CI/CD Cloud Build
Creting specific service accounts
SA for Cloud Builder
export PROJECT_ID=$(gcloud config get-value project)
gcloud iam service-accounts create cloud-build-builder \
--display-name "Cloud Build Builder"
Assign right permissions
Permissions:
- Cloud Build Service Account (perform build tasks)
- Storage Object Viewer (access to cloud storage)
- Cloud Run Deployer (deploy cloud run)
export PROJECT_ID=$(gcloud config get-value project)
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:cloud-build-builder@$PROJECT_ID.iam.gserviceaccount.com" \
--role="roles/cloudbuild.serviceAgent" \
--role="roles/storage.objectViewer" \
--role="roles/logging.logWriter"
--
Need to add: - API Keys Admin
SA for Firebase CI/CD Cloud Build
Create Account:
gcloud iam service-accounts create firebase-hosting-deployer \
--display-name="Firebase Hosting Deployer"
Assing Permissions:
export PROJECT_ID=$(gcloud config get-value project)
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="serviceAccount:firebase-hosting-deployer@$PROJECT_ID.gserviceaccount.com" \
--role="roles/firebasehosting.admin"
Connecting to BitBucket
Setup Cloud Build Triggers
Create SSH Key
Provide Bitbucket with your public key
To add an SSH key to a Bitbucket repository:
- At Bitbucket | Git solution for teams using Jira for teams using Jira , navigate to the repository and select Repository settings.
- Under Security, select Access keys.
- Select Add key.
- In the Add SSH key dialog, provide a Label to help you identify which key you are adding. For example, Work Laptop
. A meaning full label will help you identify old or unwanted keys in the future. - Open the public SSH key file (public keys have the .pub file extension) in a text editor. The public key should be in the .ssh/ directory of your user (or home) directory. The contents will be similar to:
ssh-ed25529 LLoWYaPswHzVqQ7L7B07LzIJbntgmHqrE40t17nGXL71QX9IoFGKYoF5pJKUMvR+DZotTm user@example.com - Copy the contents of the public key file and paste the key into the Key field of the Add SSH key dialog.
-
Select Add SSH key.
-
If the key is added successfully, the dialog will close and the key will be listed on the Access keys page.
- If you receive the error That SSH key is invalid, check that you copied the entire contents of the public key (.pub file).
Cloud Build configuration
mkdocs cloudbuild.yaml
Steps to Build mkdocs and deploy to Firebase using a token in Secret Manager
steps:
- name: squidfunk/mkdocs-material
entrypoint: 'mkdocs'
args: ['build', '-d', 'site']
- name: node:latest # Or a specific Node.js version
entrypoint: 'bash'
args:
- '-c'
- |
echo "installing firebase"
npm install -g firebase-tools
echo "logging in firebase"
# Access the token from Secret Manager
echo "$$FIREBASE_TOKEN" | firebase login:ci --token
echo "deploying to firebase hosting"
firebase deploy --only hosting:dingoo-doc-dev --project=$PROJECT_ID
secretEnv: ['FIREBASE_TOKEN']
# Specify Service Account
serviceAccount: 'projects/dingoo-dev/serviceAccounts/cloud-build-builder@dingoo-dev.iam.gserviceaccount.com'
options:
machineType: 'E2_HIGHCPU_8'
logging: CLOUD_LOGGING_ONLY
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/FIREBASE_TOKEN/versions/latest
env: 'FIREBASE_TOKEN'
BitBucket Configuration
Access Token: "dingoo-docs-admin" (dingoo-docs):
ATCTT3xFfGN0LEf7gsg8Un92Sh-a_XW162NW9AzCHkwTFJfNGPIEw2QfE-z7JQTJG_6MZUNL52juiwfNPDEaLUZ81zTCfvmCjt-g0hNNeYqxvnVj5HCPQ_AHSEGMy-FS0ZA1TwhJFVetkJPH9fe06PzXoYx-DboqPUnwYWFyt6vAcj9J41-5_bI=A1D35034
Access Token: "dingoo-docs-read" (dingoo-docs):
ATCTT3xFfGN0qQcHcLuTsmd0diWk-BX5uZWE6C3zmv4vgRAs3UTL9YpnMF-6k7o2HY28LPjFd2kchfPVDYMxlQe6XNzD92OOZjIkBUUTJ7lmZtaq7EfxK7XbXUCOSEX-Y3xFR62FGSUdP1bl9-mdUUepK8t-trKKakAvlgtOUgFfXEoze5kzcnE=2828F064
How to replicate to other Triggers
Copy from the develop
export TRIGGER_NAME=dingoo-docs
gcloud builds triggers describe $TRIGGER_NAME --region=europe-west1 --format=yaml > trigger-dev.yaml
Create in production
export TRIGGER_NAME=dingoo-docs
gcloud builds triggers create bitbucket-cloud --trigger-config=trigger-prod.yaml