Release 0.3.0

### Features

* Add --env flag to cbuild (1d85a36)
* Update release image to node v18 (7fb4a33)

### Bug Fixes

* Bump to latest version of bazelisk (82441c3)
* Consolidate bazel/ dir into third_party/ dir (7c703d2)
* Ensure appropriate ownership of modified files (950324f)
* fix local docker run command (587a556)
* Improve shell string quoting (53e5940)
* Invoke bash via /usr/bin/env (c098fff)
* Propagate SKIP env var into pre-commit container (cf5a5b5)

Change-Id: If491a47ab716a2d405bc785309ed9b7ca1f1184e
GitOrigin-RevId: 18b921c12a74ae4a44b3cc14e106032e1be31160

BUILD

@@ -33,7 +33,7 @@ config_setting(
 )
 
 string_flag(
-    name = "parameters",
+    name = "instance",
     build_setting_default = "aws",
     values = [
         "aws",
@@ -42,17 +42,17 @@ string_flag(
 )
 
 config_setting(
-    name = "aws_parameters",
+    name = "aws_instance",
     flag_values = {
-        ":parameters": "aws",
+        ":instance": "aws",
     },
     visibility = ["//visibility:private"],
 )
 
 config_setting(
-    name = "local_parameters",
+    name = "local_instance",
     flag_values = {
-        ":parameters": "local",
+        ":instance": "local",
     },
     visibility = ["//visibility:private"],
 )

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [0.3.0](https://github.com/privacysandbox/fledge-key-value-service/compare/release-0.2.0...release-0.3.0) (2022-09-14)
+
+
+### Features
+
+* Add --env flag to cbuild (1d85a36)
+* Update release image to node v18 (7fb4a33)
+
+
+### Bug Fixes
+
+* Bump to latest version of bazelisk (82441c3)
+* Consolidate bazel/ dir into third_party/ dir (7c703d2)
+* Ensure appropriate ownership of modified files (950324f)
+* fix local docker run command (587a556)
+* Improve shell string quoting (53e5940)
+* Invoke bash via /usr/bin/env (c098fff)
+* Propagate SKIP env var into pre-commit container (cf5a5b5)
+
 ## [0.2.0](https://github.com/privacysandbox/fledge-key-value-service/compare/release-0.1.0...release-0.2.0) (2022-09-07)
 
 

WORKSPACE

@@ -113,10 +113,10 @@ load("@io_bazel_rules_docker//repositories:deps.bzl", docker_container_deps = "d
 
 docker_container_deps()
 
-load("//bazel:container_deps.bzl", "container_deps")
+load("//third_party:container_deps.bzl", "container_deps")
 
 container_deps()
 
-load("//bazel:cpp_repositories.bzl", "cpp_repositories")
+load("//third_party:cpp_repositories.bzl", "cpp_repositories")
 
 cpp_repositories()

builders/install_golang_apps

@@ -54,7 +54,7 @@ if [[ ${VERBOSE} -eq 1 ]]; then
 fi
 
 function install_bazelisk() {
-  go install github.com/bazelbuild/bazelisk@v1.12.2
+  go install github.com/bazelbuild/bazelisk@v1.13.2
   BAZELISK="$(go env GOPATH)"/bin/bazelisk
   if [[ -n ${BAZEL_PATH} ]] && [[ -d ${BAZEL_PATH} ]]; then
     ln -s ${BAZELISK} ${BAZEL_PATH}/bazel

builders/release/Dockerfile

@@ -15,12 +15,14 @@
 # build command:
 # `tar --create --dereference --gzip --directory=builders/release . | docker build - --tag privacysandbox/builders/release:release_image`
 
-FROM gcr.io/cloud-builders/npm:node-14.10.1
-
+FROM node:18.9.0-alpine3.16
 
 COPY install_release_apps /scripts/
 COPY gitconfig /etc
 
 RUN  \
+  chmod 644 /etc/gitconfig && \
   /scripts/install_release_apps && \
   rm -rf /scripts
+
+ENTRYPOINT "/bin/sh"

builders/release/install_release_apps

@@ -1,13 +1,6 @@
-#!/bin/bash
+#!/bin/sh
 
 npm install --global commit-and-tag-version
 
 # Install the GitHub CLI tool (https://cli.github.com/)
-apt-get update
-apt-get install apt-transport-https
-mkdir -p /etc/apt/keyrings
-curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/etc/apt/keyrings/githubcli-archive-keyring.gpg
-echo 'deb [arch=amd64 signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main' | tee /etc/apt/sources.list.d/github-cli.list
-chmod 644 /etc/apt/keyrings/githubcli-archive-keyring.gpg /etc/apt/sources.list.d/github-cli.list
-apt-get update
-apt-get install gh
+apk add github-cli

builders/tools/cbuild

@@ -21,26 +21,35 @@ declare -r -A IMAGE_LIST=(
   [build-amazonlinux2]="privacysandbox/builders/build-amazonlinux2:bazel_build_image"
 )
 
+declare -a ENV_VARS
+ENV_VARS+=(
+  "AWS_ACCESS_KEY_ID"
+  "AWS_SECRET_ACCESS_KEY"
+  "BAZEL_EXTRA_ARGS"
+  "BAZEL_STARTUP_ARGS"
+)
+
 usage() {
   local exitval=${1-1}
   cat &>/dev/stderr << USAGE
 usage:
   $0 <options>
     --cmd                      Command(s) to execute within the docker container, via \`bash -c\`
     --image                    Image name for the build runtime. Valid names:
-    --without-shared-cache     Use a container-local cache
-    --without-embedded-docker  Enable docker client within container
 USAGE
 
   for elem in "${!IMAGE_LIST[@]}"
   do
     if [[ ${IMAGE} == "${elem}" ]]; then
       local EXTRA=" (default)"
     fi
-    printf "                    *  %s%s\n" "${elem}" "${EXTRA}" &>/dev/stderr
+    printf "                                   *  %s%s\n" "${elem}" "${EXTRA}" &>/dev/stderr
   done
 
   cat &>/dev/stderr << USAGE
+    --env <key>[=<value>]      Name of exported environment variable, or name=value
+    --without-shared-cache     Containers will not mount ${HOME}/.cache/bazel
+    --without-embedded-docker  Enable docker client within container
 
 environment variables (all optional):
     WORKSPACE                    Set the path to the workspace (repo root)
@@ -63,6 +72,11 @@ while [[ $# -gt 0 ]]; do
       shift
       shift
       ;;
+    --env)
+      ENV_VARS+=("$2")
+      shift
+      shift
+      ;;
     --image)
       IMAGE="$2"
       shift
@@ -113,15 +127,10 @@ DOCKER_RUN_ARGS+=(
   "--rm"
   "--entrypoint=/bin/bash"
   "--volume ${WORKSPACE}:/src/workspace"
+  "--volume /dev/shm:/dev/shm"
   "--workdir /src/workspace"
 )
 
-if [[ -n ${AWS_ACCESS_KEY_ID} ]]; then
-  DOCKER_RUN_ARGS+=(
-    "--env AWS_ACCESS_KEY_ID"
-    "--env AWS_SECRET_ACCESS_KEY"
-  )
-fi
 if [[ ${WITH_SHARED_CACHE} -eq 1 ]]; then
   DOCKER_RUN_ARGS+=(
     "--volume ${HOME}/.cache/bazel:/root/.cache/bazel"
@@ -132,16 +141,12 @@ if [[ ${WITH_DOCKER_SOCK} -eq 1 ]]; then
     "--volume /var/run/docker.sock:/var/run/docker.sock"
   )
 fi
-if [[ -n ${BAZEL_EXTRA_ARGS} ]]; then
+for evar in "${ENV_VARS[@]}"
+do
   DOCKER_RUN_ARGS+=(
-    "--env BAZEL_EXTRA_ARGS"
+    "--env ${evar}"
   )
-fi
-if [[ -n ${BAZEL_STARTUP_ARGS} ]]; then
-  DOCKER_RUN_ARGS+=(
-    "--env BAZEL_STARTUP_ARGS"
-  )
-fi
+done
 if [[ -t 1 ]]; then
   # stdout is open, assume it's an interactive tty session
   DOCKER_RUN_ARGS+=(

components/cloud_config/BUILD

@@ -29,20 +29,20 @@ cc_library(
 cc_library(
     name = "instance_client",
     srcs = select({
-        "//:aws_parameters": ["aws_instance_client.cc"],
-        "//:local_parameters": ["local_instance_client.cc"],
+        "//:aws_instance": ["aws_instance_client.cc"],
+        "//:local_instance": ["local_instance_client.cc"],
     }),
     hdrs = [
         "instance_client.h",
     ],
     deps = select({
-        "//:aws_parameters": [
+        "//:aws_instance": [
             "@aws_sdk_cpp//:autoscaling",
             "@aws_sdk_cpp//:core",
             "@aws_sdk_cpp//:ec2",
             "//components/errors:aws_error_util",
         ],
-        "//:local_parameters": [
+        "//:local_instance": [
             "@com_google_absl//absl/flags:flag",
         ],
         "//conditions:default": [],

docs/developing_the_server.md

@@ -38,12 +38,20 @@ cp "$(bazel info bazel-bin)/external/com_github_grpc_grpc/test/cpp/util/grpc_cli
 For example:
 
 ```sh
-bazel run //components/data_server/server:server --//:parameters=local --//:platform=aws -- --environment="dev"
+bazel run //components/data_server/server:server --//:instance=local --//:platform=aws -- --environment="dev"
 ```
 
 > Attention: The server can run locally while specifying `aws` as platform, in which case it will
 > contact AWS based on the local AWS credentials. However, this requires the AWS environment to be
-> set up first following the [AWS deployment guide](/docs/deploying_on_aws.md).
+> set up first following the [AWS deployment guide](/docs/deploying_on_aws.md). You might need to
+> set up the following parameters in the AWS System Manager:
+>
+> | Parameter Name                 | Value                                                          |
+> | ------------------------------ | -------------------------------------------------------------- |
+> | kv-server-local-data-bucket-id | Name of the delta file S3 bucket                               |
+> | kv-server-local-bucket-sns-arn | ARN of the Simple Notification Service (SNS) for the S3 bucket |
+> | kv-server-local-launch-hook    | Any value, this won't be needed for                            |
+> | kv-server-local-mode           | "DSP" or "SSP"                                                 |
 
 We are currently developing this server for local testing and for use on AWS Nitro instances
 (similar to the
@@ -63,7 +71,7 @@ anticipate supporting additional cloud providers in the future.
     1. Build the target image
 
         ```sh
-        bazel build -c opt //production/packaging/aws/data_server:server_docker_image.tar --//:parameters=local --//:platform=aws
+        bazel build -c opt //production/packaging/aws/data_server:server_docker_image.tar --//:instance=local --//:platform=aws
         ```
 
     1. The image needs to be copied over to `dist/`. The actual directory may be different. It will
@@ -78,7 +86,7 @@ anticipate supporting additional cloud providers in the future.
     1. These commands can be combined into one:
 
         ```sh
-        ./builders/tools/cbuild 'bazel build -c opt //production/packaging/aws/data_server:server_docker_image.tar --//:parameters=local --//:platform=aws cp bazel-out/k8-opt-ST-4a519fd6d3e4/bin/production/packaging/aws/data_server/server_docker_image.tar dist/'
+        ./builders/tools/cbuild --image build-debian --env 'BAZEL_OUT_DIR=k8-opt-ST-4a519fd6d3e4' --cmd 'bazel build -c opt //production/packaging/aws/data_server:server_docker_image.tar --//:instance=local --//:platform=aws; cp bazel-out/${BAZEL_OUT_DIR}/bin/production/packaging/aws/data_server/server_docker_image.tar dist/'
         ```
 
 1. Load the image
@@ -175,7 +183,7 @@ Available conditions are:
 -   //:aws_platform
 -   //:local_platform
 
-Parameters can be configured separately to be read from specific platforms.
+Depending on which platform the server is being run on, you will want to specify the platform.
 
--   //:aws_parameters
--   //:local_parameters
+-   //:aws_instance
+-   //:local_instance

tools/git-hooks/pre-commit

@@ -1,8 +1,8 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 
-TOP_LEVEL_DIR=$(git rev-parse --show-toplevel)
+TOP_LEVEL_DIR="$(git rev-parse --show-toplevel)"
 GIT_HOOKS_DIR="${TOP_LEVEL_DIR}/$(git rev-parse --git-dir)/hooks"
-ARGS=(
+declare -a ARGS=(
   hook-impl
   "--hook-type=pre-commit"
   --hook-dir "${GIT_HOOKS_DIR}"

tools/pre-commit

@@ -16,6 +16,25 @@
 set -o pipefail
 set -o errexit
 
+trap _cleanup EXIT
+
+function _cleanup() {
+  docker run --rm \
+    --entrypoint=/bin/bash \
+    --volume "${WORKSPACE}:/src/workspace" \
+    --env SKIP \
+    --workdir /src/workspace \
+    ${IMAGE_TAGGED} \
+    -c $"
+# change file ownership back to user
+git ls-files . --modified | xargs --replace={} /bin/bash -c '{ chown $(id -u) {}; chgrp $(id -g) {};}'
+# clean up 'empty' node_modules dir created by prettier 2.x
+if [[ -d node_modules ]]; then
+  rmdir node_modules/.cache/prettier/ node_modules/.cache/ node_modules/
+fi
+"
+}
+
 function __exit_msg() {
   local MSG="$1"
   printf "%s. Exiting\n" "${MSG}" &>/dev/stderr
@@ -54,6 +73,7 @@ if [[ $# -gt 0 ]]; then
         --entrypoint=/usr/pre-commit-venv/bin/pre-commit \
         --volume "${WORKSPACE}:/src/workspace" \
         -v /var/run/docker.sock:/var/run/docker.sock \
+        --env SKIP \
         --workdir /src/workspace \
         ${IMAGE_TAGGED} \
         "${PRECOMMIT_CMD}" --config ./.pre-commit-config.yaml "$@"
@@ -65,6 +85,7 @@ if [[ $# -gt 0 ]]; then
           --entrypoint=/usr/pre-commit-venv/bin/pre-commit \
           --volume "${WORKSPACE}:/src/workspace" \
           -v /var/run/docker.sock:/var/run/docker.sock \
+          --env SKIP \
           --workdir /src/workspace \
           ${IMAGE_TAGGED} \
           "${PRECOMMIT_CMD}" --config ./.pre-commit-config.yaml --all-files "${HOOK}"
@@ -76,15 +97,8 @@ else
     --entrypoint=/usr/pre-commit-venv/bin/pre-commit \
     --volume "${WORKSPACE}:/src/workspace" \
     -v /var/run/docker.sock:/var/run/docker.sock \
+    --env SKIP \
     --workdir /src/workspace \
     ${IMAGE_TAGGED} \
     "${PRECOMMIT_CMD}" --config ./.pre-commit-config.yaml --all-files
 fi
-
-# clean up "empty" node_modules dir created by prettier 2.x
-docker run --rm \
-  --entrypoint=/bin/bash \
-  --volume "${WORKSPACE}:/src/workspace" \
-  --workdir /src/workspace \
-  ${IMAGE_TAGGED} \
-  -c "if [[ -d node_modules ]]; then rmdir node_modules/.cache/prettier/ node_modules/.cache/ node_modules/; fi"

version.txt

@@ -1 +1 @@
-0.2.0
+0.3.0