splitting the docker push out to cloud build while we sort out permissions

2026-03-13 23:51:16 -07:00 · 2025-07-01 14:34:40 -05:00
parent 478410b8cd
commit 6fe4ccf1ba
3 changed files with 51 additions and 6 deletions
--- a/.gcp/release-docker.yaml
+++ b/.gcp/release-docker.yaml
@@ -0,0 +1,36 @@
+steps:
+  # Step 1: Install root dependencies (includes workspaces)
+  - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder'
+    id: 'Install Dependencies'
+    entrypoint: 'npm'
+    args: ['install']
+
+  # Step 4: Authenticate for Docker (so we can push images to the artifact registry)
+  - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder'
+    id: 'Authenticate docker'
+    entrypoint: 'npm'
+    args: ['run', 'auth']
+
+  # Step 5: Build workspace packages
+  - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder'
+    id: 'Build packages'
+    entrypoint: 'npm'
+    args: ['run', 'build:packages']
+
+  # Step 6: Build sandbox container image
+  - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder'
+    id: 'Build sandbox Docker image'
+    entrypoint: 'npm'
+    args: ['run', 'build:sandbox:fast']
+
+  # Step 7: Publish sandbox container image
+  - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder'
+    id: 'Publish sandbox Docker image'
+    entrypoint: 'npm'
+    args: ['run', 'publish:sandbox']
+    env:
+      - 'GEMINI_SANDBOX_IMAGE_TAG=$SHORT_SHA'
+
+options:
+  defaultLogsBucketBehavior: REGIONAL_USER_OWNED_BUCKET
+  dynamicSubstitutions: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -58,11 +58,11 @@ jobs:
          workload_identity_provider: 'projects/48735766119/locations/global/workloadIdentityPools/github/providers/github-actions-provider'
          service_account: 'gh-actions-service-account@gemini-code-dev.iam.gserviceaccount.com'

-      - name: Configure Docker
-        run: gcloud auth configure-docker us-west1-docker.pkg.dev
+      # - name: Configure Docker
+      #   run: gcloud auth configure-docker us-west1-docker.pkg.dev

-      - name: Login to Artifact Registry
-        run: docker login -u oauth2accesstoken -p "$(gcloud auth print-access-token)" https://us-west1-docker.pkg.dev
+      # - name: Login to Artifact Registry
+      #   run: docker login -u oauth2accesstoken -p "$(gcloud auth print-access-token)" https://us-west1-docker.pkg.dev

      - name: Set Release Version and Tag
        id: version
--- a/scripts/publish-sandbox.js
+++ b/scripts/publish-sandbox.js
@@ -19,7 +19,11 @@

 import { execSync } from 'child_process';

-const { npm_package_config_sandboxImageUri, DOCKER_DRY_RUN } = process.env;
+const {
+  npm_package_config_sandboxImageUri,
+  DOCKER_DRY_RUN,
+  GEMINI_SANDBOX_IMAGE_TAG,
+} = process.env;

 if (!npm_package_config_sandboxImageUri) {
  console.error(
@@ -28,7 +32,12 @@ if (!npm_package_config_sandboxImageUri) {
  process.exit(1);
 }

-const imageUri = npm_package_config_sandboxImageUri;
+let imageUri = npm_package_config_sandboxImageUri;
+
+if (GEMINI_SANDBOX_IMAGE_TAG) {
+  const [baseUri] = imageUri.split(':');
+  imageUri = `${baseUri}:${GEMINI_SANDBOX_IMAGE_TAG}`;
+}

 if (DOCKER_DRY_RUN) {
  console.log(`DRY RUN: Would execute: docker push "${imageUri}"`);