
+
25
+ # Populates requested secrets set in SECRET_MANAGER_KEYS
26
+
27
+ # In Kokoro CI builds, we use the service account attached to the
28
+ # Kokoro VM. This means we need to setup auth on other CI systems.
29
+ # For local run, we just use the gcloud command for retrieving the
30
+ # secrets.
31
+
32
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
33
+ GCLOUD_COMMANDS=(
34
+ "docker"
35
+ "run"
36
+ "--entrypoint=gcloud"
37
+ "--volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR}"
38
+ "gcr.io/google.com/cloudsdktool/cloud-sdk"
39
+ )
40
+ if [[ "${TRAMPOLINE_CI:-}" == "kokoro" ]]; then
41
+ SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
42
+ else
43
+ echo "Authentication for this CI system is not implemented yet."
44
+ exit 2
45
+ # TODO: Determine appropriate SECRET_LOCATION and the GCLOUD_COMMANDS.
46
+ fi
47
+ else
48
+ # For local run, use /dev/shm or temporary directory for
49
+ # KOKORO_GFILE_DIR.
50
+ if [[ -d "/dev/shm" ]]; then
51
+ export KOKORO_GFILE_DIR=/dev/shm
52
+ else
53
+ export KOKORO_GFILE_DIR=$(mktemp -d -t ci-XXXXXXXX)
54
+ fi
55
+ SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager"
56
+ GCLOUD_COMMANDS=("gcloud")
57
+ fi
58
+
59
+ msg "Creating folder on disk for secrets: ${SECRET_LOCATION}"
60
+ mkdir -p ${SECRET_LOCATION}
61
+
62
+ for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g")
63
+ do
64
+ msg "Retrieving secret ${key}"
65
+ "${GCLOUD_COMMANDS[@]}" \
66
+ secrets versions access latest \
67
+ --project cloud-devrel-kokoro-resources \
68
+ --secret $key > \
69
+ "$SECRET_LOCATION/$key"
70
+ if [[ $? == 0 ]]; then
71
+ msg "Secret written to ${SECRET_LOCATION}/${key}"
72
+ else
73
+ msg "Error retrieving secret ${key}"
74
+ exit 2
75
+ fi
76
+ done
data/.kokoro/release.cfg CHANGED
@@ -17,28 +17,6 @@ before_action {
17
17
  }
18
18
  }
19
19
 
20
- # Fetch magictoken to use with Magic Github Proxy
21
- before_action {
22
- fetch_keystore {
23
- keystore_resource {
24
- keystore_config_id: 73713
25
- keyname: "releasetool-magictoken"
26
- backend_type: FASTCONFIGPUSH
27
- }
28
- }
29
- }
30
-
31
- # Fetch api key to use with Magic Github Proxy
32
- before_action {
33
- fetch_keystore {
34
- keystore_resource {
35
- keystore_config_id: 73713
36
- keyname: "magic-github-proxy-api-key"
37
- backend_type: FASTCONFIGPUSH
38
- }
39
- }
40
- }
41
-
42
20
  before_action {
43
21
  fetch_keystore {
44
22
  keystore_resource {
@@ -55,40 +33,20 @@ gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-ruby"
55
33
  gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
56
34
 
57
35
  # Use the trampoline script to run in docker.
58
- build_file: "google-auth-library-ruby/.kokoro/trampoline.sh"
36
+ build_file: "google-auth-library-ruby/.kokoro/trampoline_v2.sh"
59
37
 
60
38
  # Configure the docker image for kokoro-trampoline.
61
39
  env_vars: {
62
- key: "TRAMPOLINE_IMAGE"
63
- value: "gcr.io/cloud-devrel-kokoro-resources/yoshi-ruby/release"
64
- }
65
-
66
- env_vars: {
67
- key: "TRAMPOLINE_BUILD_FILE"
68
- value: "github/google-auth-library-ruby/.kokoro/build.sh"
69
- }
70
-
71
- env_vars: {
72
- key: "TRAMPOLINE_SCRIPT"
73
- value: "trampoline_v1.py"
74
- }
75
-
76
- env_vars: {
77
- key: "JOB_TYPE"
78
- value: "release"
79
- }
80
-
81
- env_vars: {
82
- key: "OS"
83
- value: "linux"
40
+ key: "TRAMPOLINE_IMAGE"
41
+ value: "gcr.io/cloud-devrel-kokoro-resources/yoshi-ruby/release"
84
42
  }
85
43
 
86
44
  env_vars: {
87
- key: "REPO_DIR"
88
- value: "github/google-auth-library-ruby"
45
+ key: "TRAMPOLINE_BUILD_FILE"
46
+ value: ".kokoro/release.sh"
89
47
  }
90
48
 
91
49
  env_vars: {
92
- key: "PACKAGE"
93
- value: "googleauth"
50
+ key: "SECRET_MANAGER_KEYS"
51
+ value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
94
52
  }
@@ -0,0 +1,18 @@
1
+ #!/bin/bash
2
+
3
+ set -eo pipefail
4
+
5
+ # Install gems in the user directory because the default install directory
6
+ # is in a read-only location.
7
+ export GEM_HOME=$HOME/.gem
8
+ export PATH=$GEM_HOME/bin:$PATH
9
+
10
+ python3 -m pip install git+https://github.com/googleapis/releasetool
11
+ python3 -m pip install gcp-docuploader
12
+ gem install --no-document toys
13
+ bundle install
14
+
15
+ python3 -m releasetool publish-reporter-script > /tmp/publisher-script; source /tmp/publisher-script
16
+
17
+ toys kokoro publish-gem < /dev/null
18
+ toys kokoro publish-docs < /dev/null
@@ -0,0 +1,489 @@
1
+ #!/usr/bin/env bash
2
+ # Copyright 2020 Google LLC
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ # trampoline_v2.sh
17
+ #
18
+ # If you want to make a change to this file, consider doing so at:
19
+ # https://github.com/googlecloudplatform/docker-ci-helper
20
+ #
21
+ # This script is for running CI builds. For Kokoro builds, we
22
+ # set this script to `build_file` field in the Kokoro configuration.
23
+
24
+ # This script does 3 things.
25
+ #
26
+ # 1. Prepare the Docker image for the test
27
+ # 2. Run the Docker with appropriate flags to run the test
28
+ # 3. Upload the newly built Docker image
29
+ #
30
+ # in a way that is somewhat compatible with trampoline_v1.
31
+ #
32
+ # These environment variables are required:
33
+ # TRAMPOLINE_IMAGE: The docker image to use.
34
+ # TRAMPOLINE_DOCKERFILE: The location of the Dockerfile.
35
+ #
36
+ # You can optionally change these environment variables:
37
+ # TRAMPOLINE_IMAGE_UPLOAD:
38
+ # (true|false): Whether to upload the Docker image after the
39
+ # successful builds.
40
+ # TRAMPOLINE_BUILD_FILE: The script to run in the docker container.
41
+ # TRAMPOLINE_WORKSPACE: The workspace path in the docker container.
42
+ # Defaults to /workspace.
43
+ # Potentially there are some repo specific envvars in .trampolinerc in
44
+ # the project root.
45
+ #
46
+ # Here is an example for running this script.
47
+ # TRAMPOLINE_IMAGE=gcr.io/cloud-devrel-kokoro-resources/node:10-user \
48
+ # TRAMPOLINE_BUILD_FILE=.kokoro/system-test.sh \
49
+ # .kokoro/trampoline_v2.sh
50
+
51
+ set -euo pipefail
52
+
53
+ TRAMPOLINE_VERSION="2.0.10"
54
+
55
+ if command -v tput >/dev/null && [[ -n "${TERM:-}" ]]; then
56
+ readonly IO_COLOR_RED="$(tput setaf 1)"
57
+ readonly IO_COLOR_GREEN="$(tput setaf 2)"
58
+ readonly IO_COLOR_YELLOW="$(tput setaf 3)"
59
+ readonly IO_COLOR_RESET="$(tput sgr0)"
60
+ else
61
+ readonly IO_COLOR_RED=""
62
+ readonly IO_COLOR_GREEN=""
63
+ readonly IO_COLOR_YELLOW=""
64
+ readonly IO_COLOR_RESET=""
65
+ fi
66
+
67
+ function function_exists {
68
+ [ $(LC_ALL=C type -t $1)"" == "function" ]
69
+ }
70
+
71
+ # Logs a message using the given color. The first argument must be one
72
+ # of the IO_COLOR_* variables defined above, such as
73
+ # "${IO_COLOR_YELLOW}". The remaining arguments will be logged in the
74
+ # given color. The log message will also have an RFC-3339 timestamp
75
+ # prepended (in UTC). You can disable the color output by setting
76
+ # TERM=vt100.
77
+ function log_impl() {
78
+ local color="$1"
79
+ shift
80
+ local timestamp="$(date -u "+%Y-%m-%dT%H:%M:%SZ")"
81
+ echo "================================================================"
82
+ echo "${color}${timestamp}:" "$@" "${IO_COLOR_RESET}"
83
+ echo "================================================================"
84
+ }
85
+
86
+ # Logs the given message with normal coloring and a timestamp.
87
+ function log() {
88
+ log_impl "${IO_COLOR_RESET}" "$@"
89
+ }
90
+
91
+ # Logs the given message in green with a timestamp.
92
+ function log_green() {
93
+ log_impl "${IO_COLOR_GREEN}" "$@"
94
+ }
95
+
96
+ # Logs the given message in yellow with a timestamp.
97
+ function log_yellow() {
98
+ log_impl "${IO_COLOR_YELLOW}" "$@"
99
+ }
100
+
101
+ # Logs the given message in red with a timestamp.
102
+ function log_red() {
103
+ log_impl "${IO_COLOR_RED}" "$@"
104
+ }
105
+
106
+ readonly tmpdir=$(mktemp -d -t ci-XXXXXXXX)
107
+ readonly tmphome="${tmpdir}/h"
108
+ mkdir -p "${tmphome}"
109
+
110
+ function cleanup() {
111
+ rm -rf "${tmpdir}"
112
+ }
113
+ trap cleanup EXIT
114
+
115
+ RUNNING_IN_CI="${RUNNING_IN_CI:-false}"
116
+
117
+ # The workspace in the container, defaults to /workspace.
118
+ TRAMPOLINE_WORKSPACE="${TRAMPOLINE_WORKSPACE:-/workspace}"
119
+
120
+ pass_down_envvars=(
121
+ # TRAMPOLINE_V2 variables.
122
+ # Tells scripts whether they are running as part of CI or not.
123
+ "RUNNING_IN_CI"
124
+ # Indicates which CI system we're in.
125
+ "TRAMPOLINE_CI"
126
+ # Indicates the version of the script.
127
+ "TRAMPOLINE_VERSION"
128
+ )
129
+
130
+ log_yellow "Building with Trampoline ${TRAMPOLINE_VERSION}"
131
+
132
+ # Detect which CI systems we're in. If we're in any of the CI systems
133
+ # we support, `RUNNING_IN_CI` will be true and `TRAMPOLINE_CI` will be
134
+ # the name of the CI system. Both envvars will be passing down to the
135
+ # container for telling which CI system we're in.
136
+ if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then
137
+ # descriptive env var for indicating it's on CI.
138
+ RUNNING_IN_CI="true"
139
+ TRAMPOLINE_CI="kokoro"
140
+ if [[ "${TRAMPOLINE_USE_LEGACY_SERVICE_ACCOUNT:-}" == "true" ]]; then
141
+ if [[ ! -f "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" ]]; then
142
+ log_red "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json does not exist. Did you forget to mount cloud-devrel-kokoro-resources/trampoline? Aborting."
143
+ exit 1
144
+ fi
145
+ # This service account will be activated later.
146
+ TRAMPOLINE_SERVICE_ACCOUNT="${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json"
147
+ else
148
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
149
+ gcloud auth list
150
+ fi
151
+ log_yellow "Configuring Container Registry access"
152
+ gcloud auth configure-docker --quiet
153
+ fi
154
+ pass_down_envvars+=(
155
+ # KOKORO dynamic variables.
156
+ "KOKORO_BUILD_NUMBER"
157
+ "KOKORO_BUILD_ID"
158
+ "KOKORO_JOB_NAME"
159
+ "KOKORO_GIT_COMMIT"
160
+ "KOKORO_GITHUB_COMMIT"
161
+ "KOKORO_GITHUB_PULL_REQUEST_NUMBER"
162
+ "KOKORO_GITHUB_PULL_REQUEST_COMMIT"
163
+ # For Flaky Bot
164
+ "KOKORO_GITHUB_COMMIT_URL"
165
+ "KOKORO_GITHUB_PULL_REQUEST_URL"
166
+ "KOKORO_BUILD_ARTIFACTS_SUBDIR"
167
+ )
168
+ elif [[ "${TRAVIS:-}" == "true" ]]; then
169
+ RUNNING_IN_CI="true"
170
+ TRAMPOLINE_CI="travis"
171
+ pass_down_envvars+=(
172
+ "TRAVIS_BRANCH"
173
+ "TRAVIS_BUILD_ID"
174
+ "TRAVIS_BUILD_NUMBER"
175
+ "TRAVIS_BUILD_WEB_URL"
176
+ "TRAVIS_COMMIT"
177
+ "TRAVIS_COMMIT_MESSAGE"
178
+ "TRAVIS_COMMIT_RANGE"
179
+ "TRAVIS_JOB_NAME"
180
+ "TRAVIS_JOB_NUMBER"
181
+ "TRAVIS_JOB_WEB_URL"
182
+ "TRAVIS_PULL_REQUEST"
183
+ "TRAVIS_PULL_REQUEST_BRANCH"
184
+ "TRAVIS_PULL_REQUEST_SHA"
185
+ "TRAVIS_PULL_REQUEST_SLUG"
186
+ "TRAVIS_REPO_SLUG"
187
+ "TRAVIS_SECURE_ENV_VARS"
188
+ "TRAVIS_TAG"
189
+ )
190
+ elif [[ -n "${GITHUB_RUN_ID:-}" ]]; then
191
+ RUNNING_IN_CI="true"
192
+ TRAMPOLINE_CI="github-workflow"
193
+ pass_down_envvars+=(
194
+ "GITHUB_WORKFLOW"
195
+ "GITHUB_RUN_ID"
196
+ "GITHUB_RUN_NUMBER"
197
+ "GITHUB_ACTION"
198
+ "GITHUB_ACTIONS"
199
+ "GITHUB_ACTOR"
200
+ "GITHUB_REPOSITORY"
201
+ "GITHUB_EVENT_NAME"
202
+ "GITHUB_EVENT_PATH"
203
+ "GITHUB_SHA"
204
+ "GITHUB_REF"
205
+ "GITHUB_HEAD_REF"
206
+ "GITHUB_BASE_REF"
207
+ )
208
+ elif [[ "${CIRCLECI:-}" == "true" ]]; then
209
+ RUNNING_IN_CI="true"
210
+ TRAMPOLINE_CI="circleci"
211
+ pass_down_envvars+=(
212
+ "CIRCLE_BRANCH"
213
+ "CIRCLE_BUILD_NUM"
214
+ "CIRCLE_BUILD_URL"
215
+ "CIRCLE_COMPARE_URL"
216
+ "CIRCLE_JOB"
217
+ "CIRCLE_NODE_INDEX"
218
+ "CIRCLE_NODE_TOTAL"
219
+ "CIRCLE_PREVIOUS_BUILD_NUM"
220
+ "CIRCLE_PROJECT_REPONAME"
221
+ "CIRCLE_PROJECT_USERNAME"
222
+ "CIRCLE_REPOSITORY_URL"
223
+ "CIRCLE_SHA1"
224
+ "CIRCLE_STAGE"
225
+ "CIRCLE_USERNAME"
226
+ "CIRCLE_WORKFLOW_ID"
227
+ "CIRCLE_WORKFLOW_JOB_ID"
228
+ "CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS"
229
+ "CIRCLE_WORKFLOW_WORKSPACE_ID"
230
+ )
231
+ fi
232
+
233
+ # Configure the service account for pulling the docker image.
234
+ function repo_root() {
235
+ local dir="$1"
236
+ while [[ ! -d "${dir}/.git" ]]; do
237
+ dir="$(dirname "$dir")"
238
+ done
239
+ echo "${dir}"
240
+ }
241
+
242
+ # Detect the project root. In CI builds, we assume the script is in
243
+ # the git tree and traverse from there, otherwise, traverse from `pwd`
244
+ # to find `.git` directory.
245
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
246
+ PROGRAM_PATH="$(realpath "$0")"
247
+ PROGRAM_DIR="$(dirname "${PROGRAM_PATH}")"
248
+ PROJECT_ROOT="$(repo_root "${PROGRAM_DIR}")"
249
+ else
250
+ PROJECT_ROOT="$(repo_root $(pwd))"
251
+ fi
252
+
253
+ log_yellow "Changing to the project root: ${PROJECT_ROOT}."
254
+ cd "${PROJECT_ROOT}"
255
+
256
+ # To support relative path for `TRAMPOLINE_SERVICE_ACCOUNT`, we need
257
+ # to use this environment variable in `PROJECT_ROOT`.
258
+ if [[ -n "${TRAMPOLINE_SERVICE_ACCOUNT:-}" ]]; then
259
+
260
+ mkdir -p "${tmpdir}/gcloud"
261
+ gcloud_config_dir="${tmpdir}/gcloud"
262
+
263
+ log_yellow "Using isolated gcloud config: ${gcloud_config_dir}."
264
+ export CLOUDSDK_CONFIG="${gcloud_config_dir}"
265
+
266
+ log_yellow "Using ${TRAMPOLINE_SERVICE_ACCOUNT} for authentication."
267
+ gcloud auth activate-service-account \
268
+ --key-file "${TRAMPOLINE_SERVICE_ACCOUNT}"
269
+ log_yellow "Configuring Container Registry access"
270
+ gcloud auth configure-docker --quiet
271
+ fi
272
+
273
+ required_envvars=(
274
+ # The basic trampoline configurations.
275
+ "TRAMPOLINE_IMAGE"
276
+ "TRAMPOLINE_BUILD_FILE"
277
+ )
278
+
279
+ if [[ -f "${PROJECT_ROOT}/.trampolinerc" ]]; then
280
+ source "${PROJECT_ROOT}/.trampolinerc"
281
+ fi
282
+
283
+ log_yellow "Checking environment variables."
284
+ for e in "${required_envvars[@]}"
285
+ do
286
+ if [[ -z "${!e:-}" ]]; then
287
+ log "Missing ${e} env var. Aborting."
288
+ exit 1
289
+ fi
290
+ done
291
+
292
+ # We want to support legacy style TRAMPOLINE_BUILD_FILE used with V1
293
+ # script: e.g. "github/repo-name/.kokoro/run_tests.sh"
294
+ TRAMPOLINE_BUILD_FILE="${TRAMPOLINE_BUILD_FILE#github/*/}"
295
+ log_yellow "Using TRAMPOLINE_BUILD_FILE: ${TRAMPOLINE_BUILD_FILE}"
296
+
297
+ # ignore error on docker operations and test execution
298
+ set +e
299
+
300
+ log_yellow "Preparing Docker image."
301
+ # We only download the docker image in CI builds.
302
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
303
+ # Download the docker image specified by `TRAMPOLINE_IMAGE`
304
+
305
+ # We may want to add --max-concurrent-downloads flag.
306
+
307
+ log_yellow "Start pulling the Docker image: ${TRAMPOLINE_IMAGE}."
308
+ if docker pull "${TRAMPOLINE_IMAGE}"; then
309
+ log_green "Finished pulling the Docker image: ${TRAMPOLINE_IMAGE}."
310
+ has_image="true"
311
+ else
312
+ log_red "Failed pulling the Docker image: ${TRAMPOLINE_IMAGE}."
313
+ has_image="false"
314
+ fi
315
+ else
316
+ # For local run, check if we have the image.
317
+ if docker images "${TRAMPOLINE_IMAGE}" | grep "${TRAMPOLINE_IMAGE%:*}"; then
318
+ has_image="true"
319
+ else
320
+ has_image="false"
321
+ fi
322
+ fi
323
+
324
+
325
+ # The default user for a Docker container has uid 0 (root). To avoid
326
+ # creating root-owned files in the build directory we tell docker to
327
+ # use the current user ID.
328
+ user_uid="$(id -u)"
329
+ user_gid="$(id -g)"
330
+ user_name="$(id -un)"
331
+
332
+ # To allow docker in docker, we add the user to the docker group in
333
+ # the host os.
334
+ docker_gid=$(cut -d: -f3 < <(getent group docker))
335
+
336
+ update_cache="false"
337
+ if [[ "${TRAMPOLINE_DOCKERFILE:-none}" != "none" ]]; then
338
+ # Build the Docker image from the source.
339
+ context_dir=$(dirname "${TRAMPOLINE_DOCKERFILE}")
340
+ docker_build_flags=(
341
+ "-f" "${TRAMPOLINE_DOCKERFILE}"
342
+ "-t" "${TRAMPOLINE_IMAGE}"
343
+ "--build-arg" "UID=${user_uid}"
344
+ "--build-arg" "USERNAME=${user_name}"
345
+ )
346
+ if [[ "${has_image}" == "true" ]]; then
347
+ docker_build_flags+=("--cache-from" "${TRAMPOLINE_IMAGE}")
348
+ fi
349
+
350
+ log_yellow "Start building the docker image."
351
+ if [[ "${TRAMPOLINE_VERBOSE:-false}" == "true" ]]; then
352
+ echo "docker build" "${docker_build_flags[@]}" "${context_dir}"
353
+ fi
354
+
355
+ # ON CI systems, we want to suppress docker build logs, only
356
+ # output the logs when it fails.
357
+ if [[ "${RUNNING_IN_CI:-}" == "true" ]]; then
358
+ if docker build "${docker_build_flags[@]}" "${context_dir}" \
359
+ > "${tmpdir}/docker_build.log" 2>&1; then
360
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
361
+ cat "${tmpdir}/docker_build.log"
362
+ fi
363
+
364
+ log_green "Finished building the docker image."
365
+ update_cache="true"
366
+ else
367
+ log_red "Failed to build the Docker image, aborting."
368
+ log_yellow "Dumping the build logs:"
369
+ cat "${tmpdir}/docker_build.log"
370
+ exit 1
371
+ fi
372
+ else
373
+ if docker build "${docker_build_flags[@]}" "${context_dir}"; then
374
+ log_green "Finished building the docker image."
375
+ update_cache="true"
376
+ else
377
+ log_red "Failed to build the Docker image, aborting."
378
+ exit 1
379
+ fi
380
+ fi
381
+ else
382
+ if [[ "${has_image}" != "true" ]]; then
383
+ log_red "We do not have ${TRAMPOLINE_IMAGE} locally, aborting."
384
+ exit 1
385
+ fi
386
+ fi
387
+
388
+ # We use an array for the flags so they are easier to document.
389
+ docker_flags=(
390
+ # Remove the container after it exists.
391
+ "--rm"
392
+
393
+ # Use the host network.
394
+ "--network=host"
395
+
396
+ # Run in priviledged mode. We are not using docker for sandboxing or
397
+ # isolation, just for packaging our dev tools.
398
+ "--privileged"
399
+
400
+ # Run the docker script with the user id. Because the docker image gets to
401
+ # write in ${PWD} you typically want this to be your user id.
402
+ # To allow docker in docker, we need to use docker gid on the host.
403
+ "--user" "${user_uid}:${docker_gid}"
404
+
405
+ # Pass down the USER.
406
+ "--env" "USER=${user_name}"
407
+
408
+ # Mount the project directory inside the Docker container.
409
+ "--volume" "${PROJECT_ROOT}:${TRAMPOLINE_WORKSPACE}"
410
+ "--workdir" "${TRAMPOLINE_WORKSPACE}"
411
+ "--env" "PROJECT_ROOT=${TRAMPOLINE_WORKSPACE}"
412
+
413
+ # Mount the temporary home directory.
414
+ "--volume" "${tmphome}:/h"
415
+ "--env" "HOME=/h"
416
+
417
+ # Allow docker in docker.
418
+ "--volume" "/var/run/docker.sock:/var/run/docker.sock"
419
+
420
+ # Mount the /tmp so that docker in docker can mount the files
421
+ # there correctly.
422
+ "--volume" "/tmp:/tmp"
423
+ # Pass down the KOKORO_GFILE_DIR and KOKORO_KEYSTORE_DIR
424
+ # TODO(tmatsuo): This part is not portable.
425
+ "--env" "TRAMPOLINE_SECRET_DIR=/secrets"
426
+ "--volume" "${KOKORO_GFILE_DIR:-/dev/shm}:/secrets/gfile"
427
+ "--env" "KOKORO_GFILE_DIR=/secrets/gfile"
428
+ "--volume" "${KOKORO_KEYSTORE_DIR:-/dev/shm}:/secrets/keystore"
429
+ "--env" "KOKORO_KEYSTORE_DIR=/secrets/keystore"
430
+ )
431
+
432
+ # Add an option for nicer output if the build gets a tty.
433
+ if [[ -t 0 ]]; then
434
+ docker_flags+=("-it")
435
+ fi
436
+
437
+ # Passing down env vars
438
+ for e in "${pass_down_envvars[@]}"
439
+ do
440
+ if [[ -n "${!e:-}" ]]; then
441
+ docker_flags+=("--env" "${e}=${!e}")
442
+ fi
443
+ done
444
+
445
+ # If arguments are given, all arguments will become the commands run
446
+ # in the container, otherwise run TRAMPOLINE_BUILD_FILE.
447
+ if [[ $# -ge 1 ]]; then
448
+ log_yellow "Running the given commands '" "${@:1}" "' in the container."
449
+ readonly commands=("${@:1}")
450
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
451
+ echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
452
+ fi
453
+ docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}" "${commands[@]}"
454
+ else
455
+ log_yellow "Running the tests in a Docker container."
456
+ docker_flags+=("--entrypoint=${TRAMPOLINE_BUILD_FILE}")
457
+ if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then
458
+ echo docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
459
+ fi
460
+ docker run "${docker_flags[@]}" "${TRAMPOLINE_IMAGE}"
461
+ fi
462
+
463
+
464
+ test_retval=$?
465
+
466
+ if [[ ${test_retval} -eq 0 ]]; then
467
+ log_green "Build finished with ${test_retval}"
468
+ else
469
+ log_red "Build finished with ${test_retval}"
470
+ fi
471
+
472
+ # Only upload it when the test passes.
473
+ if [[ "${update_cache}" == "true" ]] && \
474
+ [[ $test_retval == 0 ]] && \
475
+ [[ "${TRAMPOLINE_IMAGE_UPLOAD:-false}" == "true" ]]; then
476
+ log_yellow "Uploading the Docker image."
477
+ if docker push "${TRAMPOLINE_IMAGE}"; then
478
+ log_green "Finished uploading the Docker image."
479
+ else
480
+ log_red "Failed uploading the Docker image."
481
+ fi
482
+ # Call trampoline_after_upload_hook if it's defined.
483
+ if function_exists trampoline_after_upload_hook; then
484
+ trampoline_after_upload_hook
485
+ fi
486
+
487
+ fi
488
+
489
+ exit "${test_retval}"