blob: c6c1064174223e5e60b1f1763004c12efd53c01c [file] [log] [blame] [edit]
#!/usr/bin/env bash
# Copyright lowRISC contributors.
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0
#
##########################################################
#
# Script to automate site deployment tasks to Gcloud
#
# You will require authentication to perform Gcloud actions
# against the project id's specified.
# If you have been granted appropriate permissions, you can
# authenticate locally by running `gcloud auth login`, and
# after that the commands here should execute as-intended.
#
##########################################################
set -e
# Get the project directory from the location of this script
this_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
proj_root=$( realpath "${this_dir}/../.." )
build_dir="${proj_root}/build-site"
declare PROJECT # Gcloud project
declare INSTANCE_GROUP # Gcloud compute instance group
# docs.opentitan.org
DOCS_OPENTITAN_ORG_ID=active-premise-257318
# opentitan.org
OPENTITAN_ORG_ID=gold-hybrid-255313
################
# DEPENDENCIES #
################
# Check for gcloud-sdk
if ! command -v gcloud >/dev/null; then
echo "E: gcloud not found." >&2
echo "E: See instructions at https://cloud.google.com/sdk/docs/install, or:" >&2
echo "E: $ nix shell nixpkgs#google-cloud-sdk" >&2
exit 1
fi
# Check for podman
if ! command -v podman >/dev/null; then
echo "E: podman not found." >&2
echo "E: See instructions at https://podman.io/getting-started/installation" >&2
exit 1
fi
#################
# CONFIGURATION #
#################
############
# BUILDING #
############
deploy_redirector () {
# site/redirector/landing
# "Build and deploy a new container image which is used to spawn Gcloud instances that handle redirects"
#
# Note that it can take a while for the instance group to catch up with the update, and then up to twelve hours for the CDN cache to expire.
# If you need to do a faster push: wait until the rolling restart is complete and manually invalidate the CDN.
#
PROJECT="${OPENTITAN_ORG_ID}"
INSTANCE_GROUP=opentitan-dot-org-redirector
gcloud config set project ${PROJECT}
gcloud builds submit --tag "gcr.io/${PROJECT}/redirector_v2" "${proj_root}/site/redirector/landing"
gcloud compute instance-groups managed rolling-action replace --max-surge=3 --region=us-central1 "${INSTANCE_GROUP}"
}
deploy_docs_redirector () {
# site/redirector/docs
# Redirector but for the DOCS_OPENTITAN_ORG_ID project
PROJECT="${DOCS_OPENTITAN_ORG_ID}"
INSTANCE_GROUP=docs-redirector
gcloud config set project ${PROJECT}
gcloud builds submit --tag "gcr.io/${PROJECT}/redirector_v2" "${proj_root}/site/redirector/docs"
gcloud compute instance-groups managed rolling-action replace --max-surge=3 --region=us-central1 "${INSTANCE_GROUP}"
}
deploy_site_builder () {
# util/site/site-builder
# "Build and deploy a new container image which is used by a Gcloud 'Cloud Build' job to automatically rebuild the site upon PRs being merged."
PROJECT="${OPENTITAN_ORG_ID}"
gcloud config set project ${PROJECT}
# Build the image locally using podman for speed
tag="gcr.io/${PROJECT}/builder" # https://cloud.google.com/container-registry/docs/pushing-and-pulling#tag
pushd ${proj_root}
podman build -t "${tag}" -f "${proj_root}/util/site/site-builder/builder.Dockerfile" .
popd
gcloud auth print-access-token | podman login -u oauth2accesstoken --password-stdin gcr.io && \
podman push "${tag}"
}
deploy_staging () {
# "Build the site for staging and deploy it to the staging bucket hosted at staging.opentitan.org"
PROJECT="${OPENTITAN_ORG_ID}"
rm -rf ${build_dir}
${proj_root}/util/site/build-docs.sh build-staging
remove_cruft
gcloud storage cp -R --gzip-in-flight-all ${build_dir}/* gs://${PROJECT}-staging
}
deploy_prod () {
# DO_NOT_USE
# "Build the site for production and deploy it to the production bucket hosted at opentitan.org"
PROJECT="${OPENTITAN_ORG_ID}"
rm -rf ${build_dir}
${proj_root}/util/site/build-docs.sh build
remove_cruft
gcloud storage cp -R --gzip-in-flight-all ${build_dir}/* gs://${PROJECT}-prod
}
# Remove additional files from build directory that we don't need
# TODO remove this when we are ready for .mdbookignore (https://github.com/rust-lang/mdBook/pull/1908)
remove_cruft () { rm -rf ${build_dir}/book/.git ${build_dir}/book/.github ${build_dir}/book/build-site ${build_dir}/book/site ; }
#######
# CLI #
#######
case "$1" in
"redirector") deploy_redirector ;;
"redirector-docs") deploy_docs_redirector ;;
"site-builder") deploy_site_builder ;;
"staging") deploy_staging ;;
"prod") deploy_prod ;; # DO NOT USE
"help"|*)
echo "USAGE: $0 <command>"
echo ""
echo "commands:"
echo " help prints this message."
echo " site-builder build and deploy the site-builder container image"
echo " staging build and deploy the site to staging.opentitan.org"
echo " redirector build and deploy the redirector instances for production"
echo " redirector-docs build and deploy the redirector instances for docs.opentitan.org"
exit 0
;;
esac