Replace python cloudbuilds w/ gcloud + static config files

.gcloudignore

@@ -0,0 +1,10 @@
+.webassets-cache/
+*.sqlite3
+**/static/style.css
+postgres-data/
+tmp-certs/
+.terraform/
+.git/
+.DS_Store
+*.pyc
+.vscode/

.github/workflows/cloudbuild.yml

@@ -0,0 +1,44 @@
+name: Cloud Build
+
+on:
+  workflow_call:
+    inputs:
+      command:
+        description: "The justfile + Cloud build-related recipe to run"
+        required: true
+        type: string
+    outputs:
+      image:
+        description: "GCR image produced by the command where applicable"
+        value: ${{ jobs.run_cloudbuild_command.outputs.image }}
+
+jobs:
+  run_cloudbuild_command:
+    name: Submit Build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
+    outputs:
+      image: ${{ steps.cloudbuild-command.outputs.image }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup just
+        uses: extractions/setup-just@v1
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v0
+        with:
+          workload_identity_provider: "projects/567739286055/locations/global/workloadIdentityPools/los-verdes-digital-membership/providers/los-verdes-digital-membership"
+          service_account: "[email protected]"
+          access_token_scopes: "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/sqlservice.admin"
+          token_format: access_token
+          access_token_lifetime: 1800s
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v0
+
+      - name: Build
+        run: just ${{ inputs.command }}

.github/workflows/deploy.yml

@@ -16,18 +16,18 @@ jobs:
     permissions:
       contents: "read"
       id-token: "write"
-    uses: los-verdes/digital-membership/.github/workflows/flask_command.yml@main
+    uses: los-verdes/digital-membership/.github/workflows/cloudbuild.yml@main
     with:
-      command: build-worker-image
+      command: cloudbuild-image-worker
 
   build-website-image:
     name: Build Website Image
     permissions:
       contents: "read"
       id-token: "write"
-    uses: los-verdes/digital-membership/.github/workflows/flask_command.yml@main
+    uses: los-verdes/digital-membership/.github/workflows/cloudbuild.yml@main
     with:
-      command: build-website-image
+      command: cloudbuild-image-website
 
   deploy-infra-and-services:
     name: Deploy Infrastructure & Services
@@ -102,10 +102,10 @@ jobs:
     permissions:
       contents: "read"
       id-token: "write"
-    uses: los-verdes/digital-membership/.github/workflows/flask_command.yml@main
+    uses: los-verdes/digital-membership/.github/workflows/cloudbuild.yml@main
     with:
       # TODO: add a CloudFlare cache purge somewhere 'round here....
-      command: upload-statics
+      command: cloudbuild-upload-statics
 
   apply-database-config:
     name: Apply Database Configuration

.gitignore

@@ -5,3 +5,4 @@ postgres-data/
 .srl
 tmp-certs/
 member_card/static/style.css
+.terraform/

cloudbuild-statics.yaml

@@ -0,0 +1,18 @@
+substitutions:
+  _IMAGE_TAG: "n/a"
+  _BUCKET_ID: "statics-gcs-bucket"
+
+steps:
+  - name: "gcr.io/$PROJECT_ID/website:${_IMAGE_TAG}"
+    entrypoint: "flask"
+    args:
+      - assets
+      - build
+
+  - name: "gcr.io/cloud-builders/gsutil"
+    args:
+      - "-m"
+      - "cp"
+      - "-r"
+      - "member_card/static/*"
+      - f"gs://${_BUCKET_ID}/static/"

cloudbuild.yaml

@@ -0,0 +1,30 @@
+substitutions:
+  _IMAGE_TAG: "n/a"
+  _BUILD_TARGET: website
+
+steps:
+  # Download image to cache from
+  - name: "gcr.io/cloud-builders/docker"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - "docker pull gcr.io/$PROJECT_ID/worker:latest || exit 0"
+
+  # Docker Build
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      - "build"
+      - "--cache-from=gcr.io/$PROJECT_ID/${_BUILD_TARGET}:latest"
+      - "--target=${_BUILD_TARGET}"
+      - "--tag=gcr.io/$PROJECT_ID/${_BUILD_TARGET}:${_IMAGE_TAG}"
+      - "."
+
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      - "tag"
+      - "gcr.io/$PROJECT_ID/${_BUILD_TARGET}:${_IMAGE_TAG}"
+      - "gcr.io/$PROJECT_ID/${_BUILD_TARGET}:latest"
+
+images:
+  - "gcr.io/$PROJECT_ID/${_BUILD_TARGET}:${_IMAGE_TAG}"
+  - "gcr.io/$PROJECT_ID/${_BUILD_TARGET}:latest"

justfile

@@ -120,17 +120,41 @@ build-worker:
 
 build: build-website build-worker
 
-build-website-image: ci-install-python-reqs
-  just flask build-image website
+cloudbuild CONFIG_FILE *SUBSTITUTIONS="":
+  #!/bin/bash
+
+  logfile=$(mktemp /tmp/local_config_apply.XXXXXXXXXX) || { echo "Failed to create temp file"; exit 1; }
+
+  gcloud builds submit {{ justfile_directory() }} \
+    --format='json' \
+    --config="{{ CONFIG_FILE }}" \
+    --suppress-logs \
+    --substitutions='_IMAGE_TAG={{ image_tag }}{{ if SUBSTITUTIONS != "" { "," + SUBSTITUTIONS } else { "" } }}' \
+  | tee "$logfile"
+
+  echo
+  echo "BUILD RESULTS:"
+  jq -r '.' "$logfile"
+  echo
+
+  IMAGE="$(jq -r '.images[0]' "$logfile")"
+  if [[ -n "$IMAGE" ]]
+  then
+    echo "::set-output name=image::{build_result.images[0]}"
+  fi
 
-build-worker-image: ci-install-python-reqs
-  just flask build-image worker
+cloudbuild-image-website:
+  just cloudbuild 'cloudbuild.yaml' '_BUILD_TARGET=website'
 
-build-base-image: ci-install-python-reqs
-  just flask build-image base
+cloudbuild-image-worker:
+  just cloudbuild 'cloudbuild.yaml' '_BUILD_TARGET=worker'
+
+cloudbuild-upload-statics _BUCKET_ID='cstatic.losverd.es':
+  just cloudbuild 'cloudbuild-statics.yaml' '_BUCKET_ID={{ _BUCKET_ID }}'
 
 run-worker: build-worker
   docker run -it --rm '{{ worker_image_name }}:{{ image_tag }}'
+
 shell-worker: build-worker
   docker run -it --rm --entrypoint='' '{{ worker_image_name }}:{{ image_tag }}'  bash
 
@@ -139,9 +163,6 @@ shell-website: build-website
 
 shell: shell-website
 
-upload-statics: ci-install-python-reqs
-  just flask upload-statics
-
 push: build
   echo "Pushing website image..."
   docker tag '{{ website_image_name }}:{{ image_tag }}' '{{ website_gcr_image_name }}:{{ image_tag }}'
@@ -155,8 +176,6 @@ push: build
   docker push '{{ worker_gcr_image_name }}:{{ image_tag }}'
   docker push '{{ worker_gcr_image_name }}:latest'
 
-  echo "Uploading statics..."
-  just flask upload-statics
 
 set-tf-output-output output_name:
   output_value="$(just tf output -raw {{ output_name }})"
@@ -191,7 +210,6 @@ apply-migrations: ci-install-python-reqs
   just flask db upgrade
   echo 'Any outstanding migrations have now been applied! :D'
 
-
 sync-subscriptions: ci-install-python-reqs
   @echo "DIGITAL_MEMBERSHIP_DB_DATABASE_NAME: $DIGITAL_MEMBERSHIP_DB_DATABASE_NAME"
   @echo "DIGITAL_MEMBERSHIP_DB_USERNAME: $DIGITAL_MEMBERSHIP_DB_USERNAME"

member_card/app.py

@@ -676,23 +676,6 @@ def force_assets_bundle_build():
     utils.force_assets_bundle_build(app)
 
 
-@app.cli.command("upload-statics")
-def upload_statics():
-    from member_card.cloudbuild import create_upload_statics_build
-
-    utils.force_assets_bundle_build(app)
-    create_upload_statics_build()
-
-
-@app.cli.command("build-image")
-@click.argument("image_name")
-def build_image(image_name):
-    from member_card.cloudbuild import create_docker_image_build
-
-    build_result = create_docker_image_build(image_name=image_name)
-    print(f"::set-output name=image::{build_result.images[0]}")
-
-
 @app.cli.command("insert-google-pass-class")
 def insert_google_pass_class():
     from member_card import gpay

requirements.in

@@ -11,7 +11,6 @@ flask-cdn
 flask-login
 flask-security
 google-auth
-google-cloud-build
 google-cloud-firestore
 google-cloud-logging
 google-cloud-pubsub