From bbf4a4a829308dbc482ab45b5918d5983234b086 Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Wed, 7 Jan 2026 12:47:12 -0500 Subject: [PATCH] Add cloud build config for lifecycle tagging Signed-off-by: Appu Goundan --- .cloudbuild/lifecycle_tag.sh | 29 +++++++++++++++++++++++++++++ .cloudbuild/lifecycle_tag.yaml | 13 +++++++++++++ private/tools/lifecycle/tag.sh | 7 ++++++- 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 .cloudbuild/lifecycle_tag.sh create mode 100644 .cloudbuild/lifecycle_tag.yaml diff --git a/.cloudbuild/lifecycle_tag.sh b/.cloudbuild/lifecycle_tag.sh new file mode 100644 index 000000000..6633d6c1e --- /dev/null +++ b/.cloudbuild/lifecycle_tag.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +set -o errexit -o nounset -o xtrace -o pipefail + +BAZELISK_VERSION="1.27.0" +BAZELISK_SHA256="e1508323f347ad1465a887bc5d2bfb91cffc232d11e8e997b623227c6b32fb76" + +GGCR_VERSION="0.20.7" +GGCR_SHA256="8ef3564d264e6b5ca93f7b7f5652704c4dd29d33935aff6947dd5adefd05953e" + +# install gcrane +curl -fsSL "https://github.com/google/go-containerregistry/releases/download/v${GGCR_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" -o ggcr.tar.gz +echo "${GGCR_SHA256} ggcr.tar.gz" | sha256sum --check +tar -xzf ggcr.tar.gz gcrane +chmod a+x gcrane +mv gcrane /usr/bin/gcrane # needs to be on path + +# we need jq too +apt-get update +apt-get -y install jq + +# install bazelisk (TODO: there's probably a better way to do this) +curl -fsSL "https://github.com/bazelbuild/bazelisk/releases/download/v${BAZELISK_VERSION}/bazelisk-linux-amd64" -o bazelisk +echo "${BAZELISK_SHA256} bazelisk" | sha256sum --check +chmod a+x bazelisk + +echo "common --google_default_credentials" >> ~/.bazelrc +echo "common --announce_rc" >> ~/.bazelrc + +./bazelisk run :attach_lifecycle_tags --config=release diff --git a/.cloudbuild/lifecycle_tag.yaml b/.cloudbuild/lifecycle_tag.yaml new file mode 100644 index 000000000..528c365e9 --- /dev/null +++ b/.cloudbuild/lifecycle_tag.yaml @@ -0,0 +1,13 @@ +timeout: 1800s # 30 minutes + +options: + machineType: E2_MEDIUM + logging: CLOUD_LOGGING_ONLY + +steps: + - name: gcr.io/cloud-builders/bazel@sha256:70e96d9faec4bab40a9d8d55d6b86ce2657927d8bca6bdc2dcb21a82b66dbdf7 # 5.4.0 + env: + - PROJECT_ID=${PROJECT_ID} + - REGISTRY=gcr.io + entrypoint: bash + args: [".cloudbuild/lifecycle_tag.sh"] diff --git a/private/tools/lifecycle/tag.sh b/private/tools/lifecycle/tag.sh index c35d950f6..2002485ab 100755 --- a/private/tools/lifecycle/tag.sh +++ b/private/tools/lifecycle/tag.sh @@ -43,6 +43,8 @@ function tag_update() { (($now | tonumber) - (.value.timeUploadedMs | tonumber) > 172800000) ) | .key '); + background_pid=$! + wait "$background_pid" echo "tagging ${#targets[@]} images of $image" @@ -58,14 +60,17 @@ function tag_deprecate() { images_json=$(gcrane ls "$image" --json) # get all hashes for all images don't have the deprecated tag + # this is only for wholesale deprecation of an image readarray -t targets < <(echo "$images_json" | jq -er ' .manifest | to_entries | sort_by(.value.timeUploadedMs|tonumber) | .[] | select( .value.tag // [] | all(test("deprecated-public-image-[a-f0-9]{64}$") | not) ) | .key '); + background_pid=$! + wait "$background_pid" echo "tagging ${#targets[@]} images of $image" - echo "disabled for now, edit out comment" + echo "disabled for now, edit out comment, be careful about builds happening, this doesn't account for them" # exec_tag "$image" "$tag_prefix" targets }