blinkbitcoin · k9ert · May 26, 2025 · May 27, 2025 · May 28, 2025 · May 28, 2025
diff --git a/ci/gcp.lib.yml b/ci/gcp.lib.yml
@@ -65,6 +65,7 @@ plan:
   - { get: repo }
   - { get: pipeline-tasks }
   - { get: gcp-testflight-uid }
+  - { get: bootstrap-tf-state }
 - task: bootstrap
   attempts: 4
   config:
@@ -77,9 +78,15 @@ plan:
       path: modules
     - name: gcp-testflight-uid
       path: testflight-uid
+    - name: bootstrap-tf-state
+      path: bootstrap-tf-state
     params: #@ gcp_testflight_task_params()
     run:
       path: pipeline-tasks/ci/tasks/gcp/bootstrap.sh
+- put: bootstrap-tf-state
+  params:
+    repository: bootstrap-tf-state
+    rebase: true
 #@ end
 
 #@ def gcp_testflight_inception_job():
@@ -247,6 +254,7 @@ plan:
     passed:
     - #@ testflight_smoketest_job_name("gcp")
     - #@ testflight_cleanup_postgresql_job_name("gcp")
+  - { get: bootstrap-tf-state }
 - task: teardown
   config:
     platform: linux
@@ -258,6 +266,8 @@ plan:
       path: modules
     - name: gcp-testflight-uid
       path: testflight-uid
+    - name: bootstrap-tf-state
+      path: bootstrap-tf-state
     outputs:
     - name: repo
     params: #@ gcp_testflight_task_params()
@@ -266,6 +276,7 @@ plan:
 - in_parallel:
   - { put: gcp-testflight-lock, params: { release: gcp-testflight-lock }}
   - { put: gcp-testflight-uid, params: { bump: patch } }
+  - { put: bootstrap-tf-state, params: { repository: bootstrap-tf-state, rebase: true } }
 #@ end
 
 #@ def gcp_testflight_cleanup_postgresql_job():
@@ -418,6 +429,16 @@ source:
   private_key: #@ data.values.github_private_key
 #@ end
 
+#@ def bootstrap_tf_state_resource():
+name: bootstrap-tf-state
+type: git
+source:
+  paths: [tf-state/bootstrap]
+  uri: #@ data.values.git_uri
+  branch: #@ data.values.git_bootstrap_tf_state_branch
+  private_key: #@ data.values.github_private_key
+#@ end
+
 #@ def gcp_testflight_lock_resource():
 name: gcp-testflight-lock
 type: pool
@@ -448,4 +469,5 @@ source:
 - #@ pipeline_image_def_resource()
 - #@ gcp_testflight_uid_resource()
 - #@ gcp_testflight_lock_resource()
+- #@ bootstrap_tf_state_resource()
 #@ end
diff --git a/ci/tasks/gcp/teardown.sh b/ci/tasks/gcp/teardown.sh
@@ -2,46 +2,62 @@
 
 set -eu
 
+echo "    --> source pipeline-tasks/ci/tasks/helpers.sh"
 source pipeline-tasks/ci/tasks/helpers.sh
 
 pushd repo/examples/gcp
 
+echo "    --> update_examples_git_ref"
 update_examples_git_ref
 
+echo "    --> init_gcloud"
 init_gcloud
+echo "    --> init_kubeconfig"
 init_kubeconfig
+echo "    --> init_bootstrap_gcp"
 init_bootstrap_gcp
 
+echo "    --> write_users"
 write_users
 
+echo "    --> bin/prep-inception.sh"
 bin/prep-inception.sh
+echo "    --> bin/prep-platform.sh"
 bin/prep-platform.sh
 
 bastion_name="$(cd inception && tofu output bastion_name | jq -r)"
 bastion_zone="$(cd inception && tofu output bastion_zone | jq -r)"
 export BASTION_USER="sa_$(cat ${CI_ROOT}/gcloud-creds.json  | jq -r '.client_id')"
 export ADDITIONAL_SSH_OPTS="-o StrictHostKeyChecking=no -i ${CI_ROOT}/login.ssh"
 
+echo "    --> bin/prep-smoketest.sh"
 bin/prep-smoketest.sh
 
+echo "    --> make destroy-smoketest on bastion ${bastion_name}"
 gcloud compute ssh --ssh-key-file=${CI_ROOT}/login.ssh ${bastion_name} --zone=${bastion_zone} -- "cd repo/examples/gcp; export GOOGLE_APPLICATION_CREDENTIALS=\$(pwd)/gcloud-creds.json; echo yes | make destroy-smoketest"
 
+echo "    --> make destroy-platform"
 echo yes | make destroy-platform
 
+echo "    --> delete servicenetworking-googleapis-com peering"
 set +e
 gcloud compute networks peerings delete servicenetworking-googleapis-com --network ${TF_VAR_name_prefix}-vpc --quiet
 set -e
 
 # Sometimes a resource deletion fails if a dependent resource is still being deleted
 success=0
 for i in {1..5}; do
-  echo "Attempt $i to destroy inception"
+  echo "    --> Attempt $i to destroy inception"
   echo yes | GOOGLE_CREDENTIALS=$(cat inception-sa-creds.json) make destroy-inception && success=1 && break
   sleep 10
 done
 
 if [ $success -eq 1 ]; then
+  echo "    --> destroy-bootstrap"
   echo yes | TF_VAR_tf_state_bucket_force_destroy=true make destroy-bootstrap
+  echo "    --> Deleting local state file"
+  # Delete the local state file after successful bootstrap destruction
+  rm -f ../../../../bootstrap-tf-state/bootstrap.tfstate
 else
   exit 1
 fi
diff --git a/ci/tasks/helpers.sh b/ci/tasks/helpers.sh
@@ -40,26 +40,8 @@ function init_bootstrap_gcp() {
   pushd bootstrap
   cat <<EOF > override.tf
 terraform {
-  backend "kubernetes" {
-    secret_suffix = "testflight-gcp"
-    namespace     = "concourse-tf"
-    config_path   = "/root/.kube/config"
-  }
-}
-EOF
-
-  tofu init
-  popd
-}
-
-function init_bootstrap_azure() {
-  pushd bootstrap
-  cat <<EOF > override.tf
-terraform {
-  backend "kubernetes" {
-    secret_suffix = "testflight-azure"
-    namespace     = "concourse-tf"
-    config_path   = "/root/.kube/config"
+  backend "local" {
+    path = "../../../../bootstrap-tf-state/bootstrap.tfstate"
   }
 }
 EOF

diff --git a/ci/values.yml b/ci/values.yml
@@ -3,6 +3,7 @@
 git_uri: [email protected]:blinkbitcoin/blink-infra.git
 git_branch: kn/initial_after_fork
 git_version_branch: testflight-name-prefix-uid-branch
+git_bootstrap_tf_state_branch: bootstrap-tf-state
 github_private_key: ((github-blinkbitcoin.private_key))
 
 deployments_git_uri: [email protected]:blinkbitcoin/blink-deployments.git
@@ -29,6 +30,6 @@ testflight_gcp_creds: ((testflight-gcp-creds.creds_json))
 #! testflight_azure_subscription_id: ((testflight-azure-creds.subscription_id))
 #! testflight_azure_admins: ((testflight-azure-admins.users_json))
 
-testflight_admins: ((testflight-admins.users_json))
+testflight_admins: []
 testflight_ssh_private_key: ((testflight-ssh.ssh_private_key))
 testflight_ssh_pub_key: ((testflight-ssh.ssh_public_key))
diff --git a/dev/bump_version.sh b/dev/bump_version.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+
+TEMP_DIR=$(mktemp -d)
+trap "echo '    --> removing $TEMP_DIR' && rm -rf $TEMP_DIR" EXIT
+
+echo "    --> Cloning blink-infra version branch into $TEMP_DIR"
+git clone --depth 3 --single-branch --branch testflight-name-prefix-uid-branch --no-tags [email protected]:blinkbitcoin/blink-infra.git "$TEMP_DIR/blink-infra-special-branch"
+
+cd "$TEMP_DIR/blink-infra-special-branch"
+
+echo "    --> Bumping versiont"
+# Read current version
+CURRENT_VERSION=$(< version/version)
+
+# Extract major, minor, patch using parameter expansion
+IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
+
+# Bump the patch version
+NEW_PATCH=$((PATCH + 1))
+
+# Create new version string
+NEW_VERSION="$MAJOR.$MINOR.$NEW_PATCH"
+
+# Write new version back to file
+echo "$NEW_VERSION" > version/version
+
+echo "    --> Committing and pushing new version $NEW_VERSION"
+git commit -am "chore: bump version to $NEW_VERSION by dev/bump_version.sh" && git push
diff --git a/dev/scrub_locks.sh b/dev/scrub_locks.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+
+TEMP_DIR=$(mktemp -d)
+trap "echo '    --> removing $TEMP_DIR' && rm -rf $TEMP_DIR" EXIT
+
+echo "    --> Cloning concourse-locks into $TEMP_DIR"
+git clone --depth 3 --single-branch --branch main --no-tags [email protected]:blinkbitcoin/concourse-locks.git "$TEMP_DIR/concourse-locks"
+
+cd "$TEMP_DIR/concourse-locks/gcp-infra-testflight"
+echo "    --> Unclaiming gcp-testflight"
+git mv claimed/gcp-testflight unclaimed  && git commit -m "manually unclaiming gcp-testflight" && git push
+