-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathcloudbuild.yaml
More file actions
97 lines (80 loc) · 3.68 KB
/
cloudbuild.yaml
File metadata and controls
97 lines (80 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
options:
logging: CLOUD_LOGGING_ONLY
steps:
# --- Evaluation Step ---
- name: 'us-central1-docker.pkg.dev/cloud-db-nl2sql/evalbench/eval_server:latest'
entrypoint: 'bash'
# Decrypts the secret from Secret Manager into the DB_PASSWORD environment variable
secretEnv: ['DB_PASSWORD', 'GITHUB_TOKEN']
args:
- '-c'
- |
set -e
# Only run on release branches
if [[ "$_HEAD_BRANCH" != release-please-* ]]; then
echo "Not a release-please branch. Exiting."
exit 0
fi
echo "Release branch detected. Fetching PR data from GitHub API..."
# Fetch PR data and status code
HTTP_STATUS=$(curl -s -o pr_data.json -w "%{http_code}" -H "Authorization: token $$GITHUB_TOKEN" \
"https://api.github.com/repos/$REPO_FULL_NAME/pulls/$_PR_NUMBER")
if [ "$$HTTP_STATUS" -ne 200 ]; then
echo "Error fetching PR data: HTTP $$HTTP_STATUS"
cat pr_data.json
exit 1
fi
PR_DATA=$(cat pr_data.json)
# Extract labels and title from PR data (Use $$ to escape bash variables)
PR_LABELS=$(echo "$$PR_DATA" | jq -r '[.labels[].name] | join(",")')
PR_TITLE=$(echo "$$PR_DATA" | jq -r '.title')
# Determine Release Version (Use double quotes and $$ for bash variables)
if [[ "$$PR_LABELS" == *"autorelease: triggered"* ]]; then
if [[ "$$PR_TITLE" =~ release\ ([0-9]+\.[0-9]+\.[0-9]+) ]]; then
export RELEASE_VERSION="$${BASH_REMATCH[1]}"
else
export RELEASE_VERSION="unknown"
fi
else
export RELEASE_VERSION="unknown"
fi
# Workaround for evalbench bug: settings are only applied if path basename matches extension ID
ln -s /workspace /workspace/cloud-sql-postgresql
cd /evalbench
export EVAL_GCP_PROJECT_ID=$PROJECT_ID
export EVAL_GCP_PROJECT_REGION=$_CLOUD_SQL_REGION
export GOOGLE_CLOUD_PROJECT=$PROJECT_ID
export CLOUD_SQL_POSTGRES_PROJECT=$PROJECT_ID
export CLOUD_SQL_POSTGRES_INSTANCE=$_CLOUD_SQL_INSTANCE
export CLOUD_SQL_POSTGRES_REGION=$_CLOUD_SQL_REGION
export CLOUD_SQL_POSTGRES_DATABASE=$_CLOUD_SQL_DATABASE
export CLOUD_SQL_POSTGRES_USER=$_CLOUD_SQL_USER
export CLOUD_SQL_POSTGRES_IP_TYPE=$_CLOUD_SQL_IP_TYPE
# Maps the decrypted DB_PASSWORD to the exact variable expected by gemini_cli and extension skills
export CLOUD_SQL_POSTGRES_PASSWORD=$$DB_PASSWORD
# Substitute environment variables in model_config.yaml
python3 /workspace/evals/substitute_env.py
cd /evalbench
export PYTHONPATH=./evalbench:./evalbench/evalproto
export PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python
echo "Launching Standalone Evaluation..."
python3 evalbench/evalbench.py --experiment_config=/workspace/evals/run_config.yaml
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/daily-ci-evals-db-password/versions/latest
env: 'DB_PASSWORD'
- versionName: projects/$PROJECT_ID/secrets/GITHUB_TOKEN/versions/latest
env: 'GITHUB_TOKEN'