Template for using gcloud CLI to create a project and continuous delivery pipeline.
- You have a Google Cloud Organization
- You have permissions to create projects and resources
- You have a Billing Account Setup
- You have an initial GitHub Repo
Create a variables.sh to set variables
export PROJECT_ID=gcp-cloud-run-starter
export PROJECT_NUMBER=SET_AFTER_CREATING_PROJECT
export BILLING_ACCOUNT_ID=REPLACE_BILLING_ACCOUNT_ID
export APP=gcp-cloud-run-starter
export FOLDER_ID=REPLACE_FOLDER_ID
export PORT=8080
export REGION="us-central1"
#export REGION="us-east4"
export TAG="gcr.io/$PROJECT_ID/$APP"
export REPO_NAME=REPLACE
export CONNECTION_NAME=YOUR_CONNECTION_NAME
export INSTALLATION_ID=INSTALL_ID
export BUILD_TRIGGER_NAME=gcp-cloud-run-starter-build-trigger
export REPO_URI=REPO_URI_HERE
export REPO_OWNER=ORG_OR_USER
export BRANCH_PATTERN="^main$"
export BUILD_CONFIG_FILE=cloudbuild.yaml
# OR Create your own Service Account
export SERVICE_ACCOUNT=$PROJECT_NUMBER-compute@developer.gserviceaccount.com
Labels are like Tags in other clouds, this is helpful for billing, finops, etc.
gcloud projects create $PROJECT_ID --name="GCP Starter Project" --folder=$FOLDER_ID --labels=environment=development,name=$PROJECT_ID,cost-center=my-org,owner=miles,type=prototype --set-as-default
Note you will need to update the variables.sh to set the PROJECT_NUMBER or run the comman sepe
gcloud projects describe $PROJECT_ID
gcloud projects create [PROJECT_ID] [--no-enable-cloud-apis] [--folder=FOLDER_ID] [--labels=[KEY=VALUE,…]] [--name=NAME] [--organization=ORGANIZATION_ID] [--set-as-default] [--tags=[KEY=VALUE,…]] [GCLOUD_WIDE_FLAG …]
https://cloud.google.com/sdk/gcloud/reference/projects/create
gcloud config set project $PROJECT_ID
gcloud beta billing projects link $PROJECT_ID --billing-account=$BILLING_ACCOUNT_ID
Example list of APIs to enable
- Cloud Run
- Pub/Sub
- Firestore
- Big Query
gcloud services enable run.googleapis.com \
bigquery.googleapis.com \
firestore.googleapis.com \
pubsub.googleapis.com
Lists Google APIs
gcloud services list --available --filter="name:googleapis.com"
- Cloud Build
- Cloud Deploy
- Artifact Registry
- Secrets Manager
- IAM APIs
gcloud services enable cloudbuild.googleapis.com \
clouddeploy.googleapis.com \
artifactregistry.googleapis.com \
secretmanager.googleapis.com \
iam.googleapis.com
gcloud services list
Either use the default Cloud Build Service Account or create your own
Set SERVICE_ACCOUNT
export SERVICE_ACCOUNT=[PROJECT_NUMBER]@cloudbuild.gserviceaccount.com
Reference https://cloud.google.com/build/docs/cloud-build-service-account
gcloud iam service-accounts create continuous-build-delivery \
--description="Service Account for CI CD" \
--display-name="CI CD Service Account"
gcloud iam service-accounts list
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member=serviceAccount:$SERVICE_ACCOUNT \
--role=roles/cloudbuild.builds.builder
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$SERVICE_ACCOUNT" \
--role="roles/cloudbuild.serviceAgent"
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:$SERVICE_ACCOUNT" \
--role="roles/logging.logWriter"
# Set in variables.sh
export REPOSITORY="docker-repository"
export REGION=us-central1
gcloud artifacts repositories create $REPOSITORY --location $REGION --repository-format "docker"
#TODO Is this needed
https://cloud.google.com/build/docs/automating-builds/github/connect-repo-github
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member=serviceAccount:service-$PROJECT_NUMBER@gcp-sa-cloudbuild.iam.gserviceaccount.com \
--role=roles/secretmanager.admin
CLOUD_BUILD_SERVICE_AGENT="service-${PN}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
gcloud secrets add-iam-policy-binding GITHUB_TOKEN_READ \
--member="serviceAccount:service-$PROJECT_NUMBER@gcp-sa-cloudbuild.iam.gserviceaccount.com" \
--role="roles/secretmanager.secretAccessor"
Use a Bot GitHub Account and Create a Connection
Reference: https://cloud.google.com/build/docs/automating-builds/github/connect-repo-github?generation=2nd-gen
gcloud builds repositories create $REPO_NAME \
--remote-uri=$REPO_URI \
--connection=$CONNECTION_NAME --region=$REGION
gcloud alpha builds triggers import --region $REGION \
--source cicd/build-trigger.yaml \
--project $PROJECT_ID
gcloud deploy apply --file=cicd/clouddeploy.yaml --region=$REGION
Reference: https://cloud.google.com/deploy/docs/deploy-app-run
gcloud beta run services list
gcloud beta run services proxy gcp-cloud-run-starter-dev
--port=8080