diff --git a/.kokoro/populate-secrets.sh b/.kokoro/populate-secrets.sh index aab0ec3..de6c0db 100644 --- a/.kokoro/populate-secrets.sh +++ b/.kokoro/populate-secrets.sh @@ -23,6 +23,10 @@ function msg { println "$*" >&2 ;} function println { printf '%s\n' "$(now) $*" ;} # Populates requested secrets set in SECRET_MANAGER_KEYS +if [[ -z "${SECRET_MANAGER_PROJECT_ID-}" ]]; then + msg "SECRET_MANAGER_PROJECT_ID is not set in environment variables, using default" + SECRET_MANAGER_PROJECT_ID="cloud-devrel-kokoro-resources" +fi # In Kokoro CI builds, we use the service account attached to the # Kokoro VM. This means we need to setup auth on other CI systems. @@ -64,7 +68,7 @@ do msg "Retrieving secret ${key}" "${GCLOUD_COMMANDS[@]}" \ secrets versions access latest \ - --project cloud-devrel-kokoro-resources \ + --project "${SECRET_MANAGER_PROJECT_ID}" \ --secret $key > \ "$SECRET_LOCATION/$key" if [[ $? == 0 ]]; then diff --git a/.kokoro/release.cfg b/.kokoro/release.cfg index 89bad37..343880f 100644 --- a/.kokoro/release.cfg +++ b/.kokoro/release.cfg @@ -7,19 +7,13 @@ action { } } -# Download resources for system tests (service account key, etc.) -gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-cloud-ruby" - -# Download trampoline resources. -gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline" - # Use the trampoline script to run in docker. build_file: "ruby-cloud-env/.kokoro/trampoline_v2.sh" # Configure the docker image for kokoro-trampoline. env_vars: { key: "TRAMPOLINE_IMAGE" - value: "gcr.io/cloud-devrel-kokoro-resources/yoshi-ruby/release" + value: "us-central1-docker.pkg.dev/cloud-sdk-release-custom-pool/release-images/ruby-multi" } env_vars: { @@ -27,6 +21,11 @@ env_vars: { value: ".kokoro/release.sh" } +env_vars: { + key: "SECRET_MANAGER_PROJECT_ID" + value: "cloud-sdk-release-custom-pool" +} + env_vars: { key: "SECRET_MANAGER_KEYS" value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem,docuploader_service_account" diff --git a/.kokoro/trampoline_v2.sh b/.kokoro/trampoline_v2.sh index ef6972b..11918a2 100644 --- a/.kokoro/trampoline_v2.sh +++ b/.kokoro/trampoline_v2.sh @@ -138,18 +138,26 @@ if [[ -n "${KOKORO_BUILD_ID:-}" ]]; then RUNNING_IN_CI="true" TRAMPOLINE_CI="kokoro" if [[ "${TRAMPOLINE_USE_LEGACY_SERVICE_ACCOUNT:-}" == "true" ]]; then - if [[ ! -f "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" ]]; then - log_red "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json does not exist. Did you forget to mount cloud-devrel-kokoro-resources/trampoline? Aborting." - exit 1 - fi - # This service account will be activated later. - TRAMPOLINE_SERVICE_ACCOUNT="${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" + if [[ ! -f "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" ]]; then + log_red "${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json does not exist. Did you forget to mount cloud-devrel-kokoro-resources/trampoline? Aborting." + exit 1 + fi + # This service account will be activated later. + TRAMPOLINE_SERVICE_ACCOUNT="${KOKORO_GFILE_DIR}/kokoro-trampoline.service-account.json" else - if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then - gcloud auth list - fi - log_yellow "Configuring Container Registry access" - gcloud auth configure-docker --quiet + if [[ "${TRAMPOLINE_VERBOSE:-}" == "true" ]]; then + gcloud auth list + fi + log_yellow "Configuring Container Registry access" + TRAMPOLINE_HOST=$(echo "${TRAMPOLINE_IMAGE}" | cut -d/ -f1) + if [[ ! "${TRAMPOLINE_HOST}" =~ "gcr.io" ]]; then + # If you need to specificy a host other than gcr.io, you have to run on an update version of gcloud. + echo "TRAMPOLINE_HOST: ${TRAMPOLINE_HOST}" + gcloud components update + gcloud auth configure-docker "${TRAMPOLINE_HOST}" + else + gcloud auth configure-docker --quiet + fi fi pass_down_envvars+=( # KOKORO dynamic variables.