python-docs-samples/storage/cloudbuild/zb-system-tests-cloudbuild.yaml at 4c6acdc30810cd84769bbdfec7e8b1720d8e3f7f · GoogleCloudPlatform/python-docs-samples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
substitutions:
  _REGION: "us-central1"
  _ZONE: "us-central1-a"
  _SHORT_BUILD_ID: ${BUILD_ID:0:8}
  _VM_NAME: "py-sdk-sys-test-${_SHORT_BUILD_ID}"
  _ULIMIT: "10000" # 10k, for gRPC bidi streams


steps:
  # Step 0: Generate a persistent SSH key for this build run.
  # This prevents gcloud from adding a new key to the OS Login profile on every ssh/scp command.
  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    id: "generate-ssh-key"
    entrypoint: "bash"
    args:
      - "-c"
      - |
        mkdir -p /workspace/.ssh
        # Generate the SSH key
        ssh-keygen -t rsa -f /workspace/.ssh/google_compute_engine -N '' -C gcb
        # Save the public key content to a file for the cleanup step
        cat /workspace/.ssh/google_compute_engine.pub > /workspace/gcb_ssh_key.pub
    waitFor: ["-"]

  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    id: "cleanup-old-keys"
    entrypoint: "bash"
    args:
      - "-c"
      - |
        #!/bin/bash
        set -e

        echo "Fetching OS Login SSH keys..."
        echo "Removing all keys."
        echo "---------------------------------------------------------------------"

        FINGERPRINTS_TO_DELETE=$$(gcloud compute os-login ssh-keys list \
          --format="value(fingerprint)")

        echo "Keys to delete: $$FINGERPRINTS_TO_DELETE"

        if [ -z "$$FINGERPRINTS_TO_DELETE" ]; then
          echo "No keys found to delete. Nothing to do."
          exit 0
        fi

        while IFS= read -r FINGERPRINT; do
          if [ -n "$$FINGERPRINT" ]; then
            echo "Deleting key with fingerprint: $$FINGERPRINT"
            gcloud compute os-login ssh-keys remove \
              --key="$$FINGERPRINT" \
              --quiet || true
          fi
        done <<< "$$FINGERPRINTS_TO_DELETE"

        echo "---------------------------------------------------------------------"
        echo "Cleanup complete."

  # Step 1 Create a GCE VM to run the tests.
  # The VM is created in the same zone as the buckets to test rapid storage features.
  # It's given the 'cloud-platform' scope to allow it to access GCS and other services.
  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    id: "create-vm"
    entrypoint: "gcloud"
    args:
      - "compute"
      - "instances"
      - "create"
      - "${_VM_NAME}"
      - "--project=${PROJECT_ID}"
      - "--zone=${_ZONE}"
      - "--machine-type=e2-medium"
      - "--image-family=debian-13"
      - "--image-project=debian-cloud"
      - "--service-account=${_ZONAL_VM_SERVICE_ACCOUNT}"
      - "--scopes=https://www.googleapis.com/auth/devstorage.full_control,https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/devstorage.read_write"
      - "--metadata=enable-oslogin=TRUE"
    waitFor: ["-"]

  # Step 2: Run the integration tests inside the newly created VM and cleanup.
  # This step uses 'gcloud compute ssh' to execute a remote script.
  # The VM is deleted after tests are run, regardless of success.
  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    id: "run-tests-and-delete-vm"
    entrypoint: "bash"
    args:
      - "-c"
      - |
        set -e
        # Wait for the VM to be fully initialized and SSH to be ready.
        for i in {1..10}; do
          if gcloud compute ssh ${_VM_NAME} --zone=${_ZONE} --internal-ip --ssh-key-file=/workspace/.ssh/google_compute_engine --command="echo VM is ready"; then
            break
          fi
          echo "Waiting for VM to become available... (attempt $i/10)"
          sleep 15
        done
        # copy the script to the VM
        gcloud compute scp main/storage/cloudbuild/run_zonal_tests.sh ${_VM_NAME}:~ --zone=${_ZONE} --internal-ip --ssh-key-file=/workspace/.ssh/google_compute_engine

        # Execute the script on the VM via SSH.
        # Capture the exit code to ensure cleanup happens before the build fails.
        set +e
        gcloud compute ssh ${_VM_NAME} --zone=${_ZONE} --internal-ip --ssh-key-file=/workspace/.ssh/google_compute_engine --command="ulimit -n ${_ULIMIT}; COMMIT_SHA=${COMMIT_SHA} _ZONAL_BUCKET=${_ZONAL_BUCKET} CROSS_REGION_BUCKET=${_CROSS_REGION_BUCKET} _PR_NUMBER=${_PR_NUMBER} bash run_zonal_tests.sh"
        EXIT_CODE=$?
        set -e

        echo "--- Deleting GCE VM ---"
        gcloud compute instances delete "${_VM_NAME}" --zone=${_ZONE} --quiet

        # Exit with the original exit code from the test script.
        exit $$EXIT_CODE
    waitFor:
      - "create-vm"
      - "generate-ssh-key"
      - "cleanup-old-keys"

  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    id: "cleanup-ssh-key"
    entrypoint: "bash"
    args:
      - "-c"
      - |
        echo "--- Removing SSH key from OS Login profile to prevent accumulation ---"
        gcloud compute os-login ssh-keys remove \
          --key-file=/workspace/gcb_ssh_key.pub || true
    waitFor:
      - "run-tests-and-delete-vm"

timeout: "3600s" # 60 minutes

options:
  logging: CLOUD_LOGGING_ONLY
  pool:
    name: "projects/${PROJECT_ID}/locations/us-central1/workerPools/cloud-build-worker-pool"