You can find a sample repo for deploying to Google Cloud with CloudBees CodeShip Pro on GitHub here. |
Deploying With Google Cloud
To deploy to Google Cloud services, you will need to create a container that can authenticate with your Google Account, and with the appropriate Google product, as well as run the Google Cloud CLI to execute your intended commands.
We maintain an example repository with an image stored on Docker Hub to simplify this process. You can copy setup instructions from this repo or reuse the Dockerfile, our turnkey Google Cloud image or our GCR authentication generator simply by adding the necessary elements from our Google Cloud repo to your codeship-services.yml file.
Authentication
Create Service Account
For authenticating with the Google Cloud Platform we’re going to create a Service account inside your Google Cloud account management.
Go to the GCP console, select your project and go to APIs & auth → Credentials:
Next, click Add credentials and add a Service account. Then, select the JSON download option when prompted on the next page.
This will download a JSON file that contains credentials that you will use for authentication in your codeship-services.yml file.
First, you will need to provide these credentials as encrypted environment variables.
Encrypting Account Credentials
Now you will need to create a new file to store your account credentials in, in the form of environment variables. You will then encrypt this file and save it in your repository to be used during your builds.
Your new environment variables file will contain the following, and be sure not to provide the values with quotes due to strict matching:
GOOGLE_AUTH_JSON=... GOOGLE_AUTH_EMAIL=... GOOGLE_PROJECT_ID=...
-
GOOGLE_AUTH_JSON
should be populated with the account credential string you received in the JSON file you downloaded earlier. Note that you may need to remove all newlines from the file. On Linux and macOS you can usetr '\n' ' ' < your_file_name
to get the line and copy it back into the file – but be sure the\n
characters are not already in place before runningtr
. -
GOOGLE_AUTH_EMAIL
should be populated with the account email address that you can find on the credentials page in the Service accounts section. Note that it has to be from the Service account we just created. -
GOOGLE_PROJECT_ID
should be populated with the value found on the Dashboard of your project in the Google developer console.
Be sure to put this unencrypted env file into
|
After creating this environment variables file, you will need to encrypt it using the instructions from our encrypted environment variables tutorial or by using the commands below:
jet encrypt your_env_file your_env_file.encrypted
This encrypted file will be committed to your repository and used in your codeship-services.yml file.
Authentication Commands
Before calling any commands against the GCP API you need to authenticate with the Gcloud tool using the credentials and encrypted environment variables you created above.
The
deployment
image that we maintain provides a default command named
codeship_google authenticate
. If you set up the environment variables
for a service using this image, in your
codeship-services.yml file, it will set the configuration up for you using those account
credentials.
The following example runs the codeship_google authenticate
command
and would typically be run at the start of a script file in your
repository that contains all your deployment commands, called from your
codeship-steps.yml file:
#!/bin/bash # Authenticate with the Google Services codeship_google authenticate
Since this authentication does not persist between steps in your codeship-steps.yml file, you will need to run the provided authentication command at the beginning of each step that attempts to run commands via the Google Cloud deployment container.
CodeShip Public Key
Some Google Cloud services will require that you add your CodeShip public key for authentication purposes.
Note that Google may fail authentication if you do not add the Google
Cloud user the key is for to the end of the key. For example, if the
Google Cloud user is deploy@CodeShip
, you will want to add
deploy@CodeShip
to the end of the SSH key itself, otherwise Google
will not load the key for the user appropriately.
Commands And Deployments
Creating Your Services
You will want to add a service to build deployment image that we maintain in your codeship-services.yml file. For example:
googleclouddeployment: image: codeship/google-cloud-deployment encrypted_env_file: - google-credentials.encrypted add_docker: true volumes: - ./:/deploy
Note that this example adds your Google Cloud account credentials as
encrypted environment variables and adds the repository folder as a
volume
at /deploy
so that we can use it as part of the build.
Deployment Commands
After defining your authentication variables and your deployment service, you will want to run deployment commands via your codeship-steps.yml file.
Because each step runs in a separate group of containers, you will likely want to bundle you Google Cloud commands together in a script file that you add to your repository and call from a step:
- name: google-cloud-deployment service: googleclouddeployment command: google-deploy.sh
Inside this deployment script will be all commands you want to run via the Google Cloud or Kubernetes CLI, both included in the deployment image that we maintain.
Here is an example deployment script that you can use as a basis for your own deployments. Note that it authenticates at the top using the command discussed earlier.
#!/bin/bash # Authenticate with the Google Services codeship_google authenticate # Set the default zone to use gcloud config set compute/zone us-central1-a # Starting an Instance in Google Compute Engine gcloud compute instances create testmachine # Stopping an Instance in Google Compute Engine gcloud compute instances delete testmachine -q
In this example:
-
We authenticate with Google Cloud
-
Then, we are setting the default zone to use
-
Next, we are starting an instance in the Google Compute Engine.
As you can see, the deployment script is essentially just standard Google Cloud CLI commands - meaning, you can run any Google Cloud commands that you want.
You can also take a look at a longer example we use for integration testing our container.
App Engine
Deploying your application to App Engine via the gcloud
utility only
involves a couple of commands. Head over to our
Google App Engine deployment articles for the details.
Container Engine And Container Registry
If you are looking to use Google Container Engine and Google Container registry, we maintain specific documentation for using those services.