diff options
| author | Seth Vargo <[email protected]> | 2025-08-12 22:12:28 -0400 |
|---|---|---|
| committer | GitHub <[email protected]> | 2025-08-13 02:12:28 +0000 |
| commit | 9912577a2b425e3f1f5eb16a3ae3b9da0e49466d (patch) | |
| tree | 850437d5b894f6af1840780a7ee7a077910cc095 /.gcp/release-docker.yaml | |
| parent | 431a312d4d4d8686e1009eef3c9a02032ccfd356 (diff) | |
chore(ci): Ensure docs-gen workflow are not vulnerable to injection attacks (#6100)
Diffstat (limited to '.gcp/release-docker.yaml')
| -rw-r--r-- | .gcp/release-docker.yaml | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/.gcp/release-docker.yaml b/.gcp/release-docker.yaml deleted file mode 100644 index 59220b8d..00000000 --- a/.gcp/release-docker.yaml +++ /dev/null @@ -1,75 +0,0 @@ -steps: - # Step 1: Install root dependencies (includes workspaces) - - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' - id: 'Install Dependencies' - entrypoint: 'npm' - args: ['install'] - - # Step 2: Authenticate for Docker (so we can push images to the artifact registry) - - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' - id: 'Authenticate docker' - entrypoint: 'npm' - args: ['run', 'auth'] - - # Step 3: Build workspace packages - - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' - id: 'Build packages' - entrypoint: 'npm' - args: ['run', 'build:packages'] - - # Step 4: Determine Docker Image Tag - - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' - id: 'Determine Docker Image Tag' - entrypoint: 'bash' - args: - - -c - - | - SHELL_TAG_NAME="$TAG_NAME" - FINAL_TAG="$SHORT_SHA" # Default to SHA - if [[ "$$SHELL_TAG_NAME" == *"-nightly"* ]]; then - echo "Nightly release detected." - FINAL_TAG="$${SHELL_TAG_NAME#v}" - # Also escape the variable in the regex match - elif [[ "$$SHELL_TAG_NAME" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Official release detected." - FINAL_TAG="$${SHELL_TAG_NAME#v}" - else - echo "Development/RC release detected. Using commit SHA as tag." - fi - echo "Determined image tag: $$FINAL_TAG" - echo "$$FINAL_TAG" > /workspace/image_tag.txt - - # Step 5: Build sandbox container image - - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' - id: 'Build sandbox Docker image' - entrypoint: 'bash' - args: - - -c - - | - export GEMINI_SANDBOX_IMAGE_TAG=$$(cat /workspace/image_tag.txt) - echo "Using Docker image tag for build: $$GEMINI_SANDBOX_IMAGE_TAG" - npm run build:sandbox -- --output-file /workspace/final_image_uri.txt - env: - - 'GEMINI_SANDBOX=$_CONTAINER_TOOL' - - # Step 8: Publish sandbox container image - - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' - id: 'Publish sandbox Docker image' - entrypoint: 'bash' - args: - - -c - - | - set -e - FINAL_IMAGE_URI=$$(cat /workspace/final_image_uri.txt) - - echo "Pushing sandbox image: $${FINAL_IMAGE_URI}" - $_CONTAINER_TOOL push "$${FINAL_IMAGE_URI}" - env: - - 'GEMINI_SANDBOX=$_CONTAINER_TOOL' - -options: - defaultLogsBucketBehavior: REGIONAL_USER_OWNED_BUCKET - dynamicSubstitutions: true - -substitutions: - _CONTAINER_TOOL: 'docker' |