-
Notifications
You must be signed in to change notification settings - Fork 11
/
cloudbuild.staging.yaml
62 lines (54 loc) · 1.87 KB
/
cloudbuild.staging.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
timeout: 2400s
steps:
# Prepare to import secrets
- name: gcr.io/cloud-builders/gcloud
entrypoint: bash
args:
- -c
- mkdir -p tmp/
## Import passwords
# Database URL
- name: gcr.io/cloud-builders/gcloud
entrypoint: bash
args:
- -c
- gcloud secrets versions access latest --secret=DATABASE_URL > tmp/database_url.txt
# SMTP
- name: gcr.io/cloud-builders/gcloud
entrypoint: bash
args:
- -c
- gcloud secrets versions access latest --secret=MAILER_PASSWORD > tmp/mailer_password.txt
## Import encryption keys
# Base
- name: gcr.io/cloud-builders/gcloud
entrypoint: bash
args:
- -c
- gcloud secrets versions access latest --secret=RAILS_BASE_KEY > tmp/base_key.txt
# Master
- name: gcr.io/cloud-builders/gcloud
entrypoint: bash
args:
- -c
- gcloud secrets versions access latest --secret=RAILS_MASTER_KEY > tmp/master_key.txt
# Staging (optional)
- name: gcr.io/cloud-builders/gcloud
entrypoint: bash
args:
- -c
- gcloud secrets versions access latest --secret=RAILS_STAGING_KEY > tmp/staging_key.txt
## Build
# Run the Docker build command, importing the secrets we just dumped and using Kaniko to cache
# intermediate build images
- name: gcr.io/kaniko-project/executor:debug
entrypoint: sh
args:
- -c
- executor --destination=gcr.io/$PROJECT_ID/coyote --cache=true --cache-ttl=672h --build-arg database_url=`cat tmp/database_url.txt` --build-arg base_key=`cat tmp/base_key.txt` --build-arg master_key=`cat tmp/master_key.txt` --build-arg staging_key=`cat tmp/staging_key.txt`
# Deploy the new image to Cloud run
- name: gcr.io/cloud-builders/gcloud
entrypoint: bash
args:
- -c
- gcloud run deploy coyote --image=gcr.io/$PROJECT_ID/coyote:latest --platform=managed --region=us-east1 --allow-unauthenticated --add-cloudsql-instances=$PROJECT_ID:us-east1:coyote-$BRANCH_NAME-us-east1 --update-env-vars MAILER_PASSWORD=`cat tmp/mailer_password.txt`