Deploying to Google Cloud

4 minute read

You can find a sample repo for deploying to Google Cloud with CloudBees CodeShip Pro on GitHub here.

Deploying With Google Cloud

To deploy to Google Cloud services, you will need to create a container that can authenticate with your Google Account, and with the appropriate Google product, as well as run the Google Cloud CLI to execute your intended commands.

We maintain an example repository with an image stored on Docker Hub to simplify this process. You can copy setup instructions from this repo or reuse the Dockerfile, our turnkey Google Cloud image or our GCR authentication generator simply by adding the necessary elements from our Google Cloud repo to your codeship-services.yml file.

Authentication

Create Service Account

For authenticating with the Google Cloud Platform we’re going to create a Service account inside your Google Cloud account management.

Go to the GCP console, select your project and go to APIs & authCredentials:

Google Cloud Platform Credentials View

Next, click Add credentials and add a Service account. Then, select the JSON download option when prompted on the next page.

This will download a JSON file that contains credentials that you will use for authentication in your codeship-services.yml file.

First, you will need to provide these credentials as encrypted environment variables.

Encrypting Account Credentials

Now you will need to create a new file to store your account credentials in, in the form of environment variables. You will then encrypt this file and save it in your repository to be used during your builds.

Your new environment variables file will contain the following, and be sure not to provide the values with quotes due to strict matching:

GOOGLE_AUTH_JSON=...
GOOGLE_AUTH_EMAIL=...
GOOGLE_PROJECT_ID=...
  • GOOGLE_AUTH_JSON should be populated with the account credential string you received in the JSON file you downloaded earlier. Note that you may need to remove all newlines from the file. On Linux and macOS you can use tr '\n' ' ' < your_file_name to get the line and copy it back into the file – but be sure the \n characters are not already in place before running tr.

  • GOOGLE_AUTH_EMAIL should be populated with the account email address that you can find on the credentials page in the Service accounts section. Note that it has to be from the Service account we just created.

  • GOOGLE_PROJECT_ID should be populated with the value found on the Dashboard of your project in the Google developer console.

Be sure to put this unencrypted env file into .gitignore so its never committed, or delete it altogether following encryption.

After creating this environment variables file, you will need to encrypt it using the instructions from our encrypted environment variables tutorial or by using the commands below:

jet encrypt your_env_file your_env_file.encrypted

This encrypted file will be committed to your repository and used in your codeship-services.yml file.

Authentication Commands

Before calling any commands against the GCP API you need to authenticate with the Gcloud tool using the credentials and encrypted environment variables you created above.

The deployment image that we maintain provides a default command named codeship_google authenticate. If you set up the environment variables for a service using this image, in your codeship-services.yml file, it will set the configuration up for you using those account credentials.

The following example runs the codeship_google authenticate command and would typically be run at the start of a script file in your repository that contains all your deployment commands, called from your codeship-steps.yml file:

#!/bin/bash # Authenticate with the Google Services codeship_google authenticate

Since this authentication does not persist between steps in your codeship-steps.yml file, you will need to run the provided authentication command at the beginning of each step that attempts to run commands via the Google Cloud deployment container.

CodeShip Public Key

Some Google Cloud services will require that you add your CodeShip public key for authentication purposes.

Note that Google may fail authentication if you do not add the Google Cloud user the key is for to the end of the key. For example, if the Google Cloud user is deploy@CodeShip, you will want to add deploy@CodeShip to the end of the SSH key itself, otherwise Google will not load the key for the user appropriately.

Commands And Deployments

Creating Your Services

You will want to add a service to build deployment image that we maintain in your codeship-services.yml file. For example:

googleclouddeployment: image: codeship/google-cloud-deployment encrypted_env_file: - google-credentials.encrypted add_docker: true volumes: - ./:/deploy

Note that this example adds your Google Cloud account credentials as encrypted environment variables and adds the repository folder as a volume at /deploy so that we can use it as part of the build.

Deployment Commands

After defining your authentication variables and your deployment service, you will want to run deployment commands via your codeship-steps.yml file.

Because each step runs in a separate group of containers, you will likely want to bundle you Google Cloud commands together in a script file that you add to your repository and call from a step:

- name: google-cloud-deployment service: googleclouddeployment command: google-deploy.sh

Inside this deployment script will be all commands you want to run via the Google Cloud or Kubernetes CLI, both included in the deployment image that we maintain.

Here is an example deployment script that you can use as a basis for your own deployments. Note that it authenticates at the top using the command discussed earlier.

#!/bin/bash # Authenticate with the Google Services codeship_google authenticate # Set the default zone to use gcloud config set compute/zone us-central1-a # Starting an Instance in Google Compute Engine gcloud compute instances create testmachine # Stopping an Instance in Google Compute Engine gcloud compute instances delete testmachine -q

In this example:

  • We authenticate with Google Cloud

  • Then, we are setting the default zone to use

  • Next, we are starting an instance in the Google Compute Engine.

As you can see, the deployment script is essentially just standard Google Cloud CLI commands - meaning, you can run any Google Cloud commands that you want.

App Engine

Deploying your application to App Engine via the gcloud utility only involves a couple of commands. Head over to our Google App Engine deployment articles for the details.

Container Engine And Container Registry

If you are looking to use Google Container Engine and Google Container registry, we maintain specific documentation for using those services.