forked from project-oak/oak
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudbuild.yaml
73 lines (66 loc) · 2.45 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# Reference: https://cloud.google.com/cloud-build/docs/build-config
steps:
# Pull pre-existing latest Docker image.
- name: 'gcr.io/cloud-builders/docker'
id: pull_image
waitFor: ['-']
timeout: 10m
args: ['pull', 'gcr.io/oak-ci/oak:latest']
# Build Docker image based on current Dockerfile, if necessary.
- name: 'gcr.io/cloud-builders/docker'
id: build_image
entrypoint: 'bash'
waitFor: ['pull_image']
timeout: 20m
args: ['./scripts/docker_build']
# Run next build steps inside the newly created Docker image.
# See: https://cloud.google.com/cloud-build/docs/create-custom-build-steps
# Init .git repository used by check_generated
# Workaround for https://github.com/GoogleCloudPlatform/cloud-builders/issues/236
- name: 'gcr.io/oak-ci/oak:latest'
id: git_init
entrypoint: 'bash'
waitFor: ['build_image']
timeout: 5m
args: ['./scripts/git_init']
- name: 'gcr.io/oak-ci/oak:latest'
id: xtask_ci
waitFor: ['git_init']
timeout: 90m
entrypoint: 'bash'
args: ['./scripts/xtask', 'run-ci']
- name: 'gcr.io/oak-ci/oak:latest'
id: generate_root_ca_certs
waitFor: ['git_init']
timeout: 5m
entrypoint: 'bash'
args: ['./scripts/generate_root_ca_certs']
# Ensure that the previous steps did not modify our source-code and that
# relevant build artifacts are ignored by git.
- name: 'gcr.io/oak-ci/oak:latest'
id: git_check_diff
waitFor: ['git_init', 'xtask_ci', 'generate_root_ca_certs']
timeout: 5m
entrypoint: 'bash'
args: ['./scripts/git_check_diff']
# Copy compiled enclave binary to Google Cloud Storage.
# See:
# - https://pantheon.corp.google.com/storage/browser/artifacts.oak-ci.appspot.com/test/?project=oak-ci
# - https://cloud.google.com/cloud-build/docs/configuring-builds/store-images-artifacts#storing_artifacts_in
# TODO: Finalize artifact location.
# TODO(#709): get example Docker image working with dev server
#artifacts:
# objects:
# location: gs://artifacts.oak-ci.appspot.com/test
# paths:
# - ./liboak_enclave_unsigned.so
timeout: 2h
options:
env:
# This variable is only defined in the `merge` GCB trigger,
# and contains GCB credentials for updating the Bazel cache.
- 'BAZEL_GOOGLE_CREDENTIALS=$_BAZEL_GOOGLE_CREDENTIALS'
# See: https://cloud.google.com/cloud-build/docs/api/reference/rest/Shared.Types/MachineType
machineType: 'N1_HIGHCPU_32'
requestedVerifyOption: 'VERIFIED'
sourceProvenanceHash: ['SHA256']