build: migrate to using google_default_credentials and update setup-rbe script (#33109)
PR Close #33109
This commit is contained in:
parent
2ea52b0cb9
commit
37a87418b6
2
.bazelrc
2
.bazelrc
|
@ -71,6 +71,8 @@ test --test_output=errors
|
|||
# any bazel target. This is a temporary flag until codebase is permanently switched to Ivy.
|
||||
build --define=compile=legacy
|
||||
|
||||
build --google_default_credentials
|
||||
|
||||
#######################
|
||||
# Remote HTTP Caching #
|
||||
#######################
|
||||
|
|
|
@ -2,69 +2,74 @@
|
|||
# A script for automatically configuring a user's local dev
|
||||
# environment to use Remote Build Execution.
|
||||
|
||||
# Short cuts to set output as bold and normal
|
||||
bold=$(tput bold)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
# Determine the root directory of the Angular github repo.
|
||||
project_directory=$(git rev-parse --show-toplevel 2> /dev/null);
|
||||
project_directory=$(git rev-parse --show-toplevel 2> /dev/null)
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "This command must be run from within the cloned \"angular/angular\" repository.";
|
||||
exit 1;
|
||||
echo "This command must be run from within the cloned \"angular/angular\" repository"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Confirm gcloud installed and available as a command.
|
||||
if [ ! -x "$(command -v gcloud)" ]; then
|
||||
echo "gcloud command is not available. Please install gcloud before continuing.";
|
||||
exit 1;
|
||||
echo "gcloud command is not available. Please install gcloud before continuing"
|
||||
echo "Please visit: https://cloud.google.com/sdk/install"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Confirm the parameter provided to the script is a directory
|
||||
if [[ ! -d $1 ]]; then
|
||||
echo -e "Invalid command syntax.
|
||||
|
||||
\e[1mUsage:\e[0m $0 <ServiceAccountKeyLocation>
|
||||
|
||||
\e[1mExample:\e[0m ./setup-rbe ~/my_key_storage_directory/
|
||||
|
||||
The directory provided will be used to store the GCP service account key
|
||||
for the angular-local-dev service account. This key will then be used to
|
||||
authenticate for usage of the Remote Build Execution system and Remote Caching.
|
||||
";
|
||||
exit 1;
|
||||
fi
|
||||
credentials_directory=$(readlink -f $1)
|
||||
if [[ ! -d $credentials_directory ]]; then
|
||||
echo "The specified directory does not exist. Please create the directory and rerun.";
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
# Create the service account key in the provided directory.
|
||||
echo "Checking provided directory for a service account key.";
|
||||
json_key_filepath="$credentials_directory/angular-local-dev-key.json";
|
||||
if [[ -f $json_key_filepath ]]; then
|
||||
echo "Angular Local Dev key already exists, reusing this key.";
|
||||
else
|
||||
# Confirm the user is already logged into gcloud, if they aren't
|
||||
# attempt to login
|
||||
echo "Checking gcloud login state.";
|
||||
gcloud auth print-identity-token &> /dev/null;
|
||||
# Confirm the user is already logged into gcloud, if they aren't
|
||||
# attempt to login
|
||||
echo "Checking gcloud login state"
|
||||
gcloud auth application-default print-access-token &> /dev/null
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Not currently logged into gcloud. Starting gcloud login now"
|
||||
gcloud auth application-default login
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Not currently logged into gcloud. Starting gcloud login now.";
|
||||
gcloud auth login;
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "gcloud login failed. Aborting.";
|
||||
exit 2;
|
||||
fi
|
||||
fi
|
||||
gcloud iam service-accounts keys create $json_key_filepath \
|
||||
--iam-account angular-local-dev@internal-200822.iam.gserviceaccount.com \
|
||||
--quiet --project internal-200822;
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Downloading service account key failed. Aborting.";
|
||||
exit 2;
|
||||
echo "gcloud login failed. Aborting"
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
access_token=$(gcloud auth application-default print-access-token)
|
||||
current_account=$(curl -s https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$access_token | jq -r '.email')
|
||||
if [[ ! $current_account =~ (angular\.io$)|(google\.com$) ]]; then
|
||||
echo "Currently an angular.io or google.com account must be used for remote Bazel usage"
|
||||
echo "Please login instead using the correct account with the following command, then rerun"
|
||||
echo " gcloud auth application-default login"
|
||||
exit 3
|
||||
fi
|
||||
echo "Logged in as $current_account";
|
||||
|
||||
# The full path to the .bazelrc.user file
|
||||
bazelrc_user_filepath="$project_directory/.bazelrc.user";
|
||||
bazelrc_user_filepath="$project_directory/.bazelrc.user"
|
||||
# Create the bazelrc.user file, echo the config flags into the file.
|
||||
touch $bazelrc_user_filepath;
|
||||
echo "build --config=remote-http-caching" >> $bazelrc_user_filepath;
|
||||
echo "build --google_credentials=$json_key_filepath" >> $bazelrc_user_filepath;
|
||||
touch $bazelrc_user_filepath
|
||||
|
||||
# Prompts to add a flag to the .bazelrc.user file if its not already in place
|
||||
function add_flag() {
|
||||
flag=$1
|
||||
read -p " Add $flag flag? [Y/y]"
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||
if [[ ! $(grep "^$flag$" $bazelrc_user_filepath) ]]; then
|
||||
echo "$flag" >> $bazelrc_user_filepath
|
||||
echo "Added $flag to .bazelrc.user"
|
||||
else
|
||||
echo "$flag already in .bazelrc.user"
|
||||
fi
|
||||
fi
|
||||
echo
|
||||
}
|
||||
|
||||
# Add extra line space before config setup.
|
||||
echo
|
||||
# Remote HTTP Caching
|
||||
echo "The ${bold}remote-http-caching${normal} flag enables uploading build results to the http cache,"
|
||||
echo "but not does enable remote builds"
|
||||
add_flag "build --config=remote-http-caching"
|
||||
|
||||
# Remote builds
|
||||
echo "The ${bold}remote${normal} flag enables RBE, builds occurs remotely when possible and caching"
|
||||
echo "occurs in the RBE context"
|
||||
add_flag "build --config=remote"
|
||||
|
|
Loading…
Reference in New Issue