From 801f410fed3c342cb94b4fa707f3868de7af6546 Mon Sep 17 00:00:00 2001
From: Mark Mandel <markmandel@google.com>
Date: Fri, 10 Mar 2023 18:22:57 +0000
Subject: [PATCH] Fix LiquidBase Schema Migration. (#136)

* Fix LiquidBase Schema Migration.

* Removes Cloud Run Jobs, as things are far simpler without them.
* No longer need to push an image, since it can be utilised within the
  Cloud Build pipeline.
* Fixes permission issues in created image for copied files that were
  not able to read, since owned by root.
* Fixed pathing issue with changelog/changelog.yaml
* Cleaned up some API and IAM permissions we no longer need.

Ran through all the steps in README.md except the gameserver one, and
everything is working.

* * Review updates.
---
 .../files/spanner/liquibase.properties.tpl    |  8 ++--
 infrastructure/iam.tf                         |  1 -
 infrastructure/schema/Dockerfile              |  9 ++--
 infrastructure/schema/cloudbuild.yaml         | 45 ++++++-------------
 infrastructure/spanner.tf                     |  6 +--
 infrastructure/terraform.tfvars.sample        |  2 -
 platform/open-match/skaffold.yaml             |  2 +-
 7 files changed, 26 insertions(+), 47 deletions(-)

diff --git a/infrastructure/files/spanner/liquibase.properties.tpl b/infrastructure/files/spanner/liquibase.properties.tpl
index ca09dbe..15d00e8 100644
--- a/infrastructure/files/spanner/liquibase.properties.tpl
+++ b/infrastructure/files/spanner/liquibase.properties.tpl
@@ -12,8 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-changeLogFile: /liquibase/changelog.yaml
-url: jdbc:cloudspanner:/projects/${project_id}/instances/${instance_id}/databases/${database_id}
-logLevel: 0
-liquibase.hub.mode=off
+changelogFile:changelog/changelog.yaml
+url:jdbc:cloudspanner:/projects/${project_id}/instances/${instance_id}/databases/${database_id}
+logLevel:fine
+liquibase.hub.mode:off
 liquibase.includeSystemClasspath:true
diff --git a/infrastructure/iam.tf b/infrastructure/iam.tf
index 62258d4..cfee276 100644
--- a/infrastructure/iam.tf
+++ b/infrastructure/iam.tf
@@ -39,7 +39,6 @@ resource "google_project_iam_member" "cloudbuild-sa-cloudbuild-roles" {
     "roles/container.admin",
     "roles/storage.admin",
     "roles/iam.serviceAccountUser",
-    "roles/run.developer",
     "roles/spanner.databaseUser",
     "roles/gkehub.editor"
   ])
diff --git a/infrastructure/schema/Dockerfile b/infrastructure/schema/Dockerfile
index 3b09b4f..645c24a 100644
--- a/infrastructure/schema/Dockerfile
+++ b/infrastructure/schema/Dockerfile
@@ -13,8 +13,9 @@
 # limitations under the License.
 
 FROM liquibase/liquibase:4.17
-COPY liquibase.properties /liquibase/liquibase.properties
-COPY changelog.yaml /liquibase/changelog.yaml
-COPY lib/liquibase-spanner-*.jar /liquibase/lib/.
 
-CMD ["liquibase", "update", "--defaultsFile=/liquibase/liquibase.properties"]
+COPY --chown=liquibase:liquibase liquibase.properties /liquibase/liquibase.properties
+COPY --chown=liquibase:liquibase changelog.yaml /liquibase/changelog/changelog.yaml
+COPY --chown=liquibase:liquibase lib/liquibase-spanner-*.jar /liquibase/lib/.
+
+CMD ["liquibase", "--defaults-file", "/liquibase/liquibase.properties", "update"]
diff --git a/infrastructure/schema/cloudbuild.yaml b/infrastructure/schema/cloudbuild.yaml
index f358f7e..ead075b 100644
--- a/infrastructure/schema/cloudbuild.yaml
+++ b/infrastructure/schema/cloudbuild.yaml
@@ -15,46 +15,27 @@
 serviceAccount: projects/${PROJECT_ID}/serviceAccounts/cloudbuild-cicd@${PROJECT_ID}.iam.gserviceaccount.com
 steps:
 
-#
-# Building of schema image
-#
+  #
+  # Building of schema image
+  #
 
   - name: gcr.io/cloud-builders/docker
     id: schema image build
-    args: ["build", ".", "-t", "${_SCHEMA_IMAGE}"]
+    args: [ "build", ".", "-t", "${_SCHEMA_IMAGE}" ]
 
-  - name: gcr.io/cloud-builders/docker
-    id: schema image push
-    args: ["push", "${_SCHEMA_IMAGE}"]
-
-#
-# Create schema job
-#
-  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk:slim"
-    id: schema migrate create
-    entrypoint: gcloud
-    args: ["beta", "run", "jobs", "create",  "${_RUN_JOB}",
-           "--image", "${_SCHEMA_IMAGE}", "--region", "${_REGION}"]
+  #
+  # Running migration
+  #
 
-#
-# Running schema migration
-#
-  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk:slim"
+  - name: "${_SCHEMA_IMAGE}"
     id: schema migrate execute
-    entrypoint: gcloud
-    args: ["beta", "run", "jobs", "execute",  "${_RUN_JOB}",
-           "--region", "${_REGION}", "--wait"]
-
-# artifacts:
-#   images:
-#     - ${_REGISTRY}/schema
+    dir: /liquibase
 substitutions:
-  _SCHEMA_IMAGE: ${_REGISTRY}/schema:${BUILD_ID}
-  _RUN_JOB: migrate-database-${BUILD_ID}
+  _SCHEMA_IMAGE: ${_REGISTRY}/schema-migration:${BUILD_ID}
   _REGISTRY: us-docker.pkg.dev/${PROJECT_ID}/global-game-images
-  _REGION: us-central1
-
+artifacts:
+  images:
+    - ${_SCHEMA_IMAGE}
 options:
   dynamic_substitutions: true
-  machineType: E2_HIGHCPU_8
   logging: CLOUD_LOGGING_ONLY
diff --git a/infrastructure/spanner.tf b/infrastructure/spanner.tf
index c932498..e6aa85d 100644
--- a/infrastructure/spanner.tf
+++ b/infrastructure/spanner.tf
@@ -59,9 +59,9 @@ resource "google_project_iam_member" "spanner-sa" {
 resource "local_file" "liquibase-properties" {
   content = templatefile(
     "${path.module}/files/spanner/liquibase.properties.tpl", {
-      project_id    = var.project
-      instance_id   = google_spanner_instance.global-game-spanner.name
-      database_id   = google_spanner_database.spanner-database.name
+      project_id  = var.project
+      instance_id = google_spanner_instance.global-game-spanner.name
+      database_id = google_spanner_database.spanner-database.name
   })
   filename = "${path.module}/${var.schema_directory}/liquibase.properties"
 }
diff --git a/infrastructure/terraform.tfvars.sample b/infrastructure/terraform.tfvars.sample
index 51f56bb..d0b7fd0 100644
--- a/infrastructure/terraform.tfvars.sample
+++ b/infrastructure/terraform.tfvars.sample
@@ -92,10 +92,8 @@ gcp_project_services = [
   "secretmanager.googleapis.com",
   "servicenetworking.googleapis.com",
   "servicecontrol.googleapis.com",
-  "run.googleapis.com",
   "orgpolicy.googleapis.com",
   "redis.googleapis.com",
-  "run.googleapis.com",
   "iap.googleapis.com"
 ]
 
diff --git a/platform/open-match/skaffold.yaml b/platform/open-match/skaffold.yaml
index e9092bc..4e8f6f5 100644
--- a/platform/open-match/skaffold.yaml
+++ b/platform/open-match/skaffold.yaml
@@ -20,4 +20,4 @@ deploy:
       - "./base"
     buildArgs: ["--enable-helm"]
     flags:
-      apply: ['--server-side'] # Avoid the "Too long: must have at most 262144 bytes" problem
+      apply: ['--server-side', '--force-conflicts'] # Avoid the "Too long: must have at most 262144 bytes" problem