/gcp-cloudfunction-git-event

Google Cloud Function to be triggered on Git repository events

Primary LanguageJavaScriptMIT LicenseMIT

gcp-cloudfunction-git-event

HTTP Cloud Function to be called on Git repository events. It gets the most recent version of the code (through git clone) and triggers Cloud Build relying upon a configuration file expected to reside in the repository.

js-standard-style CircleCI

The main purpose here is to allow automatic Cloud Build triggering even for Git repositories that are not connectable through Source Repositories, such as GitLab or on-premisses hosted ones (the repository must support webhooks or similar technology to call this Cloud Function).

Present work is based on GitLab's Joshua Lambert enlightening cloud-function-trigger, with a few adjustments to make it more flexible:

  1. leverage Cloud Function environment variables
  2. use Secret Manager instead of KMS
  3. trigger parent and child Cloud Build jobs

Requirements

  1. An internet-reachable Git repository with webhook support, such as a gitlab.com hosted one
  2. Google Cloud Function
  3. Google Cloud Secret Manager
  4. Google Cloud Build

Instructions for GitLab

  1. Create a Git repository that includes a cloudbuild.yaml file
  2. Create a deploy token for the project
  3. Store the token in Secret Manager, formatted as https://username:password@gitlab.com
  4. Grant your GCP project's Cloud Build Service Account the Secret Manager Secret Accessor IAM role
  5. Copy index.js and package.json to a Cloud Function
  6. Set function's environment variables
  7. Deploy the Cloud Function
  8. Set up a webhook to trigger the Cloud Function on the desired events (push, tag, etc)
  9. Push some code to the repository created in step 1 and voilĂ !

Environment variables

The environment variables listed below are used by the function:

NAME DESCRIPTION MANDATORY
AUTH_HEADER_NAME Name of the HTTP header that must be provided to authorize the request. Yes
AUTH_HEADER_VALUE Value of the HTTP header that must be provided to authorize the request. Yes
CHILD_BUILD_CONFIG_FILE The child build configuration file; defaults to cloudbuild.yaml. No
CHILD_BUILD_SUBSTITUTIONS Parameters to be substituted in the child build specification, in the format of _SAMPLE_VALUE=blue,_OTHER_VALUE=10 (build configuration overview for reference). Yes
CLOUDBUILD_PROJECT_ID Id of a project to run the Cloud Build jobs. No
GIT_REPOSITORY_URL URL of the repository to be cloned; must be provided if GIT_REPOSITORY_URL_REQUEST_PATH is not present. No
GIT_REPOSITORY_URL_REQUEST_PATH JSON path to extract the URL of the repository from the request body; takes priority over GIT_REPOSITORY_URL. No
SECRET_NAME Name of the secret used to store Git credentials in Secret Manager. Yes
SECRET_VERSION Version of the secret used to store Git credentials in Secret Manager. No

How to contribute

Please make sure to take a moment and read the Code of Conduct.

Report issues

Please report bugs and suggest features via the GitHub Issues.

Before opening an issue, search the tracker for possible duplicates. If you find a duplicate, please add a comment saying that you encountered the problem as well.

Contribute code

Please make sure to read the Contributing Guide before making a pull request.