Google Git
Sign in
chromium / infra / infra.git / d6d347afd92a09a43345e549b733ccdde012f68c / . / build / images / base.yaml
blob: 1d35a025defbb54d15d2af7a7a1c5561a3513431 [file] [log] [blame]
name: base
# Mapping with pinned `(image, tag) => digest` resolutions.
#
# To add a new pin:
# $ cloudbuildhelper pins-add pins.yaml "<image>:<tag>""
#
# To update all pins:
# $ cloudbuildhelper pins-update pins.yaml
imagepins: pins.yaml
# Build using "linux" Cloud Build configuration by default.
cloudbuild:
builder: linux
infra:
# Set of infra services used when building images from workstations.
#
# 'dev' is used by cloudbuildhelper tool by default (e.g. when ran manually on
# a workstation without explicitly passing -infra flag).
#
# Images produced manually are tagged manually as well (i.e. the developer
# will have to pass -tag flag to cloudbuildhelper).
#
# Images built using this set of services are OK for local use and for dev
# clusters, but MUST NOT be deployed to clusters that have access to real
# user data.
dev:
storage: gs://chops-public-images-dev/dev
registry: gcr.io/chops-public-images-dev
cloudbuild:
linux:
project: chops-public-images-dev
executable: gcr.io/cloud-builders/docker:18.09.6
windows:
project: chops-public-images-dev
pool:
region: us-west1
id: chops-public-images-dev
executable: us-docker.pkg.dev/cloud-builders/preview/gke-windows-builder:20220120
timeout: "1800s"
pushes_explicitly: true
args: [
"--region", "us-west1",
"--zone", "us-west1-a",
"--machineType", "e2-standard-2",
"--serviceAccount", "windows-cloudbuild-vm@chops-public-images-dev.iam.gserviceaccount.com",
"--use-internal-ip",
"--network", "cloudbuild",
"--subnetwork", "cloudbuild",
"--workspace-bucket", "chops-public-images-dev-win-builder-tmp",
"--container-image-name", "${CBH_DOCKER_IMAGE}",
"--versions", "ltsc2019",
]
# Set of infra services used when building images on try builders.
#
# Canonical image tags are based on hash of inputs. Produces images are also
# tagged based on the CL number they were built from.
#
# Images built using this set of services are OK for local use and for dev
# clusters, but MUST NOT be deployed to clusters that have access to real
# user data.
try:
storage: gs://chops-public-images-dev/try
registry: gcr.io/chops-public-images-dev
cloudbuild:
linux:
project: chops-public-images-dev
executable: gcr.io/cloud-builders/docker:18.09.6
windows:
project: chops-public-images-dev
pool:
region: us-west1
id: chops-public-images-dev
executable: us-docker.pkg.dev/cloud-builders/preview/gke-windows-builder:20220120
timeout: "1800s"
pushes_explicitly: true
args: [
"--region", "us-west1",
"--zone", "us-west1-a",
"--machineType", "e2-standard-2",
"--serviceAccount", "windows-cloudbuild-vm@chops-public-images-dev.iam.gserviceaccount.com",
"--use-internal-ip",
"--network", "cloudbuild",
"--subnetwork", "cloudbuild",
"--workspace-bucket", "chops-public-images-dev-win-builder-tmp",
"--container-image-name", "${CBH_DOCKER_IMAGE}",
"--versions", "ltsc2019",
]
# Set of infra services used when building images on non-production CI
# builders.
#
# Canonical image tags are based on git commits they were built from.
#
# Images built using this set of services are OK for local use and for dev
# clusters, but MUST NOT be deployed to clusters that have access to real
# user data.
ci:
storage: gs://chops-public-images-dev/ci
registry: gcr.io/chops-public-images-dev
cloudbuild:
linux:
project: chops-public-images-dev
executable: gcr.io/cloud-builders/docker:18.09.6
windows:
project: chops-public-images-dev
pool:
region: us-west1
id: chops-public-images-dev
executable: us-docker.pkg.dev/cloud-builders/preview/gke-windows-builder:20220120
timeout: "1800s"
pushes_explicitly: true
args: [
"--region", "us-west1",
"--zone", "us-west1-a",
"--machineType", "e2-standard-2",
"--serviceAccount", "windows-cloudbuild-vm@chops-public-images-dev.iam.gserviceaccount.com",
"--use-internal-ip",
"--network", "cloudbuild",
"--subnetwork", "cloudbuild",
"--workspace-bucket", "chops-public-images-dev-win-builder-tmp",
"--container-image-name", "${CBH_DOCKER_IMAGE}",
"--versions", "ltsc2019",
]
# Set of infra services used when building release images on production
# release builders. Nominally only release builders have access to these
# services.
#
# Canonical image tags are based on git commits they were built from.
#
# Images built using this set of services can be used anywhere, including
# in production clusters.
prod:
storage: gs://chops-public-images-prod
registry: gcr.io/chops-public-images-prod
cloudbuild:
linux:
project: chops-public-images-prod
executable: gcr.io/cloud-builders/docker:18.09.6
windows:
project: chops-public-images-prod
pool:
region: us-west1
id: chops-public-images-prod
executable: us-docker.pkg.dev/cloud-builders/preview/gke-windows-builder:20220120
timeout: "1800s"
pushes_explicitly: true
args: [
"--region", "us-west1",
"--zone", "us-west1-a",
"--machineType", "e2-standard-2",
"--serviceAccount", "windows-cloudbuild-vm@chops-public-images-prod.iam.gserviceaccount.com",
"--use-internal-ip",
"--network", "cloudbuild",
"--subnetwork", "cloudbuild",
"--workspace-bucket", "chops-public-images-prod-win-builder-tmp",
"--container-image-name", "${CBH_DOCKER_IMAGE}",
"--versions", "ltsc2019",
]
notify:
# Roll the built production images into the repos with deployment configs.
# This YAML section is interpreted by images_builder.py recipe.
- kind: git
repo: https://chrome-internal.googlesource.com/infradata/k8s
script: scripts/roll_images.py
# For GAE Flex modules that uses "custom" runtime.
- kind: git
repo: https://chrome-internal.googlesource.com/infradata/gae
script: scripts/roll_images.py
# Rolling the images for Cloud Run
- kind: git
repo: https://chrome-internal.googlesource.com/infradata/cloud-run
script: scripts/roll_images.py