To deploy to Google Cloud services, you will need to create a container that can authenticate with your Google Account, and with the appropriate Google product, as well as run the Google Cloud CLI to execute your intended commands.
We maintain an example repository with an image stored on Docker Hub to simplify this process. You can copy setup instructions from this repo or reuse the Dockerfile, our turnkey Google Cloud image or our GCR authentication generator simply by adding the necessary elements from our Google Cloud repo to your codeship-services.yml file.
For authenticating with the Google Cloud Platform we’re going to create a Service account inside your Google Cloud account management.
Go to the GCP console, select your project and go to APIs & auth → Credentials:
Next, click Add credentials and add a Service account. Then, select the JSON download option when prompted on the next page.
This will download a JSON file that contains credentials that you will use for authentication in your codeship-services.yml file.
First, you will need to provide these credentials as encrypted environment variables.
Now you will need to create a new file to store your account credentials in, in the form of environment variables. You will then encrypt this file and save it in your repository to be used during your builds.
Your new environment variables file will contain the following, and be sure not to provide the values with quotes due to strict matching:
GOOGLE_AUTH_JSON=... GOOGLE_AUTH_EMAIL=... GOOGLE_PROJECT_ID=...
GOOGLE_AUTH_JSONshould be populated with the account credential string you received in the JSON file you downloaded earlier. Note that you may need to remove all newlines from the file. On Linux and macOS you can use
tr '\n' ' ' < your_file_nameto get the line and copy it back into the file – but be sure the
\ncharacters are not already in place before running
GOOGLE_AUTH_EMAILshould be populated with the account email address that you can find on the credentials page in the Service accounts section. Note that it has to be from the Service account we just created.
GOOGLE_PROJECT_IDshould be populated with the value found on the Dashboard of your project in the Google developer console.
Be sure to put this unencrypted env file into
After creating this environment variables file, you will need to encrypt it using the instructions from our encrypted environment variables tutorial or by using the commands below:
jet encrypt your_env_file your_env_file.encrypted
This encrypted file will be committed to your repository and used in your codeship-services.yml file.
Before calling any commands against the GCP API you need to authenticate with the Gcloud tool using the credentials and encrypted environment variables you created above.
image that we maintain provides a default command named
codeship_google authenticate. If you set up the environment variables
for a service using this image, in your
codeship-services.yml file, it will set the configuration up for you using those account
The following example runs the
codeship_google authenticate command
and would typically be run at the start of a script file in your
repository that contains all your deployment commands, called from your
#!/bin/bash # Authenticate with the Google Services codeship_google authenticate
Since this authentication does not persist between steps in your codeship-steps.yml file, you will need to run the provided authentication command at the beginning of each step that attempts to run commands via the Google Cloud deployment container.
Some Google Cloud services will require that you add your CodeShip public key for authentication purposes.
Note that Google may fail authentication if you do not add the Google
Cloud user the key is for to the end of the key. For example, if the
Google Cloud user is
deploy@CodeShip, you will want to add
deploy@CodeShip to the end of the SSH key itself, otherwise Google
will not load the key for the user appropriately.
googleclouddeployment: image: codeship/google-cloud-deployment encrypted_env_file: - google-credentials.encrypted add_docker: true volumes: - ./:/deploy
Note that this example adds your Google Cloud account credentials as
encrypted environment variables and adds the repository folder as a
/deploy so that we can use it as part of the build.
After defining your authentication variables and your deployment service, you will want to run deployment commands via your codeship-steps.yml file.
Because each step runs in a separate group of containers, you will likely want to bundle you Google Cloud commands together in a script file that you add to your repository and call from a step:
- name: google-cloud-deployment service: googleclouddeployment command: google-deploy.sh
Inside this deployment script will be all commands you want to run via the Google Cloud or Kubernetes CLI, both included in the deployment image that we maintain.
Here is an example deployment script that you can use as a basis for your own deployments. Note that it authenticates at the top using the command discussed earlier.
#!/bin/bash # Authenticate with the Google Services codeship_google authenticate # Set the default zone to use gcloud config set compute/zone us-central1-a # Starting an Instance in Google Compute Engine gcloud compute instances create testmachine # Stopping an Instance in Google Compute Engine gcloud compute instances delete testmachine -q
In this example:
We authenticate with Google Cloud
Then, we are setting the default zone to use
Next, we are starting an instance in the Google Compute Engine.
As you can see, the deployment script is essentially just standard Google Cloud CLI commands - meaning, you can run any Google Cloud commands that you want.
You can also take a look at a longer example we use for integration testing our container.
Deploying your application to App Engine via the
gcloud utility only
involves a couple of commands. Head over to our
Google App Engine deployment articles for the details.
If you are looking to use Google Container Engine and Google Container registry, we maintain specific documentation for using those services.