forked from project-oak/oak
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild.yaml
108 lines (99 loc) · 3.41 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Reference: https://cloud.google.com/cloud-build/docs/build-config
steps:
# Pull pre-existing latest Docker image.
- name: 'gcr.io/cloud-builders/docker'
id: pull_image
waitFor: ['-']
timeout: 10m
args: ['pull', 'gcr.io/oak-ci/oak:latest']
# Build Docker image based on current Dockerfile, if necessary.
- name: 'gcr.io/cloud-builders/docker'
id: build_image
entrypoint: 'bash'
waitFor: ['pull_image']
timeout: 20m
args: ['./scripts/docker_build']
# Run next build steps inside the newly created Docker image.
# See: https://cloud.google.com/cloud-build/docs/create-custom-build-steps
# Init .git repository used by check_generated
# Workaround for https://github.com/GoogleCloudPlatform/cloud-builders/issues/236
- name: 'gcr.io/oak-ci/oak:latest'
id: git_init
entrypoint: 'bash'
waitFor: ['build_image']
timeout: 5m
args: ['./scripts/git_init']
- name: 'gcr.io/oak-ci/oak:latest'
id: cargo_crev
entrypoint: 'bash'
waitFor: ['git_init']
timeout: 5m
args: ['./scripts/run_cargo_crev']
- name: 'gcr.io/oak-ci/oak:latest'
id: xtask_ci
waitFor: ['git_init']
timeout: 90m
entrypoint: 'bash'
args: ['./scripts/xtask', 'run-ci']
- name: 'gcr.io/oak-ci/oak:latest'
id: generate_root_ca_certs
waitFor: ['git_init']
timeout: 5m
entrypoint: 'bash'
args: ['./scripts/generate_root_ca_certs']
# Ensure that the previous steps did not modify our source-code and that
# relevant build artifacts are ignored by git.
- name: 'gcr.io/oak-ci/oak:latest'
id: git_check_diff
waitFor: ['git_init', 'xtask_ci', 'generate_root_ca_certs']
timeout: 5m
entrypoint: 'bash'
args: ['./scripts/git_check_diff']
# Pull Android Docker image.
- name: 'gcr.io/cloud-builders/docker'
id: pull_android_image
waitFor: ['-']
timeout: 10m
args: ['pull', 'gcr.io/oak-ci/oak-android:latest']
# Build Docker image based for Android SDK.
- name: 'gcr.io/cloud-builders/docker'
id: build_android_image
waitFor: ['pull_android_image']
timeout: 60m
args:
[
'build',
'--pull',
'--cache-from=gcr.io/oak-ci/oak-android:latest',
'--tag=gcr.io/oak-ci/oak-android:latest',
'--file=android.Dockerfile',
'.',
]
# Build Android Hello-World application.
- name: 'gcr.io/oak-ci/oak-android:latest'
id: build_examples_android
waitFor: ['build_android_image']
timeout: 60m
entrypoint: 'bash'
args: ['./scripts/build_examples_android']
# Copy compiled enclave binary to Google Cloud Storage.
# See:
# - https://pantheon.corp.google.com/storage/browser/artifacts.oak-ci.appspot.com/test/?project=oak-ci
# - https://cloud.google.com/cloud-build/docs/configuring-builds/store-images-artifacts#storing_artifacts_in
# TODO: Finalize artifact location.
# TODO(#709): get example Docker image working with dev server
#artifacts:
# objects:
# location: gs://artifacts.oak-ci.appspot.com/test
# paths:
# - ./liboak_enclave_unsigned.so
timeout: 2h
options:
env:
# This variable is only defined in the `merge` GCB trigger,
# and contains GCB credentials for updating the Bazel cache.
- 'BAZEL_GOOGLE_CREDENTIALS=$_BAZEL_GOOGLE_CREDENTIALS'
# See: https://cloud.google.com/cloud-build/docs/api/reference/rest/Shared.Types/MachineType
machineType: 'N1_HIGHCPU_32'
requestedVerifyOption: 'VERIFIED'
sourceProvenanceHash: ['SHA256']