@@ -69,9 +69,6 @@ workflows:
6969 only :
7070 - master
7171 - production
72- context :
73- - gcpv2-workload-identity
74-
7572 # This is a weekly workflow, just to deploy new versions of the docker images,
7673 # so that updates to the underlying images are used and deployed.
7774 # This is configured to run on Thursdays (4th day in the week, Sunday is 0).
@@ -201,40 +198,57 @@ jobs:
201198deploy-gar :
202199 executor : gcp-gcr/default
203200 parameters :
201+ build_tag :
202+ type : string
203+ default : build
204204 image :
205205 type : string
206- default : us-docker.pkg.dev/moz-fx-profiler-prod/profiler-prod/ firefoxprofiler
207- tag :
206+ default : firefoxprofiler
207+ registry-url :
208208 type : string
209- default : latest
209+ default : us-docker.pkg.dev
210210 steps :
211- - checkout
212- - run :
213- name : Prepare environment variables for OIDC authentication
214- command : |
215- echo 'export GOOGLE_PROJECT_ID="moz-fx-profiler-prod"' >> "$BASH_ENV"
216- echo "export OIDC_WIP_ID=$GCPV2_WORKLOAD_IDENTITY_POOL_ID" >> "$BASH_ENV"
217- echo "export OIDC_WIP_PROVIDER_ID=$GCPV2_CIRCLECI_WORKLOAD_IDENTITY_PROVIDER" >> "$BASH_ENV"
218- echo "export GOOGLE_PROJECT_NUMBER=$GCPV2_WORKLOAD_IDENTITY_POOL_PROJECT_NUMBER" >> "$BASH_ENV"
219- echo "export OIDC_SERVICE_ACCOUNT_EMAIL=$GCP_SERVICE_ACCOUNT_EMAIL" >> "$BASH_ENV"
220- gcp-cli/setup :
211+ # gcr-auth parameters:
212+ # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr#commands-gcr-auth
213+ - gcp-gcr/gcr-auth :
214+ gcp_cred_config_file_path : ~/gcp_cred_config.json
215+ google-project-id : GCP_GAR_PROJECT_ID
216+ google_project_number : GCP_OIDC_PROJECT_NUMBER
217+ registry-url : <<parameters.registry-url>>
218+ service_account_email : GCP_OIDC_SERVICE_ACCOUNT_EMAIL
221219 use_oidc : true
220+ workload_identity_pool_id : GCP_OIDC_WIP_ID
221+ workload_identity_pool_provider_id : GCP_OIDC_WIP_PROVIDER_ID
222+ - attach_workspace :
223+ at : /tmp/cache
224+ - run :
225+ name : Restore Docker image cache
226+ command : docker load -i /tmp/cache/<<parameters.image>>.tar
227+ # This is the easiest way to tag multiple images using different
228+ # conditions for the GAR_TAG variable in the smallest amount of code.
229+ #
230+ # You can find other jobs and commands you can use with this orb that
231+ # include tagging here:
232+ # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr
222233 - run :
223- name : Deploy to Google Artifact Registry
234+ name : Tag image
224235 command : |
225- gcloud auth configure-docker us-docker.pkg.dev --quiet
226-
227- DOCKER_IMAGE="us-docker.pkg.dev/moz-fx-profiler-prod/profiler-prod/firefoxprofiler"
228- IMAGE_VERSION_TAG="0.0.${CIRCLE_BUILD_NUM}"
229- IMAGE_LATEST_TAG="${CIRCLE_BRANCH}-latest"
230-
231- docker tag profiler-server:dev ${DOCKER_IMAGE}:$IMAGE_LATEST_TAG
232- docker tag profiler-server:deploy ${DOCKER_IMAGE}:$IMAGE_VERSION_TAG
233-
234- docker push "${DOCKER_IMAGE}:IMAGE_LATEST_TAG"
235- docker push "${DOCKER_IMAGE}:IMAGE_VERSION_TAG"
236-
237-
238- GIT_SHA=$(git rev-parse --short HEAD)
239- docker tag profiler-server:deploy ${DOCKER_IMAGE}:sha-${GIT_SHA}
240- docker push ${DOCKER_IMAGE}:sha-${GIT_SHA}
236+ if [ ! -z "${CIRCLE_TAG}" ]; then
237+ echo "export GAR_TAG=${CIRCLE_TAG}" >> $BASH_ENV
238+ else
239+ echo "export GAR_TAG=${CIRCLE_BRANCH}" >> $BASH_ENV
240+ fi
241+ echo "export GAR_IMAGE=\"<<parameters.registry-url>>/${GCP_GAR_PROJECT_ID}/${GCP_GAR_REPO}/<<parameters.image>>\"" >> $BASH_ENV
242+ source $BASH_ENV
243+ IMAGE_VERSION_TAG="0.0.${CIRCLE_BUILD_NUM}"
244+ IMAGE_LATEST_TAG="${CIRCLE_BRANCH}-latest"
245+
246+ docker tag <<parameters.image>> $GAR_IMAGE:$IMAGE_VERSION_TAG
247+ docker tag <<parameters.image>> $GAR_IMAGE:$IMAGE_LATEST_TAG
248+ # push-image parameters:
249+ # https://circleci.com/developer/orbs/orb/circleci/gcp-gcr#commands-push-image
250+ - gcp-gcr/push-image :
251+ image : " ${GCP_GAR_REPO}/<<parameters.image>>"
252+ google-project-id : GCP_GAR_PROJECT_ID
253+ registry-url : <<parameters.registry-url>>
254+ tag : $IMAGE_VERSION_TAG,$IMAGE_VERSION_TAG
0 commit comments