From 3a300539128d39308578ee34aeb17b7add91016c Mon Sep 17 00:00:00 2001
From: nkinkade <kinkade@measurementlab.net>
Date: Thu, 7 Mar 2024 13:57:10 -0700
Subject: [PATCH] Moves CB "thirdparty" config to "non-oti-prod" (#70)

* Moves CB "thirdparty" config to "non-oti-prod"

cloudbuild-thirdparty.yaml existed only because of required deployments in the
mlab-autojoin project, in which there is no
gcr.io/mlab-autojoin/gcloud-jsonnet-cbif container image, so it manually
pointed to the version of the container image in mlab-oti.

We now have that same need in the measurement-lab project, for which the name
"thirdparty" didn't make sense.

This is an attempt to rename the secondary Cloud Build config file to something
that both the mlab-autojoin and measurement-lab project Cloud Build triggers
can use.

Additionally, I realized that the version terraform that the scripts were
downloading was a bit old. This commit updates the version to the latest, and
additionally makes it an environment variable to avoid so much duplication.

* Escape refs to TF_RELEASE to avoid CB errors

* Removes seconary CB config in favor of CB variable

Rather than having two Cloud Build configurations with the only difference
being the container image path for step #1, this commit removes the secondary
configuration in favor of just creating a user-defined build trigger
substitution in each project pointing to the appropriate container image for
the build.

* Puts an underscore in front of CONTAINER_IMAGE var

* Adds the container image version to the build config

So that the container version is more transparent to a viewer of this
repository, this commit removes the version string from the variable
$_CONTAINER_IMAGE and instead appends it in the build config file. Not only is
this more transparent, but when we need to update the version we just update it
once in this file, rather than having to update variables in build triggers in
every project.
---
 cloudbuild-thirdparty.yaml | 23 -----------------------
 cloudbuild.yaml            | 18 +++++++++++++++---
 2 files changed, 15 insertions(+), 26 deletions(-)
 delete mode 100644 cloudbuild-thirdparty.yaml

diff --git a/cloudbuild-thirdparty.yaml b/cloudbuild-thirdparty.yaml
deleted file mode 100644
index 10fa58b..0000000
--- a/cloudbuild-thirdparty.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Timeout after 10h. Today, there are around 50 virtual machines in the
-# production cluster. On average it takes a single VM around 6.5m to be
-# deleted, recreated, and for ndt-server or the API to be available. If we
-# update the machines serially, this means a total build time of around 5.5
-# hours. Set the timeout to around double that just for room to grow.
-timeout: 36000s
-
-steps:
-- name: gcr.io/mlab-oti/gcloud-jsonnet-cbif:1.1
-  entrypoint: /bin/bash
-  args:
-  - -c
-  - |-
-    apt update
-    apt install --yes unzip
-    curl --remote-name https://releases.hashicorp.com/terraform/1.5.3/terraform_1.5.3_linux_amd64.zip
-    unzip terraform_1.5.3_linux_amd64.zip
-    mv terraform /usr/local/bin/
-    export PROJECT=$PROJECT_ID
-    bash scripts/tf_apply.sh $$PROJECT
-options:
-  logging: CLOUD_LOGGING_ONLY
-
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index 9f2cc71..c1703a0 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -5,16 +5,28 @@
 # hours. Set the timeout to around double that just for room to grow.
 timeout: 36000s
 
+# $_CONTAINER_IMAGE is going to be some form of:
+#
+#     gcr.io/<project>/gcloud-jsonnet-cbif
+#
+# We have this in a Cloud Build user-defined substitution variable because
+# this build gets run in more projects that just the standard
+# sandbox->staging->prod, but those projects are the only ones where the
+# container image is built and pushed to Artifact Registry. The other projects
+# are "mlab-autojoin" and "measurement-lab", both of which are production
+# projects, so in those we want to use the "mlab-oti" (prod) image. The value of
+# this variable is defined in the build trigger of each project.
 steps:
-- name: gcr.io/$PROJECT_ID/gcloud-jsonnet-cbif:1.1
+- name: ${_CONTAINER_IMAGE}:1.1
   entrypoint: /bin/bash
   args:
   - -c
   - |-
+    export TF_RELEASE="1.7.4"
     apt update
     apt install --yes unzip
-    curl --remote-name https://releases.hashicorp.com/terraform/1.5.3/terraform_1.5.3_linux_amd64.zip
-    unzip terraform_1.5.3_linux_amd64.zip
+    curl --remote-name https://releases.hashicorp.com/terraform/$${TF_RELEASE}/terraform_$${TF_RELEASE}_linux_amd64.zip
+    unzip terraform_$${TF_RELEASE}_linux_amd64.zip
     mv terraform /usr/local/bin/
     export PROJECT=$PROJECT_ID
     bash scripts/tf_apply.sh $$PROJECT