Switch to esp full version script (#1191)

Co-authored-by: Ashley Davies <[email protected]>

.github/workflows/terraform.yml

@@ -49,12 +49,6 @@ jobs:
           service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_ID }}
           token_format: access_token
 
-      - uses: docker/login-action@v3
-        with:
-          username: oauth2accesstoken
-          password: ${{ steps.setup-cloud.outputs.access_token }}
-          registry: europe-west1-docker.pkg.dev
-
       - uses: ./.github/actions/setup-gradle
         if: ${{ github.ref == 'refs/heads/main' }}
 

terraform/modules.tf

@@ -19,10 +19,8 @@ module "cloud-run-build" {
 module "cloud-run-endpoint" {
   source             = "./modules/google/cloud-run-endpoint"
   config_id          = module.cloud-run-endpoint.config_id
-  container_image    = "${var.project_region}-docker.pkg.dev/${var.project_id}/endpoints-release/endpoints-runtime-serverless:${var.esp_tag}-${var.service_name}-${module.cloud-run-endpoint.config_id}"
+  container_image    = "${var.project_region}-docker.pkg.dev/${var.project_id}/endpoints-release/endpoints-runtime-serverless:latest"
   endpoint_name      = "playground.ashdavies.dev"
-  esp_tag            = var.esp_tag
-  gcloud_build_image = var.gcloud_build_image
   image_repository   = "${var.project_region}-docker.pkg.dev/${var.project_id}/endpoints-release"
   location           = var.project_region
   openapi_config     = local.openapi_config

terraform/modules/google/cloud-run-build/main.tf

@@ -1,7 +1,3 @@
-data "docker_registry_image" "main" {
-  name = var.docker_image
-}
-
 resource "google_cloud_run_service" "main" {
   name                       = var.service_name
   location                   = var.location
@@ -10,7 +6,7 @@ resource "google_cloud_run_service" "main" {
   template {
     spec {
       containers {
-        image = "${data.docker_registry_image.main.name}@${data.docker_registry_image.main.sha256_digest}"
+        image = "${var.docker_image}:latest"
       }
     }
   }
@@ -19,6 +15,4 @@ resource "google_cloud_run_service" "main" {
     latest_revision = var.latest_revision
     percent         = var.percent
   }
-
-  depends_on = [data.docker_registry_image.main]
 }

terraform/modules/google/cloud-run-build/outputs.tf

@@ -1,8 +1,3 @@
-output "sha256_digest" {
-  description = "The sha256 digest of the image."
-  value       = data.docker_registry_image.main.sha256_digest
-}
-
 output "url" {
   description = <<EOT
   Holds the url that will distribute traffic over the provided traffic targets. It generally has
@@ -11,11 +6,6 @@ output "url" {
   value       = google_cloud_run_service.main.status[0].url
 }
 
-output "debug_docker" {
-  description = "data.docker_registry_image.main"
-  value       = data.docker_registry_image.main
-}
-
 output "debug_cloud_run" {
   description = "data.google_cloud_run_service"
   value       = google_cloud_run_service.main

terraform/modules/google/cloud-run-endpoint/main.tf

@@ -1,22 +1,27 @@
+
+data "external" "esp_version" {
+  program = ["bash", "${path.module}/scripts/esp_full_version", "${var.esp_version}"]
+}
+
 resource "null_resource" "main" {
   provisioner "local-exec" {
     command = <<EOS
-    bash ${var.gcloud_build_image} \
+    bash ${path.module}/scripts/gcloud_build_image \
       -g ${var.image_repository} \
       -s ${var.endpoint_name} \
       -c ${var.config_id} \
       -p ${var.project} \
-      -v ${var.esp_tag}
+      -v ${var.esp_version}
     EOS
   }
 
   triggers = {
-    config_id = var.config_id
+    config_id   = google_endpoints_service.main.config_id
+    esp_version = data.external.esp_version.result.esp_full_version
   }
 }
 
 resource "google_cloud_run_service" "main" {
-  depends_on = [null_resource.main]
   name       = var.service_name
   location   = var.location
   project    = var.project
@@ -28,6 +33,17 @@ resource "google_cloud_run_service" "main" {
       }
     }
   }
+
+  traffic {
+    percent         = 100
+    latest_revision = true
+  }
+
+  autogenerate_revision_name = true
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
 
 resource "google_endpoints_service" "main" {

terraform/modules/google/cloud-run-endpoint/scripts/esp_full_version

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Get the full tag of latest ESP image for use in terraform.
+# This is required as the gcloud_build_image script tags its built image with
+# the version number.
+# Optional argument ./esp_full_version <ESP_TAG>
+# which is equivalent to setting the -v flag of gcloud_build_image.
+
+set -e
+
+BASE_IMAGE_NAME="gcr.io/endpoints-release/endpoints-runtime-serverless"
+
+function error_exit() {
+  # ${BASH_SOURCE[1]} is the file name of the caller.
+  echo "${BASH_SOURCE[1]}: line ${BASH_LINENO[0]}: ${1:-Unknown Error.} (exit ${2:-1})" 1>&2
+  exit ${2:-1}
+}
+
+# Use 1st command line arg as ESP_TAG, default to "2" as in gcloud_build_image
+ESP_TAG=${1:-"2"}
+
+ALL_TAGS=$(gcloud container images list-tags "${BASE_IMAGE_NAME}" \
+    --filter="tags~^${ESP_TAG}$" \
+    --format="value(tags)")
+IFS=',' read -ra TAGS_ARRAY <<< "${ALL_TAGS}"
+
+if [ ${#TAGS_ARRAY[@]} -eq 0 ]; then
+error_exit "Did not find ESP version: ${ESP_TAG}"
+fi;
+
+# Find the tag with the longest length.
+ESP_FULL_VERSION=""
+for tag in "${TAGS_ARRAY[@]}"; do
+    if [ ${#tag} -gt ${#ESP_FULL_VERSION} ]; then
+    ESP_FULL_VERSION=${tag}
+    fi
+done
+
+# Produce JSON object containing esp_full_version
+cat <<END
+{"esp_full_version": "${ESP_FULL_VERSION}"}
+END

terraform/gcloud_build_image → terraform/modules/google/cloud-run-endpoint/scripts/gcloud_build_image

@@ -1,4 +1,8 @@
 #!/bin/bash
+
+# Script obtained from:
+# https://github.com/GoogleCloudPlatform/esp-v2/blob/master/docker/serverless/gcloud_build_image
+
 # Copyright 2019 Google LLC
 
 # This script will download the service config and build it into
@@ -92,7 +96,7 @@ if [ -z "${ESP_FULL_VERSION}" ]; then
 fi
 echo "Building image for ESP version: ${ESP_FULL_VERSION}"
 
-tempdir="$(mktemp -d /tmp/docker.XXXX)"
+tempdir="$(mktemp -d /tmp/docker.XXXXXX)"
 cd "${tempdir}"
 
 # Be careful about exposing the access token.
@@ -124,4 +128,4 @@ gcloud builds submit --tag "${NEW_IMAGE}" . --project="${PROJECT}"
 # Delete the temporary directory we created earlier.
 # Move back to the previous directory with an echo.
 rm -r "${PWD}"
-cd ~-
+cd ~-

terraform/modules/google/cloud-run-endpoint/variables.tf

@@ -14,12 +14,10 @@ variable "endpoint_name" {
   description = ""
 }
 
-variable "esp_tag" {
+variable "esp_version" {
+  type        = string
   description = "ESPv2 version"
-}
-
-variable "gcloud_build_image" {
-  description = "GCloud build image script"
+  default     = "2.40.0"
 }
 
 variable "image_repository" {

terraform/providers.tf

@@ -1,21 +1,10 @@
-data "google_client_config" "default" {
-}
-
 data "google_service_account_access_token" "default" {
   scopes                 = ["userinfo-email", "cloud-platform"]
   target_service_account = module.github-service-account.email
   provider               = google.impersonated
   lifetime               = "1200s"
 }
 
-provider "docker" {
-  registry_auth {
-    password = data.google_client_config.default.access_token
-    address  = "${var.project_region}-docker.pkg.dev"
-    username = "oauth2accesstoken"
-  }
-}
-
 provider "github" {
   token  = var.gh_token
   owner  = var.gh_owner

terraform/variables.tf

@@ -1,14 +1,3 @@
-# variable.esp_tag is deprecated
-variable "esp_tag" {
-  description = "ESPv2 version"
-  default     = "2.40.0"
-}
-
-variable "gcloud_build_image" {
-  description = "GCloud build image script"
-  default     = "./gcloud_build_image"
-}
-
 variable "gh_owner" {
   description = "Username of the GitHub repository owner"
   default     = "ashdavies"

terraform/versions.tf

@@ -1,10 +1,5 @@
 terraform {
   required_providers {
-    docker = {
-      source = "kreuzwerker/docker"
-      version = "3.0.2"
-    }
-
     github = {
       source  = "integrations/github"
       version = "6.3.0"