From 6651a08752080a3594714b9e8de009bf4155fbb1 Mon Sep 17 00:00:00 2001 From: Ricky Stewart Date: Thu, 1 Apr 2021 13:04:31 -0500 Subject: [PATCH] build: refactor `teamcity-weekly-roachtest.sh` to depend on common code We can use the helper functionality here to log into `gcloud`, and the helper code will clean the credentials up after the fact. Also adopt the same pattern for SSH keys, and make sure they get cleaned up too. Release note: None --- build/release/teamcity-support.sh | 15 +++++---------- build/teamcity-common-support.sh | 15 +++++++++++++++ build/teamcity-support.sh | 14 ++++++++++++++ build/teamcity-weekly-roachtest.sh | 15 ++++----------- 4 files changed, 38 insertions(+), 21 deletions(-) create mode 100644 build/teamcity-common-support.sh diff --git a/build/release/teamcity-support.sh b/build/release/teamcity-support.sh index 355dee76325b..70a05f386106 100644 --- a/build/release/teamcity-support.sh +++ b/build/release/teamcity-support.sh @@ -1,9 +1,13 @@ # Common helpers for teamcity-*.sh scripts. +# root is the absolute path to the root directory of the repository. +root=$(cd "$(dirname "$0")/../.." && pwd) +source "$root/build/teamcity-common-support.sh" + remove_files_on_exit() { - rm -f .google-credentials.json rm -f .cockroach-teamcity-key rm -rf ~/.docker + common_support_remove_files_on_exit } trap remove_files_on_exit EXIT @@ -15,15 +19,6 @@ tc_end_block() { echo "##teamcity[blockClosed name='$1']" } -log_into_gcloud() { - if [[ "${google_credentials}" ]]; then - echo "${google_credentials}" > .google-credentials.json - gcloud auth activate-service-account --key-file=.google-credentials.json - else - echo 'warning: `google_credentials` not set' >&2 - fi -} - docker_login_with_google() { # https://cloud.google.com/container-registry/docs/advanced-authentication#json-key echo "${google_credentials}" | docker login -u _json_key --password-stdin "https://${gcr_hostname}" diff --git a/build/teamcity-common-support.sh b/build/teamcity-common-support.sh new file mode 100644 index 000000000000..4cc3370f0d5b --- /dev/null +++ b/build/teamcity-common-support.sh @@ -0,0 +1,15 @@ +# Common logic shared by build/teamcity-support.sh and build/release/teamcity-support.sh. + +# Call this to clean up after using any other functions from this file. +common_support_remove_files_on_exit() { + rm -f .google-credentials.json +} + +log_into_gcloud() { + if [[ "${google_credentials}" ]]; then + echo "${google_credentials}" > .google-credentials.json + gcloud auth activate-service-account --key-file=.google-credentials.json + else + echo 'warning: `google_credentials` not set' >&2 + fi +} diff --git a/build/teamcity-support.sh b/build/teamcity-support.sh index 16cd41c380cb..67da3b0568d0 100644 --- a/build/teamcity-support.sh +++ b/build/teamcity-support.sh @@ -3,6 +3,14 @@ # root is the absolute path to the root directory of the repository. root=$(cd "$(dirname "$0")/.." && pwd) +source "$root/build/teamcity-common-support.sh" + +remove_files_on_exit() { + rm -f ~/.ssh/id_rsa{,.pub} + common_support_remove_files_on_exit +} +trap remove_files_on_exit EXIT + # maybe_ccache turns on ccache to speed up compilation, but only for PR builds. # This speeds up the CI cycle for developers while preventing ccache from # corrupting a release build. @@ -283,3 +291,9 @@ tc_prepare() { maybe_ccache tc_end_block "Prepare environment" } + +generate_ssh_key() { + if [[ ! -f ~/.ssh/id_rsa.pub ]]; then + ssh-keygen -q -N "" -f ~/.ssh/id_rsa + fi +} diff --git a/build/teamcity-weekly-roachtest.sh b/build/teamcity-weekly-roachtest.sh index ac765fc81225..d3fa7f1a262c 100755 --- a/build/teamcity-weekly-roachtest.sh +++ b/build/teamcity-weekly-roachtest.sh @@ -5,20 +5,13 @@ set -euo pipefail -if [[ "$GOOGLE_EPHEMERAL_CREDENTIALS" ]]; then - echo "$GOOGLE_EPHEMERAL_CREDENTIALS" > creds.json - gcloud auth activate-service-account --key-file=creds.json - export ROACHPROD_USER=teamcity -else - echo 'warning: GOOGLE_EPHEMERAL_CREDENTIALS not set' >&2 - echo "Assuming that you've run \`gcloud auth login\` from inside the builder." >&2 -fi +google_credentials="$GOOGLE_EPHEMERAL_CREDENTIALS" +source "$(dirname "${0}")/teamcity-support.sh" +log_into_gcloud set -x -if [[ ! -f ~/.ssh/id_rsa.pub ]]; then - ssh-keygen -q -N "" -f ~/.ssh/id_rsa -fi +generate_ssh_key export PATH=$PATH:$(go env GOPATH)/bin