-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild.yaml
63 lines (60 loc) · 2.01 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# Cloud Build CI/D configuration file for automated Cloud Run builds & deployments
#
# Process explained in detail as part of following blog post:
# App architecture with reliability in mind: From Kubernetes to Serverless with GCP Cloud Build & Cloud Run
# https://foolcontrol.org/?p=4621
#
# Youtube video:
# https://youtu.be/ksz1Vfg3ZQI?si=TIDL_p7sYS7oExPv
# Build logs only go to Cloud Logging
options:
logging: CLOUD_LOGGING_ONLY
steps:
# Display set env variables
- name: 'ubuntu'
args: ['bash', '-c', 'echo PROJECT=$PROJECT_ID LOCATION=$LOCATION']
# Build the container image
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '-t', '$LOCATION-docker.pkg.dev/$PROJECT_ID/atuf/atuf:$SHORT_SHA', '.']
# Authenticate with GCP Artifacts Registry & fix for denied permission: artifactregistry.repositories.uploadArtifacts
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
args: ["gcloud", "auth", "configure-docker", "$LOCATION-docker.pkg.dev"]
# Push the container image to GCP Artifacts Registry
- name: 'gcr.io/cloud-builders/docker'
args: ['push', '$LOCATION-docker.pkg.dev/$PROJECT_ID/atuf/atuf:$SHORT_SHA']
# Deploy container image to Cloud Run
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
entrypoint: gcloud
args:
- 'run'
- 'deploy'
- 'atuf'
- '--image'
- '$LOCATION-docker.pkg.dev/$PROJECT_ID/atuf/atuf:$SHORT_SHA'
- '--region'
- '$LOCATION'
- '--memory'
- '128Mi'
- '--cpu'
- '1'
- '--min-instances'
- '0'
- '--max-instances'
- '5'
- '--service-account'
- 'cloud-sa@$PROJECT_ID.iam.gserviceaccount.com'
# - '--allow-unauthenticated' - won't work, next step must be used instead
# Allow public (unauthenticated) access (--allow-unauthenticated)
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
entrypoint: gcloud
args:
- 'run'
- 'services'
- 'add-iam-policy-binding'
- '--region'
- '$LOCATION'
- '--member'
- 'allUsers'
- '--role'
- 'roles/run.invoker'
- 'atuf'