build: allow release jobs to run on new cluster

googleapis · Oct 28, 2024 · f39575e · f39575e
1 parent 8165b50
commit f39575e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 9 deletions.
diff --git a/.kokoro/populate-secrets.sh b/.kokoro/populate-secrets.sh
@@ -19,6 +19,11 @@ function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n' ;}
 function msg { println "$*" >&2 ;}
 function println { printf '%s\n' "$(now) $*" ;}
 
+# Override to declare the GCP project that holds the secrets to fetch
+if [[ -z "${SECRET_MANAGER_PROJECT_ID}" ]]; then
+  msg "SECRET_MANAGER_PROJECT_ID is not set in environment variables, using default"
+  SECRET_MANAGER_PROJECT_ID="cloud-devrel-kokoro-resources"
+fi
 
 # Populates requested secrets set in SECRET_MANAGER_KEYS from service account:
 # kokoro-trampoline@cloud-devrel-kokoro-resources.iam.gserviceaccount.com
@@ -32,7 +37,7 @@ do
     --volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR} \
     gcr.io/google.com/cloudsdktool/cloud-sdk \
     secrets versions access latest \
-    --project cloud-devrel-kokoro-resources \
+    --project "${SECRET_MANAGER_PROJECT_ID}" \
     --secret ${key} > \
     "${SECRET_LOCATION}/${key}"
   if [[ $? == 0 ]]; then

diff --git a/.kokoro/release/common.cfg b/.kokoro/release/common.cfg
@@ -7,20 +7,17 @@ action {
   }
 }
 
-# Download trampoline resources.
-gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
-
 # Use the trampoline script to run in docker.
 build_file: "python-test-utils/.kokoro/trampoline.sh"
 
 # Configure the docker image for kokoro-trampoline.
 env_vars: {
-    key: "TRAMPOLINE_IMAGE"
-    value: "gcr.io/cloud-devrel-kokoro-resources/python-multi"
+  key: "TRAMPOLINE_IMAGE"
+  value: "us-central1-docker.pkg.dev/cloud-sdk-release-custom-pool/release-images/python-multi"
 }
 env_vars: {
-    key: "TRAMPOLINE_BUILD_FILE"
-    value: "github/python-test-utils/.kokoro/release.sh"
+  key: "TRAMPOLINE_BUILD_FILE"
+  value: "github/python-test-utils/.kokoro/release.sh"
 }
 
 # Fetch PyPI password
@@ -38,6 +35,10 @@ env_vars: {
   key: "SECRET_MANAGER_KEYS"
   value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
 }
+env_vars: {
+  key: "SECRET_MANAGER_PROJECT_ID"
+  value: "cloud-sdk-release-custom-pool"
+}
 
 # Store the packages we uploaded to PyPI.  That way, we have a record of exactly
 # what we published, which we can use to generate SBOMs and attestations.

diff --git a/.kokoro/trampoline.sh b/.kokoro/trampoline.sh
@@ -25,4 +25,4 @@ function cleanup() {
 trap cleanup EXIT
 
 $(dirname $0)/populate-secrets.sh # Secret Manager secrets.
-python3 "${KOKORO_GFILE_DIR}/trampoline_v1.py"
+python3 "$(dirname $0)/trampoline_v2.py"