/trigger-gcp-cloudbuild

👋🌍☁️🏗 A hello world for Google Cloudbuild

Primary LanguageGo

Hello emoji World emoji Cloud emoji Build emoji

Trigger GCP Cloudbuild

A "hello world" for triggering Google Cloudbuild in Golang.

IAM setup

  1. Create a GCP service account:

    $ gcloud iam service-accounts create trigger-gcb
  2. Add the "Cloud Container Builder Editor" and "Storage Object Admin" roles to the service account.

    $ export SA_EMAIL=$(gcloud iam service-accounts list --filter="name:trigger-gcb" --format='value(email)')
    $ export PROJECT=$(gcloud info --format='value(config.project)')
    $ gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$SA_EMAIL --role roles/storage.admin
    $ gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$SA_EMAIL --role roles/cloudbuild.builds.editor
  3. Create a JSON key for the service-account.

    $ gcloud iam service-accounts keys create trigger-gcb.json --iam-account $SA_EMAIL

GKE test steps

  • Create generic secret for $GOOGLE_APPLICATION_CREDENTIALS ENV var:

    $ kubectl create secret generic google-application-credentials --from-file=key.json=trigger-gcb.json
  • Deploy the main test app:

    $ export PROJECT=$(gcloud info --format='value(config.project)')
    $ helm install trigger-gcp-cloudbuild/ --set projectID=$PROJECT --name gcb
  • Monitor the output with kubectl logs (or - shameless plug - try klog for fast, prompted k8s logs)

    • The gcb-built Job pod logs should output:

      Built by GCP Cloudbuild

  • Cleanup:

    $ helm delete --purge gcb
    $ kubectl delete secret google-application-credentials

IAM, Storage and Images cleanup

  • Delete the service account:

    $ gcloud iam service-accounts delete $SA_EMAIL
  • Remove the storage source file, then bucket:

    $ gsutil rm gs://${PROJECT}_trigger-gcp-cloudbuild/source.tgz
    $ gsutil rb gs://${PROJECT}_trigger-gcp-cloudbuild
  • Remove the built images:

    $ gcloud container images list-tags gcr.io/${PROJECT}/built-by-gcp-cloudbuild --format='get(digest)' | while read -r d; do command gcloud container images delete gcr.io/${PROJECT}/built-by-gcp-cloudbuild@"$d" --force-delete-tags --quiet; done

Local test steps

  • Remove any existing built images:

    $ gcloud container images delete gcr.io/${PROJECT}/built-by-gcp-cloudbuild --quiet
    $ docker rmi gcr.io/${PROJECT}/built-by-gcp-cloudbuild
  • Trigger cloudbuild locally with Docker:

    $ docker run --rm -v trigger-gcb.json:/key.json --env PROJECT_ID=${PROJECT} --env GOOGLE_APPLICATION_CREDENTIALS=/key.json docker.io/r6by/trigger-gcp-cloudbuild
  • Run the built test image:

    $ docker run --rm gcr.io/${PROJECT}/built-by-gcp-cloudbuild

    Should output:

    Built by GCP Cloudbuild

Local development steps

  • Build vendor directory and packages:

    $ dep ensure -v
  • In your local session, set the $GOOGLE_APPLICATION_CREDENTIALS variable that golang.org/x/oauth2/google FindDefaultCredentials() looks for, and the $PROJECT_ID variable with the name of your GCP project ID:

    $ export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/trigger-gcb.json
    $ export PROJECT_ID=${PROJECT}
  • Run the main package:

    $ go run main.go