i try to fully automate the cloud build trigger creation via sh script
As source I use Github.
So far it's possible to create the trigger
gcloud beta builds triggers create github \
--repo-name=organisation/repo \
--repo-owner=organisation \
--branch-pattern="^main$" \
--build-config=cloudbuild.yaml
BUT each repo has to be authorized manually before otherwise you get the Error:
ERROR: (gcloud.beta.builds.triggers.create.github) FAILED_PRECONDITION: Repository mapping does not exist. Please visit https://console.cloud.google.com/cloud-build/triggers/connect?project=********* to connect a repository to your project
Which links me to the UI to create the authorization manually
Is there a way to also automate that step?
Currently there is no way to connect to external repositories using the API, but there is an ongoing feature request for this to be implemented.
There are two options you can adopt now:
Connect all the repositories at once from the Cloud Console. This way, you will be able to automate the creation of triggers for those repositories.
Use Cloud Source Repositories, which are connected to Cloud Build by default, as indicated here. Check this documentation on how to create a remote repository in CSR from a local git repository.
If you use another hosted Git provider, such as on GitHub or Bitbucket, and still need to mirror the repository into Cloud Source Repositories, you must have the cloudbuilds.builds.create permission for the Google Cloud project with which you're working. This permission is typically granted through the cloudbuild.builds.editor role.
Here are some links to this information.
Creating and managing build trigger
Related
I am trying to set up a continous developemnt system for creating an app and I would like to know if this is idea is feasible within GCP:
Project A - Hosts Cloud Source Repository
Project B - Cloud Run for the app
On project B, I have the Cloud Run option of 'Continously deploy new revisions from a source repository' which I would like to point to the CSR from project A.
My question is, Can CSR be shared cross-project or do I need to go for GitHub or BitBucket to be able to share code between projects?
You can access y our Cloud Source Repository from any project as long as your account (service or user) has the permission to access it.
However, you can't configure Cloud Build triggers on Cloud Source Repository that is in another project (the continuous deployment on Cloud Run configure a Cloud Build trigger behind the scene for you. It's simply a shortcut).
But you can also create a Cloud Build Trigger in your Cloud Source Repository project and grant the permission to the Cloud Build service account to deploy the Cloud Run service to the target project.
Because the continuous deployment on Cloud Run is a shortcut to configure Cloud Build trigger and deployment pipeline, you can do the same manually (longer and required more skill/experience with GCP), but it's not impossible!!
I have my source code in code commit and my new client is with GCP. They wanted to connect code-commit from google cloud-build, is there any option for that ?
Given the fact that GCP and AWS are competitor cloud providers I would say that you will not find a way to trigger Google Cloud Build from AWS CodeCommit, which is what I believe you mean with "integrate" both products.
What I would do in your scenario is replicate you CodeCommit repository in it's equivalent in GCP, which is Google Cloud Source Repositories. You can find a tutorial for how to setup
Build Triggers from Cloud Source Repositories in this documentation. Another option is pushing a container ready to be deployed into Cloud Registry and deploying that instead, you can follow these steps for that.
I am looking to integrate enterprise bitbucket server with aws ci/cd pipeline features.
I have tried creating a project within aws codebuild but do not see any option for bitbucket enterprise .
If this is not possible then what is the long route using api gateway / webhooks etc ?
AWS Codebuild only supports the Bitbucket cloud. To integrate with Bitbucket self hosted solution, you will need to create a API gateway + Lambda. And then add this gateway address as a webhook in the bitbucket repo. The Lambda will then be responsible to process the incoming events from Bitbucket server. There could be 2 routes from here.
One way could be to download the zip for the particular commit and upload it on a S3 bucket. Add S3 as a source trigger for the build project. You lose the ability to run any git specific commands in such a case though as it's just a zip file containing the specific version of files.
Second option could be to pass on the relevant info to codebuild by directly invoking it from Lambda. Passing off details like commit_id, event (pr or push), branch etc as environment variables. Based on this info, run a git clone in codebuild before running other build steps. This way you would have access to git specific commands.
Here is an example workflow from AWS (it is for codepipeline, but you can modify it suitably for codebuild)
I'm attempting to setup CICD for a GCP Cloud Function and App-Engine deployment. The repo is in Bitbucket and I am following the instructions found here to create a mirror between my Bitbucket repo and a GCP Cloud Source repo.
Using the GCP Cloud Source "Connect external repository" UI I am able to select my GCP project, select Bitbucket as the Git provider, connect to Bitbucket using my credentials (I am admin on the Bitbucket repo), and select the desired Bitbucket repo. Then when I click the "Connect selected repository" I get about a 30s delay and finally a simple "Failed to connect repositories" error message with no further explanation as to why. GCP logging shows nothing.
Any ideas would be appreciated.
Thanks
Ensure that you have enabled the source repos API. Retrospectively I guess this is obvious, because the Bitbucket webhooks need to call out to Google's API to announce when changes occur on the repo.
The GCP API is called Cloud Source Repositories API, and the service name is sourcerepo.googleapis.com
https://console.cloud.google.com/apis/api/sourcerepo.googleapis.com
I want create Cloud Build trigger linked to Cloud Source Repository in another project.
But when I'm on a step where I am supposed to choose a repository, the list is empty.
I tried different some permission, but without luck.
Could someone tell whether such configuration is possible and how do it?
The cloudbuild trigger can only see repositories that are in the same project.
We ran into the same issue with Bitbucket repos that we are mirroring into the Cloud Source Repos in our projects.
What we discovered was that we needed to mirror the repo into BOTH projects so that the cloudbuild trigger could see the repository. I am not sure how this would work with a repo that only lives in the GCP source code repo.
When you have project A that has a trigger to build a container and place it in a repository owned by project B, you must add an IAM permission on project B that allows creation of images from a service account on project A. When you are using triggers, a service account on project A is created called A_number#cloudbuild.gserviceaccount.com. On project B, you must then use IAM to give permissions for this service account to create containers. For example, you may add the role "Cloud Build Editor".
This appears to be quite well document in the following Cloud Build docs:
Configuring access control
Setting service account permissions