Restore Build pipeline in CI (#521)

The build pipeline was not carried across from drone to GCB. This patch: - Restores build assets pipeline - Adds submodule checkout for webapps.e in both test and build jobs
2024-10-20 01:03:40 +00:00 · 2021-12-22 11:35:36 +11:00 · 2021-12-22 11:35:36 +11:00 · 1f139accb8
parent 06d0515d49
commit 1f139accb8
5 changed files with 228 additions and 0 deletions
--- a/web/.cloudbuild/ci/build.yaml
+++ b/web/.cloudbuild/ci/build.yaml
@ -0,0 +1,26 @@
+options:
+  machineType: 'E2_HIGHCPU_32'
+
+availableSecrets:
+  secretManager:
+  - versionName: projects/771512790633/secrets/webapps-e-deployment-key/versions/1
+    env: WEBAPPS_E_DEPLOYMENT_KEY
+
+steps:
+  - name: golang:1.17
+    id: checkout
+    secretEnv:
+      - WEBAPPS_E_DEPLOYMENT_KEY
+    entrypoint: /bin/bash
+    dir: .cloudbuild/scripts
+    args:
+      - "-c"
+      - "go run ./cmd/checkout -w=/workspace"
+
+  - name: gcr.io/cloud-builders/docker
+    id: build
+    args:
+      - build
+      - '--build-arg'
+      - NPM_SCRIPT=build
+      - .
--- a/web/.cloudbuild/ci/test.yaml
+++ b/web/.cloudbuild/ci/test.yaml
@ -1,5 +1,21 @@
+availableSecrets:
+  secretManager:
+  - versionName: projects/771512790633/secrets/webapps-e-deployment-key/versions/1
+    env: WEBAPPS_E_DEPLOYMENT_KEY
+
 steps:
+  - name: golang:1.17
+    id: checkout
+    secretEnv:
+      - WEBAPPS_E_DEPLOYMENT_KEY
+    entrypoint: /bin/bash
+    dir: .cloudbuild/scripts
+    args:
+      - "-c"
+      - "go run ./cmd/checkout -w=/workspace"
+
  - name: gcr.io/cloud-builders/docker
+    id: test
    args:
      - build
      - '--build-arg'
--- a/web/.cloudbuild/scripts/cmd/checkout/checkout.go
+++ b/web/.cloudbuild/scripts/cmd/checkout/checkout.go
@ -0,0 +1,154 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"os/exec"
+	"path"
+	"path/filepath"
+
+	"github.com/gravitational/trace"
+)
+
+func main() {
+	err := innerMain()
+	if err != nil {
+		log.Fatalf("ERROR: %v", err)
+	}
+}
+
+type cliArgs struct {
+	workspace string
+}
+
+func innerMain() error {
+	args, err := parseCLI()
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	// We need to inject deployment keys into the user's SSH config. Note that we
+	// assume we're running as root.
+	err = initSSH()
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	defer cleanupSSH()
+
+	log.Print("Updating submodules...")
+	err = git(args.workspace, "submodule", "update", "--init", "--recursive")
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	return nil
+}
+
+func parseCLI() (cliArgs, error) {
+	args := cliArgs{}
+
+	flag.StringVar(&args.workspace, "w", "", "Path to the workspace to act on")
+
+	flag.Parse()
+
+	if args.workspace == "" {
+		return cliArgs{}, trace.Errorf("workspace path must be set")
+	}
+
+	var err error
+	args.workspace, err = filepath.Abs(args.workspace)
+	if err != nil {
+		return cliArgs{}, trace.Wrap(err, "Unable to resole absolute path to workspace")
+	}
+
+	return args, nil
+}
+
+func initSSH() error {
+	sshConfigDir := path.Join("/", "root", ".ssh")
+	err := os.MkdirAll(sshConfigDir, 0700)
+	if err != nil {
+		return trace.Wrap(err, "failed creating ssh config dir")
+	}
+
+	log.Printf("Configuring known hosts in %s", sshConfigDir)
+	knownHostsFile := path.Join(sshConfigDir, "known_hosts")
+	script := fmt.Sprintf("ssh-keyscan -H github.com > %q 2>/dev/null", knownHostsFile)
+	err = run("/bin/bash", "-c", script)
+	if err != nil {
+		return trace.Wrap(err, "failed adding github.com to known hosts")
+	}
+	err = os.Chmod(knownHostsFile, 0600)
+	if err != nil {
+		return trace.Wrap(err, "failed setting known_hosts permissions")
+	}
+
+	log.Print("Configuring deployment SSH keys")
+
+	key := os.Getenv("WEBAPPS_E_DEPLOYMENT_KEY")
+	if key == "" {
+		return trace.Errorf("webapps.e deployment key not in environment")
+	}
+
+	webappsKeyFile := path.Join(sshConfigDir, "webapps.e")
+	log.Printf("Writing webassets deployment key to %s", webappsKeyFile)
+	err = writeFile(
+		webappsKeyFile,
+		[]byte(key),
+		0600)
+	if err != nil {
+		return trace.Wrap(err, "failed writing deployment SSH key")
+	}
+
+	sshConfigPath := path.Join(sshConfigDir, "config")
+	configFile, err := os.OpenFile(sshConfigPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
+	if err != nil {
+		return trace.Wrap(err, "failed opening ssh config file %q", sshConfigPath)
+	}
+	defer configFile.Close()
+
+	for _, keyFile := range []string{webappsKeyFile} {
+		_, err := fmt.Fprintf(configFile, "IdentityFile %s\n", keyFile)
+		if err != nil {
+			return trace.Wrap(err, "failed adding deployment SSH key %q", keyFile)
+		}
+	}
+
+	return nil
+}
+
+func cleanupSSH() {
+	os.RemoveAll("/root/.ssh")
+}
+
+func git(repoDir string, args ...string) error {
+	return runInDir(repoDir, "/usr/bin/git", args...)
+}
+
+func run(cmd string, args ...string) error {
+	return runInDir("", cmd, args...)
+}
+
+func runInDir(dir string, cmd string, args ...string) error {
+	p := exec.Command(cmd, args...)
+	p.Dir = dir
+	p.Stdout = os.Stdout
+	p.Stderr = os.Stderr
+	return p.Run()
+}
+
+// writeFile is a backport of os.WriteFile() so that we can run this script in
+// versions of Go older than 1.16
+func writeFile(name string, data []byte, perm os.FileMode) error {
+	f, err := os.OpenFile(name, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, perm)
+	if err != nil {
+		return err
+	}
+	_, err = f.Write(data)
+	if err1 := f.Close(); err1 != nil && err == nil {
+		err = err1
+	}
+	return err
+}
--- a/web/.cloudbuild/scripts/go.mod
+++ b/web/.cloudbuild/scripts/go.mod
@ -0,0 +1,13 @@
+module github.com/gravitational/webapps/.cloudbuild/scripts
+
+go 1.17
+
+require (
+	github.com/gravitational/trace v1.1.15 // indirect
+	github.com/jonboulle/clockwork v0.2.2 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
+	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 // indirect
+	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
+	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
+	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
+)
--- a/web/.cloudbuild/scripts/go.sum
+++ b/web/.cloudbuild/scripts/go.sum
@ -0,0 +1,19 @@
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gravitational/trace v1.1.15 h1:dfaFcARt110nCX6RSvrcRUbvRawEYAasXyCqnhXo0Xg=
+github.com/gravitational/trace v1.1.15/go.mod h1:RvdOUHE4SHqR3oXlFFKnGzms8a5dugHygGw1bqDstYI=
+github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
+github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=