cloudbuild.yaml

# In this directory, run the following command to build this builder.
# $ gcloud container builds submit . --config=cloudbuild.yaml

substitutions:

    _SERVICE_ACCOUNT_FILENAME_GS: 'scb-secure/Static-Cloud-Builders-a9fee80ea6d5.enc'
    _SERVICE_ACCOUNT_FILENAME_ENC: 'google_service_account-Static-Cloud-Builders.enc'
    _SERVICE_ACCOUNT_FILENAME: 'google_service_account-Static-Cloud-Builders.json'
    
    _SERVICE_ACCOUNT_KEY_LOCATION: 'global'
    _SERVICE_ACCOUNT_KEYRING: 'my-keyring'
    _SERVICE_ACCOUNT_KEY: 'cloud-build-service-account'

steps:

- name: 'gcr.io/cloud-builders/gsutil'
  args: ['cp', 'gs://${_SERVICE_ACCOUNT_FILENAME_GS}', '${_SERVICE_ACCOUNT_FILENAME_ENC}']

- name: 'gcr.io/cloud-builders/gcloud'
  args:
  - kms
  - decrypt
  - --ciphertext-file=${_SERVICE_ACCOUNT_FILENAME_ENC}
  - --plaintext-file=${_SERVICE_ACCOUNT_FILENAME}
  - --location=${_SERVICE_ACCOUNT_KEY_LOCATION}
  - --keyring=${_SERVICE_ACCOUNT_KEYRING}
  - --key=${_SERVICE_ACCOUNT_KEY}

- name: 'gcr.io/cloud-builders/docker'
  args:
  - 'build'
  - '--tag=gcr.io/${PROJECT_ID}/trigger-api-broker'
  #
  - '--file'
  - 'Dockerfile'
  - '.'
  # Arguments 
  #
  - '--build-arg'
  - 'service_account_file=${_SERVICE_ACCOUNT_FILENAME}'
  
# Cleanup files to ensure tests run using files only within containers
- name: 'gcr.io/cloud-builders/gcloud'
  entrypoint: 'bash'
  args:
  - '-c'
  - |
    rm -rf /workspace/*
  
# Test without argument (should attempt run but fail)
- name: 'gcr.io/$PROJECT_ID/trigger-api-broker'

# Test with argument to be build the scb hugo container (should run the build sucessfully)
- name: 'gcr.io/$PROJECT_ID/trigger-api-broker'
  args: ['e50d68ee-819b-41f7-842e-6fa6a6b632f1']

# Test with argument to set the default project & build the scb hugo container (should run the build sucessfully)
- name: 'gcr.io/$PROJECT_ID/trigger-api-broker'
  args: ['e50d68ee-819b-41f7-842e-6fa6a6b632f1','static-cloud-builders']

# Push the image
images: ['gcr.io/${PROJECT_ID}/trigger-api-broker']