-
Notifications
You must be signed in to change notification settings - Fork 505
/
cloudbuild.yaml
73 lines (66 loc) · 2.14 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
timeout: 14400s
#### SECURITY NOTICE ####
# Google Cloud Build (GCB) supports the usage of secrets for build requests.
# Secrets appear within GCB configs as base64-encoded strings.
# These secrets are GCP Cloud KMS-encrypted and cannot be decrypted by any human or system
# outside of GCP Cloud KMS for the GCP project this encrypted resource was created for.
# Seeing the base64-encoded encrypted blob here is not a security event for the project.
#
# More details on using encrypted resources on Google Cloud Build can be found here:
# https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-secrets-credentials
#
# (Please do not remove this security notice.)
secrets:
- kmsKeyName: projects/k8s-releng-prod/locations/global/keyRings/release/cryptoKeys/encrypt-0
secretEnv:
GITHUB_TOKEN: CiQAIkWjMMb2OjCHCt1hHer4ZBqqD1Mj7+dfTpvkkuzS64nrGm0SUQBLz1D+4Zwp6te6JByO/zvGpHMhW6/i3BJMRYXtNTkyBGMnZuH+J3gQfhcGL2HXjr75lHaCxF4bxPr45xen5D/Kk1+paL+XpOU3KJIADy7uGQ==
steps:
- name: gcr.io/cloud-builders/git
dir: "go/src/k8s.io"
args:
- "clone"
- "--branch=${_TOOL_BRANCH}"
- "https://github.com/${_TOOL_ORG}/${_TOOL_REPO}"
- name: k8s.gcr.io/build-image/kube-cross:${_KUBE_CROSS_VERSION}
dir: "go/src/k8s.io/release"
env:
- "GOPATH=/workspace/go"
- "GOBIN=/workspace/bin"
args:
- "./compile-release-tools"
- name: gcr.io/k8s-staging-releng/k8s-cloud-builder:${_KUBE_CROSS_VERSION}
dir: "/workspace"
env:
- "TOOL_ORG=${_TOOL_ORG}"
- "TOOL_REPO=${_TOOL_REPO}"
- "TOOL_BRANCH=${_TOOL_BRANCH}"
secretEnv:
- GITHUB_TOKEN
args:
- "bin/krel"
- "release"
- "--submit=false"
- "${_NOMOCK}"
- "--log-level=${_LOG_LEVEL}"
- "--type=${_TYPE}"
- "--branch=${_RELEASE_BRANCH}"
- "--build-version=${_BUILDVERSION}"
tags:
- ${_GCP_USER_TAG}
- ${_RELEASE_BRANCH}
- ${_BUILD_POINT}
- ${_NOMOCK_TAG}
- RELEASE
- ${_GIT_TAG}
- ${_TYPE_TAG}
- ${_MAJOR_VERSION_TAG}
- ${_MINOR_VERSION_TAG}
- ${_PATCH_VERSION_TAG}
- ${_KUBERNETES_VERSION_TAG}
- NO_ANAGO
options:
machineType: N1_HIGHCPU_32
substitutions:
# _GIT_TAG will be filled with a git-based tag of the form vYYYYMMDD-hash, and
# can be used as a substitution
_GIT_TAG: '12345'