But if I’m generating the descriptions automatically… I’m hardly going to be excited about copying and pasting them into YouTube - right? right!

Automating this process brings up a few design choices.

Planning

Which language

There were a few contenders, and here’s how I thought them through:

Zig

I’m currently learning Zig, and I love using it for my game development. But it doesn’t yet have mature libraries for working with the YouTube Data API - and I don’t feel like writing one. So, sadly, Zig’s out for this one.

Python

I used Python for despatches and it was the right fit there - good libraries for BlueSky and Reddit.

However, I did not enjoy the experience:

• bazel was a constant struggle

• poetry is nice… but still a bit of a nightmare. It just makes the pain more structured

• Worst of all: blusky failed after reddit succeeded caused a partial success, which broke the Git commit and silently caused a post to be repeated (embarrassing!)

  That kind of problem can happen in Go (nil pointer), though it wouldn’t in Zig. But at least with Go, most handleable errors stay errors — they don’t crash the whole tool.

java

Sure, I could do this in Java - but I really don’t want to mess with the JVM. And more importantly, I’m doing this for fun. Java doesn’t feel like that anymore.

golang

Not quite my favourite any more, but still a close second. It’s fast, has YouTube libraries and it somehow seems fitting that Hugo is also a go baby.

Even though I’m not wiring the two directly, the ecosystem fit is nice.

Overall Plan

• Let Hugo render the YouTube description as plain text

• Traverse the youtube/*.md files in the source directory

  • Skip videos that are too old to update (maybe older than 30 days?)
  • Hash the rendered output (title, description, tags, etc.)
  • Compare that hash with the one stored in the frontmatter
  • If it doesn’t match,
    • Update the metadata on YouTube
    • Update the hash
  • commit and push any updates (should be only hash changes)

Validation

One thing worth being careful about is whether the metadata is valid. We do not want the sync to fail during its scheduled run - when it won’t have many choices on how to resolve it.

In a bid to mitigate this, we’ll add a command to validate the source and rendered files.

The validation would expect the rendered files to be generated as well, which seems reasonable since Hugo is probably running as hugo serve while the content files are being updated.

The validate function will retrieve the relevant files and check that there is a corresponding rendered description.

If it errors in that process, we know that it would error out in the sync.

We can’t catch errors around the API though at this stage, and that’s unavoidable.

Sync

Hashing the Description

This part was surprisingly easy:

The challenge was trying to write the updated yaml frontmatter back. I was using the adrg/frontmatter library to read the frontmatter, but it does not support writing it back.

Detour: Write a small frontmatter Library

I took a little detour to build inscribe, a little frontmatter library that supports reading and writing back in yaml.

Auth

We need the YouTube Client to have an OAuth Token, which we can retrieve by:

• Create a new OAuth Client - Type of desktop is probably the easiest
• add your user account to test users:
• go to https://accounts.google.com/o/oauth2/v2/auth?client_id=YOUR_CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/youtube
  • Remember to substitute your actual client_id
  • Add any other scopes you might want
  • Go through the flow steps - it’ll warn you that the app is unreleased, which is expected
• Take the code that it provides
• Call the following curl command

You should finally get something like:

The refresh_token is what you want to save / use as the access_token will expire (after an hour in this example).

The authentication was a bit more involved with a refresh token, but the oauth2 library helps us out:

Updating the description

Setting the description is a little more complicated because you can’t set just the description.

Everything defined in the VideoSnippet gets updated.

To support this, what we need to do is get the current snippet for the video, then update it:

GitHub Action

The GitHub Action is fairly straightforward, mostly a copy of the Hugo one, then:

• Add Bazel
• Run projector sync
• Commit if changed

We also needed to upgrade one permission - contents

Conclusion

The Google/YouTube documentation was the hardest part here in that it was pretty obtuse and hard to understand.

Writing a little frontmatter library was unexpected, but while it took a little time, was straightforward.

Once I got a handle on that, the rest of it was pretty straightforward, partly because I was reusing parts from before.

Links

• Part 1: Outputting YouTube Descriptions from Hugo
• inscribe: simple frontmatter yaml library

I started with adrg/frontmatter before I realised that it didn’t have the ability to write back.

I considered contributing to that one, but writing back is a little more complex than reading - particularly because the frontmatter.Parse in that one is built to support partial reading.

Because adrg/frontmatter only unmarshals into a struct, and doesn’t store the original bytes, you can’t write back without losing untouched keys.

Looking around, I could not find another frontmatter library for Go. I know that python has a decent library which supports writing back to it (I used it in the depatcher but I don’t want to write python.

Multiple Formats

Let’s make it extendable by defining a Format that will allow us to add in other formats later:

Writing Back

We could also do with a struct to hold the whole file contents so that we can write it back easier.

By storing the full frontmatter, we can later accept partial updates without losing other keys.

Naive Merging of Updates

We (the user) should be able to update just the keys we care about. All the other keys should be preserved.

The easiest way I could find to do this was to Marshal, Unmarshall and then merge with the raw Unmarshall:

Minimal merge strategy (loses order and formatting)

⚠️ Warning: Key ordering is lost

Due to the way maps work, the key ordering is lost More accurately, the keys are sorted alphabetically during write.

It fully rewrites the frontmatter, which also means that double quotes might disappear etc.

In Place Merging of Updates

If it is important to keep the frontmatter formatting as much as possible, we need to bigger sledgehammer.

I explored an approach using yaml.Node with ChatGPT’s help.

I fitted it into the Format as well

This preserves frontmatter formatting well - but it only handles flat YAML. Nested maps require a bit more work.

Supporting maps etc. as values

We need to switch to map[string]any and tweak a bit of the loop

It’s funny how things can be more complicated than it first seems.

Minor tweaks

I also wanted to add the delimiter into the format and use that instead of hardcoding, which was easy enough.

Conclusion

This is probably the main bits of functionality I’ll need to continue with the projector sync.

I had considered frontmatter to be a blackbox with complicated functionality, but cutting it up and working on it has demystified it and made it easier to work with. ChatGPT helped.

It should be fairly straightforward to add other frontmatter formats like TOML, and to autodetect the formats, but I don’t need it right now.

Links

• Source Code on GitHub

In this post, I want to describe how I got it to push images build locally up to googles artifact repository. It will include creating the artifac repository using infrastructure as code

The project is in a monorepo that uses bazel.

The executable to be packaged

Build Container Image

add rules_oci

rules_oci is a good place to start to integrate container support into your bazel configuration. It’s also worth reading up a bit on distroless if you are not aware of it.

Adding rules_oci into bazel MODULES is straightforward:

If you use the WORKSPACE, or if you want the latest version, you can find details on their releases page.

tar.bzl

oci_rules uses tar files to build the image. To build tar images, you will want to use tar.bzl.

Add the following to you MODULES

Latest version and instructions for WORKSPACE can be found on their releases page

BUILD.bazel

There are language specific sample build files that you can start from.

Starting from the example go BUILD.bazel, and simplifying it, I have:

There is more information at the go doc page including details of migrating from rules_docker

Building of the images now completes

Push Image

Pushing the image can be pretty straightforward:

• Enable the container repository in Google Cloud
• Configure it in the BUILD.bazel file
• bazel run to push

I would like to do the whole thing through IaC so that it is

• Repeatable, and
• more importantly documented

IaC Tool Options

terraform has no bazel support, and is a questionable choice from an ethics perspective. opentofu has

rules_tf. However, that does not support apply

Google Cloud Infrastucture Manager is vendor lock in.

That leaves us with pulumi (If there is another alternative, please let me know).

I like the stacks concept in pulumi, and while it doesn’t have bazel integration, what it does have is an automation api. While not he best documented, there is enough documentation out there to be able to piece it together.

With this, we can build a runnable unit, and then run it too. I’ve experimented with tagging specific runnables and then running them through the CI. I won’t get that far in this post. My focus here is to get it working locally.

Enable Artifact Repository

In pulumi, you can enable the artifact repository with:

You could write end to end tests, but it means a deployment after each change and then checking the logs to see what failed. Even if you use iac (terraform/pulumi), the deployment will take seconds or a minute or two - not exact rapid test feedback.

What I have been doing is to set up a hook which is called from the lambda handler, which can also be called locally. Within the test, I then assume the role that runs the lambda and then test the hook.

This mechanism allows to me easily test that the permissions are set up correctly and that details are in place for the code to work.

For the full end to end test, I then have a simple smoke test or two.

The code samples are in golang(only because it happens to be my current language of choice), but the idea should be equally applicable in other languages.

Assuming The Role

the cfg is then passed into the New method for the resource you are interested in. e.g.:

Working Example

You can find a full, working example test in my github repo under post/2023/11/autolambdatest

NOTE: It WILL automatically try and deploy a role and a ssm parameter, and it will delete it after the test.

The BeforeSuite will deploy the minimum configuration to be able to run the test, and the AfterSuite will destroy the same stack.

You will likely need to log into pulumi to get this test to work.

If you run into permissions issue for AssumeRole, read on.

AssumeRole Permissions

For this to work, the user running the tests need to have permissions to AssumeRole.

There are two steps to this. The first part is to allow "anyone" to AssumeRole the relevant role:

Unit tests are designed to run as fast as possible, so any slower processes like databases are mocked out. While super helpful and powerful in terms of providing confidence in the software, it should be only one part of the testing strategy.

Integration tests, as is implied runs tests of the different part of the software integrated together. Technically speaking, you can still mock out the database and other slower layers to keep it running quickly. However, there is value in including a database or other slower services in the process to test as them in an automated fashion.

What this does mean though, is that you want to be able to run only the unit tests or run the integration tests as well. You might also want to have smoke tests, which are run on your live production environment.

How

You could define a separate target in your BUILD file with the unit tests and let gazelle automatically build your default test target with all the tests. I found this frustrating to use as I had to keep tweaking the dependencies manually whenever anything changed (which happened often)

Tagging

The easiest way to achieve this for golang and bazel is to tag your source code files. You can do this by adding the following to the top of your integration test files

something_integration_test.go

You can pick any tag name you want instead of integration_test like integration, smoke_test etc.

IDE Support

You will likely need to add this source file into the IDEs build constraints to get the IDE to treat it as a source file. In IntelliJ (IDEA/Goland), you will be warned of this

If you click Edit settings, you can add the tag in

When running gazelle, you want to include the files with these tags

Gazelle

If you have multiple tags, you can separate them with commas. This command will generate a test target with all of the source files and its dependencies

Bazel Integration on test

To run only the unit tests, you test as normal:

To run the integration tests as well, include that tag

Run only Unit Tests

This setup will currently not allow you to run ONLY the integration tests. To be able to do that you'll need to add a unit_test tag to the unit test files so that you can exclude them.

You can then run only the unit tests with

Only the integration tests

Or both:

Simpler gazelle command

You can enable the tags by default in the BUILD file so that you don't have to pass the tags into gazelle each time.

BUILD

You can then just run bazel run //:gazelle which will run with these tags enabled.

Sample Source

You can find sample source code demonstrating this in my github repo, under post/2023/11/separatetests

This is lifted straight out of their golang example code, so if you're working in another language - you should be able to find the relevant code in the same repo

In Pulumi, the function URL is created after the function (and even otherwise), I can't pass the output of the lambda (or lambdaFunctionUrl) back in as an environment variable. Fortunately, there is an easy way to pick up the Function URL (or the function name for that matter) - if you know how ;)

There are other defined lambda function environment variables as well that you can use.

I used to configure Pulumi to be triggered directly from the build process, but bazel (as far I know), does not support Pulumi. When I used pants, there was a custom module, developed by one of the community members which did support pulumi (You might have to ask in the slack channel if you're interested), but they stopped maintaining it as they moved to the Pulumi Automation API.

I am using Automation API from the start, and configuring a "deployer" per product/project within the monorepo. The intention is for the deployer to be as smart as possible - eventually up-ing only the stacks that have changes since the last time- but that's a way down the line.

Another benefit from the Automation API is to pick up the stack outputs automatically when running integration/e2e tests, making the test configuration smoother.

The first step is to be able to define a stack within a product, hook it into the main iac executable and have it working. My directory structure is roughly as below: While I am using golang as my language of choice, it's probably not hugely different in other languages.

• products
  • productA
    • auth
      • iac_auth
        • BUILD
        • deploy.go
        • Pulumi.dev.yaml
        • Pulumi.yaml
      • OtherAuthModules
    • iac
      • BUILD
      • main.go

iac_auth/BUILD

iac_auth/deploy.go

One of the requirements we have is to build a lambda module and then deploy it. The lambda module is a target being built by Bazel (golang, but shouldn't matter):

We then have the iac module, which should get the built version of the above module, so that it can then upload it into lambda

There are two key parameters here to note:

• args: We generate the path to the target module using //products/productA/module/lambda_module)
• data: We use the data tag to ensure that the built output is included when building/running this target

We then need to use runfiles support within golang to be ablet to identify the correct location for the built binary. The reason this part is complex is to be able to support multiple operating systems. I should caveat that I have only got this working on Linux, but Mac/Win shouldn't be too different.

We use the flag module to retrieve the path passed in as a runtime parameter

We use runfiles.Rlocation to pick up the "real" path to the file, prepending the workspace name to the start. You can define the workspace name in the root WORKSPACE file with workspace(name = "workspace_name")

Finally, resolve the Symlink to get the actual file path

References

There are similar mechanisms to find the rLocation in other languages, a couple of which are described in its design document

There is some documentation in rules_go around accessing go_binary from go_test which I referenced and updated to get the above example

I found the above link from a stackoverflow post about feeding bazel output to another bazel rule