cloudbuild.yaml

steps:
  # GCB only fetches a source archive, but the build requires an actual git repo. Note that the
  # clone behavior changed multiple times between 2017 and 2019 and might not be stable.
  # See: https://github.com/GoogleCloudPlatform/cloud-builders/issues/236#issuecomment-558991730
  - name: "gcr.io/cloud-builders/git"
    entrypoint: "bash"
    args:
      - "-c"
      - |
        git init
        git remote add origin https://github.com/getsentry/$REPO_NAME.git
        git fetch --depth=1 origin $COMMIT_SHA
        git reset --hard FETCH_HEAD
        git config -f .gitmodules submodule.core.url https://github.com/getsentry/$REPO_NAME.git
        git submodule update --init --recursive

  - name: 'gcr.io/cloud-builders/docker'
    args:
      [
        'build',
        '--target',
        'symbolicator-build',
        '-t',
        'us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/builder:latest',
        '--build-arg',
        'BUILDKIT_INLINE_CACHE=1',
        '--cache-from',
        'us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/builder:latest',
        '.',
      ]
    env: [DOCKER_BUILDKIT=1]

  - name: "us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/builder:latest"
    entrypoint: "bash"
    args:
      - "-c"
      - |-
        cp /opt/symbolicator-debug.zip /opt/symbolicator.src.zip .

  # Uploads DIFs to the deployment pipeline group's private bucket.
  # These are used for sentry releases.
  - name: "gcr.io/cloud-builders/gsutil"
    entrypoint: "bash"
    args:
      - "-c"
      - |-
        gsutil -m cp \
        ./symbolicator-debug.zip ./symbolicator.src.zip \
        gs://dicd-team-devinfra-cd--symbolicator/difs/$COMMIT_SHA/

  - name: 'gcr.io/cloud-builders/docker'
    args:
      [
        'build',
        '-t',
        'us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:nightly',
        '-t',
        'us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:$COMMIT_SHA',
        '--build-arg',
        'BUILDKIT_INLINE_CACHE=1',
        '--cache-from',
        'us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/builder:latest',
        '--cache-from',
        'us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:nightly',
        '.',
      ]
    env: [DOCKER_BUILDKIT=1]

  - name: "us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:nightly"
    args: ["--version"]

  - name: "us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:nightly"
    args: ["--help"]

  # Only tag "nightly" when on master
  - name: "gcr.io/cloud-builders/docker"
    secretEnv: ["DOCKER_PASSWORD"]
    entrypoint: "bash"
    args:
      - "-e"
      - "-c"
      - |
        # Only push to Docker Hub from master
        [ "$BRANCH_NAME" != "master" ] && exit 0
        docker push us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:nightly
        echo "$$DOCKER_PASSWORD" | docker login --username=sentrybuilder --password-stdin
        docker tag us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:$COMMIT_SHA getsentry/symbolicator:$SHORT_SHA
        docker push getsentry/symbolicator:$SHORT_SHA
        docker tag us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:$COMMIT_SHA getsentry/symbolicator:$COMMIT_SHA
        docker push getsentry/symbolicator:$COMMIT_SHA
        docker tag us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:$COMMIT_SHA getsentry/symbolicator:nightly
        docker push getsentry/symbolicator:nightly

images:
  [
    "us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/builder:latest",
    "us-central1-docker.pkg.dev/$PROJECT_ID/symbolicator/image:$COMMIT_SHA",
  ]
timeout: 3600s
options:
  # Run on bigger machines
  machineType: "E2_HIGHCPU_32"
secrets:
  - kmsKeyName: projects/sentryio/locations/global/keyRings/service-credentials/cryptoKeys/cloudbuild
    secretEnv:
      # This is a personal access token for the sentrybuilder account, encrypted using the
      # short guide at http://bit.ly/2Pg6uw9
      DOCKER_PASSWORD: |
        CiQAE8gN7y3OMxn+a1kofmK4Bi8jQZtdRFj2lYYwaZHVeIIBUzMSTQA9tvn8XCv2vqj6u8CHoeSP
        TVW9pLvSCorKoeNtOp0eb+6V1yNJW/+JC07DNO1KLbTbodbuza6jKJHU5xeAJ4kGQI78UY5Vu1Gp
        QcMK