build: migrate to using google_default_credentials and update setup-rbe script (#33109)

PR Close #33109
This commit is contained in:
Joey Perrott 2019-10-11 10:56:06 -07:00 committed by Matias Niemelä
parent 2ea52b0cb9
commit 37a87418b6
2 changed files with 59 additions and 52 deletions

View File

@ -71,6 +71,8 @@ test --test_output=errors
# any bazel target. This is a temporary flag until codebase is permanently switched to Ivy.
build --define=compile=legacy
build --google_default_credentials
#######################
# Remote HTTP Caching #
#######################

View File

@ -2,69 +2,74 @@
# A script for automatically configuring a user's local dev
# environment to use Remote Build Execution.
# Short cuts to set output as bold and normal
bold=$(tput bold)
normal=$(tput sgr0)
# Determine the root directory of the Angular github repo.
project_directory=$(git rev-parse --show-toplevel 2> /dev/null);
project_directory=$(git rev-parse --show-toplevel 2> /dev/null)
if [[ $? -ne 0 ]]; then
echo "This command must be run from within the cloned \"angular/angular\" repository.";
exit 1;
echo "This command must be run from within the cloned \"angular/angular\" repository"
exit 1
fi
# Confirm gcloud installed and available as a command.
if [ ! -x "$(command -v gcloud)" ]; then
echo "gcloud command is not available. Please install gcloud before continuing.";
exit 1;
echo "gcloud command is not available. Please install gcloud before continuing"
echo "Please visit: https://cloud.google.com/sdk/install"
exit 1
fi
# Confirm the parameter provided to the script is a directory
if [[ ! -d $1 ]]; then
echo -e "Invalid command syntax.
\e[1mUsage:\e[0m $0 <ServiceAccountKeyLocation>
\e[1mExample:\e[0m ./setup-rbe ~/my_key_storage_directory/
The directory provided will be used to store the GCP service account key
for the angular-local-dev service account. This key will then be used to
authenticate for usage of the Remote Build Execution system and Remote Caching.
";
exit 1;
fi
credentials_directory=$(readlink -f $1)
if [[ ! -d $credentials_directory ]]; then
echo "The specified directory does not exist. Please create the directory and rerun.";
exit 1;
fi
# Create the service account key in the provided directory.
echo "Checking provided directory for a service account key.";
json_key_filepath="$credentials_directory/angular-local-dev-key.json";
if [[ -f $json_key_filepath ]]; then
echo "Angular Local Dev key already exists, reusing this key.";
else
# Confirm the user is already logged into gcloud, if they aren't
# attempt to login
echo "Checking gcloud login state.";
gcloud auth print-identity-token &> /dev/null;
echo "Checking gcloud login state"
gcloud auth application-default print-access-token &> /dev/null
if [[ $? -ne 0 ]]; then
echo "Not currently logged into gcloud. Starting gcloud login now.";
gcloud auth login;
echo "Not currently logged into gcloud. Starting gcloud login now"
gcloud auth application-default login
if [[ $? -ne 0 ]]; then
echo "gcloud login failed. Aborting.";
exit 2;
echo "gcloud login failed. Aborting"
exit 2
fi
fi
gcloud iam service-accounts keys create $json_key_filepath \
--iam-account angular-local-dev@internal-200822.iam.gserviceaccount.com \
--quiet --project internal-200822;
if [[ $? -ne 0 ]]; then
echo "Downloading service account key failed. Aborting.";
exit 2;
fi
access_token=$(gcloud auth application-default print-access-token)
current_account=$(curl -s https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$access_token | jq -r '.email')
if [[ ! $current_account =~ (angular\.io$)|(google\.com$) ]]; then
echo "Currently an angular.io or google.com account must be used for remote Bazel usage"
echo "Please login instead using the correct account with the following command, then rerun"
echo " gcloud auth application-default login"
exit 3
fi
echo "Logged in as $current_account";
# The full path to the .bazelrc.user file
bazelrc_user_filepath="$project_directory/.bazelrc.user";
bazelrc_user_filepath="$project_directory/.bazelrc.user"
# Create the bazelrc.user file, echo the config flags into the file.
touch $bazelrc_user_filepath;
echo "build --config=remote-http-caching" >> $bazelrc_user_filepath;
echo "build --google_credentials=$json_key_filepath" >> $bazelrc_user_filepath;
touch $bazelrc_user_filepath
# Prompts to add a flag to the .bazelrc.user file if its not already in place
function add_flag() {
flag=$1
read -p " Add $flag flag? [Y/y]"
if [[ $REPLY =~ ^[Yy]$ ]]; then
if [[ ! $(grep "^$flag$" $bazelrc_user_filepath) ]]; then
echo "$flag" >> $bazelrc_user_filepath
echo "Added $flag to .bazelrc.user"
else
echo "$flag already in .bazelrc.user"
fi
fi
echo
}
# Add extra line space before config setup.
echo
# Remote HTTP Caching
echo "The ${bold}remote-http-caching${normal} flag enables uploading build results to the http cache,"
echo "but not does enable remote builds"
add_flag "build --config=remote-http-caching"
# Remote builds
echo "The ${bold}remote${normal} flag enables RBE, builds occurs remotely when possible and caching"
echo "occurs in the RBE context"
add_flag "build --config=remote"