revi-archive/llvm-premerge-checks
1
0
Fork 0
Code Activity
llvm-premerge-checks/kubernetes/storage_create.sh
Christian Kühnel d7996865de added scripts to set up cloud storage
2019-12-18 18:30:43 +01:00

54 lines
2 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
#!/bin/bash
# Copyright 2019 Google LLC
#
# Licensed under the the Apache License v2.0 with LLVM Exceptions (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://llvm.org/LICENSE.txt
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#-------------------------------------------------------------------------------
# set up Google Cloud Storage for the build results
set -eux
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
ROOT_DIR="$(dirname ${DIR})"
# get config options
source "${ROOT_DIR}/k8s_config"
# create a bucket
gsutil mb --retention 90d gs://${GCS_BUCKET}
# put a dummy file there so we can set the path ACLs
echo "hello world" | gsutil cp - gs://${GCS_BUCKET}/results/hello.txt
# make results folder world-readable, now files are accessable via
# https://storage.googleapis.com/llvm-premerge-checks/results/
gsutil iam ch allUsers:objectViewer gs://${GCS_BUCKET}
gsutil acl ch -u AllUsers:R gs://${GCS_BUCKET}/results/*
AGENT_SERVICE_ACCOUNT="build-agent-results"
KEY_FILE="${AGENT_SERVICE_ACCOUNT}_key.json"
# create service account and key
gcloud iam service-accounts create ${AGENT_SERVICE_ACCOUNT} \
--description "account for build agent to upload build results"
gcloud iam service-accounts keys create ${KEY_FILE} \
--iam-account "${AGENT_SERVICE_ACCOUNT}@${GCP_PROJECT}.iam.gserviceaccount.com"
# upload the key to the kubernetes secret storage
kubectl create secret generic "${AGENT_SERVICE_ACCOUNT}" \
--from-file ${KEY_FILE}
# give write permissions to service account
gsutil acl ch \
-u "${AGENT_SERVICE_ACCOUNT}@${GCP_PROJECT}.iam.gserviceaccount.com":WRITER \
gs://${GCS_BUCKET}
View git blame Copy permalink