Update rollout CloudBuild yaml files to push wrappers into two GCP projects (#116)

Author: MahmoudNada0

rollout/cli_tools_cloudbuild_build.yaml

@@ -1,5 +1,7 @@
 # Build all the docker images and put them into container registry (gcr.io)
 # Later, these images will be copied to artifacts registry on demand.
+# NOTE: Wrappers will be pushed into 2 GCP projects. This is because we still
+# need to push to the old one for backward compatibility.
 
 timeout: 1800s
 
@@ -47,9 +49,12 @@ steps:
   env: ['CGO_ENABLED=0']
 - name: 'gcr.io/kaniko-project/executor:v1.1.0'
   args:
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_vm_image_import:$_RELEASE
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_vm_image_import:$COMMIT_SHA
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_vm_image_import:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_vm_image_import:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_vm_image_import:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_vm_image_import:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_vm_image_import:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_vm_image_import:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_vm_image_import:$_WORKFLOW_EXECUTION_ID
   - --context=/workspace
   - --dockerfile=gce_vm_image_import.Dockerfile
 
@@ -60,9 +65,12 @@ steps:
   env: ['CGO_ENABLED=0']
 - name: 'gcr.io/kaniko-project/executor:v1.1.0'
   args:
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_onestep_image_import:$_RELEASE
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_onestep_image_import:$COMMIT_SHA
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_onestep_image_import:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_onestep_image_import:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_onestep_image_import:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_onestep_image_import:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_onestep_image_import:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_onestep_image_import:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_onestep_image_import:$_WORKFLOW_EXECUTION_ID
   - --context=/workspace
   - --dockerfile=gce_onestep_image_import.Dockerfile
 
@@ -73,9 +81,12 @@ steps:
   env: ['CGO_ENABLED=0']
 - name: 'gcr.io/kaniko-project/executor:v1.1.0'
   args:
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_vm_image_export:$_RELEASE
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_vm_image_export:$COMMIT_SHA
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_vm_image_export:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_vm_image_export:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_vm_image_export:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_vm_image_export:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_vm_image_export:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_vm_image_export:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_vm_image_export:$_WORKFLOW_EXECUTION_ID
   - --context=/workspace
   - --dockerfile=gce_vm_image_export.Dockerfile
 
@@ -86,9 +97,12 @@ steps:
   env: ['CGO_ENABLED=0']
 - name: 'gcr.io/kaniko-project/executor:v1.1.0'
   args:
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_ovf_import:$_RELEASE
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_ovf_import:$COMMIT_SHA
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_ovf_import:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_ovf_import:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_ovf_import:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_ovf_import:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_ovf_import:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_ovf_import:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_ovf_import:$_WORKFLOW_EXECUTION_ID
   - --context=/workspace
   - --dockerfile=gce_ovf_import.Dockerfile
 
@@ -99,20 +113,31 @@ steps:
   env: ['CGO_ENABLED=0']
 - name: 'gcr.io/kaniko-project/executor:v1.1.0'
   args:
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_ovf_export:$_RELEASE
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_ovf_export:$COMMIT_SHA
-  - --destination=gcr.io/$_IMAGE_PROJECT/gce_ovf_export:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_ovf_export:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_ovf_export:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_1/gce_ovf_export:$_WORKFLOW_EXECUTION_ID
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_ovf_export:$_RELEASE
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_ovf_export:$COMMIT_SHA
+  - --destination=gcr.io/$_IMAGE_PROJECT_2/gce_ovf_export:$_WORKFLOW_EXECUTION_ID
   - --context=/workspace
   - --dockerfile=gce_ovf_export.Dockerfile
 
-# Copy Linux binaries to GCS
+# Copy Linux binaries to GCS - _IMAGE_PROJECT_1
 - name: 'gcr.io/cloud-builders/gsutil'
-  args: ['cp', '/workspace/linux/*', 'gs://$_IMAGE_PROJECT/$_RELEASE/linux/']
+  args: ['cp', '/workspace/linux/*', 'gs://$_IMAGE_PROJECT_1/$_RELEASE/linux/']
 
-# Copy Windows binaries to GCS
+# Copy Linux binaries to GCS - _IMAGE_PROJECT_2
 - name: 'gcr.io/cloud-builders/gsutil'
-  args: ['cp', '/workspace/windows/*', 'gs://$_IMAGE_PROJECT/$_RELEASE/windows/']
+  args: ['cp', '/workspace/linux/*', 'gs://$_IMAGE_PROJECT_2/$_RELEASE/linux/']
 
-# Make binaries world-readable.
+# Copy Windows binaries to GCS - _IMAGE_PROJECT_1
 - name: 'gcr.io/cloud-builders/gsutil'
-  args: ['-m', 'acl', '-r', 'ch', '-u', 'AllUsers:R', 'gs://$_IMAGE_PROJECT/$_RELEASE/*']
+  args: ['cp', '/workspace/windows/*', 'gs://$_IMAGE_PROJECT_1/$_RELEASE/windows/']
+
+# Copy Windows binaries to GCS - _IMAGE_PROJECT_2
+- name: 'gcr.io/cloud-builders/gsutil'
+  args: ['cp', '/workspace/windows/*', 'gs://$_IMAGE_PROJECT_2/$_RELEASE/windows/']
+
+# Make binaries world-readable - _IMAGE_PROJECT_1
+- name: 'gcr.io/cloud-builders/gsutil'
+  args: ['-m', 'acl', '-r', 'ch', '-u', 'AllUsers:R', 'gs://$_IMAGE_PROJECT_1/$_RELEASE/*']

rollout/cli_tools_cloudbuild_build_prepare.yaml

@@ -10,6 +10,7 @@ steps:
   - |
     REGIONS_ARR=$(echo "$_REGIONS" | tr ";" "\n")
     TOOLS_ARR=$(echo "$_TOOLS" | tr ";" "\n")
+    GCP_PROJECTS_ARR=($_IMAGE_PROJECT_1 $_IMAGE_PROJECT_2)
 
     exit_on_error() {
       ERR=$$1
@@ -19,23 +20,31 @@ steps:
       fi
     }
 
-    for _REGION in $$REGIONS_ARR
+    for _PROJECT in ${GCP_PROJECTS_ARR[@]}
     do
-      for _TOOL in $$TOOLS_ARR
+      echo "--> Start Tagging prev-release for project $$_PROJECT"
+      for _REGION in $$REGIONS_ARR
       do
-        echo "--> Tagging prev-release... $$_TOOL -> $$_REGION"
-
-        gcloud container images add-tag $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:release $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:prev-release -q
-        exit_on_error $$?
+        for _TOOL in $$TOOLS_ARR
+        do
+          echo "--> Tagging prev-release... $$_TOOL -> $$_REGION"
+          gcloud container images add-tag $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:release $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:prev-release -q
+          exit_on_error $$?
+        done
+        echo "----> Tagged all tools for $$_REGION done."
       done
-      echo "----> Tagged all tools for $$_REGION done."
+      echo "--> Finished Tagging prev-release for project $$_PROJECT"
     done
 
-    for _TOOL in $$TOOLS_ARR
+
+    for _PROJECT in ${GCP_PROJECTS_ARR[@]}
     do
-      echo "--> Tagging prev-release... $$_TOOL -> gcr.io"
+      for _TOOL in $$TOOLS_ARR
+      do
+        echo "--> Tagging prev-release for project $$_PROJECT... $$_TOOL -> gcr.io"
 
-      gcloud container images add-tag gcr.io/$_IMAGE_PROJECT/$$_TOOL:release gcr.io/$_IMAGE_PROJECT/$$_TOOL:prev-release -q
-      exit_on_error $$?
+        gcloud container images add-tag gcr.io/$$_PROJECT/$$_TOOL:release gcr.io/$$_PROJECT/$$_TOOL:prev-release -q
+        exit_on_error $$?
+      done
     done
     echo "----> Tagged all tools for gcr.io done."

rollout/cli_tools_cloudbuild_deploy.yaml

@@ -11,13 +11,16 @@ steps:
 # It's specifically useful when the original workflow was failed and we resumed it.
 # 2. The commit SHA is used to track which version of source code produced the image.
 # 3. The "release" tag marks it as the current effective image.
+# NOTE: Wrappers will be pushed into 2 GCP projects. This is because we still
+# need to push to the old one for backward compatibility.
 - name: 'google/cloud-sdk:alpine'
   args:
   - 'bash'
   - '-c'
   - |
     REGIONS_ARR=$(echo "$_REGIONS" | tr ";" "\n")
     TOOLS_ARR=$(echo "$_TOOLS" | tr ";" "\n")
+    GCP_PROJECTS_ARR=($_IMAGE_PROJECT_1 $_IMAGE_PROJECT_2)
 
     exit_on_error() {
       ERR=$$1
@@ -27,19 +30,22 @@ steps:
       fi
     }
 
-    for _REGION in $$REGIONS_ARR
+    for _PROJECT in $$GCP_PROJECTS_ARR
     do
-      for _TOOL in $$TOOLS_ARR
+      for _REGION in $$REGIONS_ARR
       do
-        echo "--> Deploying... $$_TOOL -> $$_REGION"
+        for _TOOL in $$TOOLS_ARR
+        do
+          echo "--> Deploying... $$_TOOL -> $$_REGION"
 
-        # Copy the new "release" from gcr.io and tag.
-        gcloud container images add-tag gcr.io/$_IMAGE_PROJECT/$$_TOOL:release $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:release -q
-        exit_on_error $$?
-        gcloud container images add-tag $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:release $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:$_WORKFLOW_EXECUTION_ID -q
-        exit_on_error $$?
-        gcloud container images add-tag $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:release $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:$COMMIT_SHA -q
-        exit_on_error $$?
+          # Copy the new "release" from gcr.io and tag.
+          gcloud container images add-tag gcr.io/$$_PROJECT/$$_TOOL:release $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:release -q
+          exit_on_error $$?
+          gcloud container images add-tag $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:release $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:$_WORKFLOW_EXECUTION_ID -q
+          exit_on_error $$?
+          gcloud container images add-tag $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:release $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:$COMMIT_SHA -q
+          exit_on_error $$?
+        done
+        echo "----> Deployed all tools for $$_REGION"
       done
-      echo "----> Deployed all tools for $$_REGION"
     done

rollout/cli_tools_cloudbuild_rollback.yaml

@@ -11,13 +11,16 @@ steps:
 # It's specifically useful when the original workflow was failed and we resumed it.
 # 2. The commit SHA is used to track which version of source code produced the image.
 # 3. The "release" tag marks it as the current effective image.
+# NOTE: Rollout will be done on 2 GCP project, this is because wrappers are be pushed into 2 GCP projects as
+# we still need to push to the old one for backward compatibility.
 - name: 'google/cloud-sdk:alpine'
   args:
   - 'bash'
   - '-c'
   - |
     REGIONS_ARR=$(echo "$_REGIONS" | tr ";" "\n")
     TOOLS_ARR=$(echo "$_TOOLS" | tr ";" "\n")
+    GCP_PROJECTS_ARR=($_IMAGE_PROJECT_1 $_IMAGE_PROJECT_2)
 
     exit_on_error() {
       ERR=$$1
@@ -27,23 +30,30 @@ steps:
       fi
     }
 
-    for _REGION in $$REGIONS_ARR
+
+    for _PROJECT in ${GCP_PROJECTS_ARR[@]}
     do
-      for _TOOL in $$TOOLS_ARR
+      echo "--> Start Rolling back for project $$_PROJECT .."
+      for _REGION in $$REGIONS_ARR
       do
-        echo "--> Rollback... $$_TOOL -> $$_REGION"
+        for _TOOL in $$TOOLS_ARR
+        do
+          echo "--> Rollback... $$_TOOL -> $$_REGION"
 
-        gcloud container images add-tag $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:prev-release $$_REGION-docker.pkg.dev/$_IMAGE_PROJECT/wrappers/$$_TOOL:release -q
-        exit_on_error $$?
+          gcloud container images add-tag $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:prev-release $$_REGION-docker.pkg.dev/$$_PROJECT/wrappers/$$_TOOL:release -q
+          exit_on_error $$?
+        done
+        echo "----> Rollback all tools for $$_REGION done."
       done
-      echo "----> Rollback all tools for $$_REGION done."
     done
 
-    for _TOOL in $$TOOLS_ARR
+    for _PROJECT in ${GCP_PROJECTS_ARR[@]}
     do
-      echo "--> Rollback... $$_TOOL -> gcr.io"
-
-      gcloud container images add-tag gcr.io/$_IMAGE_PROJECT/$$_TOOL:prev-release gcr.io/$_IMAGE_PROJECT/$$_TOOL:release -q
-      exit_on_error $$?
+      for _TOOL in $$TOOLS_ARR
+      do
+        echo "--> Rollback... $$_TOOL -> gcr.io in project $$_PROJECT"
+        gcloud container images add-tag gcr.io/$$_PROJECT/$$_TOOL:prev-release gcr.io/$$_PROJECT/$$_TOOL:release -q
+        exit_on_error $$?
+      done
     done
     echo "----> Rollback all tools for gcr.io done."