Google Cloud Build - Artifact Integration with Harness
Google Cloud Build [GCB] is a recent addition to the Google Cloud Platform [GCP] suite of services. Google Cloud Build helps to answer Continuous Integration question with GCP. Google Cloud Build is a contemporary solution to Amazon CodeBuild and potentially Azure DevOps. Google Cloud Build needs code to turn into an artifact and works well with Google Cloud Source Repositories [CSR].
CSR + GCB + GCR + Harness = Amaze
Leveraging Google Cloud Build as an artifact endpoint is simple to achieve on the Harness Platform. In this example, our All Things Google Expert, Brett Zane @brett triggers a Google Cloud Build from a Google Cloud Source Repository which is pushed to a Google Container Registry [GCR]. With this Harness example, you can specify which version of the produced GCB artifact which in this example is stored in Google Container Registry.
Simple yet Elegant
Cloud Build Wiring - Cloud Build Step
We are assuming that you have appropriate access to the Cloud Build API and that Google Cloud Platform is setup in Harness as a Cloud Provider. The Harness Workflow “Cloud Build” step is a shell script [which is at the bottom of this post] that we wired up. This leverages the Google Cloud CLI.
As part of the Workflow we pass Workflow Variables to the shell script via the Harness UI. Cool!
Shell Build Highlight
Loaded into Harness
Where is my artifact GCB?! - Artifact Collection Step
When submitting a build, by using the --tag attribute we can push to a GCR registry. We can set up the Shell Script to ask for the container image name [label] with a Workflow Variable for what was/to-be just built.
The great news is that since we are using a GCR registry, our integration and deployment steps from Harness is pretty straightforward like any other Docker Registry.
Smooth as Butter
Deploying from a Docker Registry in this case GCR is simple.
Very Simple with Harness
Shell Goodness
# Script template with parameters:
#
# project : Name of the GCP project containing the CSR repo and GCB job
# repo : Name of the repo in CSR
# registry : Hostname for the GCR registry (gcr.io, us.gcr.io, etc)
# image : Name of the GCR image to generate from GCB job
# tag : Tag name for the built image
# Any values that will never change could be hardcoded here and removed as a parameter
PROJECT=${project}
REPO=${repo}
REGISTRY=${registry}
IMAGE=${image}
TAG=${tag}
# Set working directory
echo
mkdir -p /tmp/cloud_build/
cd /tmp/cloud_build
# Authenticate with GCP service account
# Service account json encoded as base64 and stored in Harness secret manager
# as encrypted text with name "cloud-build-service-account"
#
# To create encoded base64: base64 -w 0 gcp-service-account.json
echo ${secrets.getValue("cloud-build-service-account")} | base64 -d > gcp-service-account.json
gcloud auth activate-service-account --project=$PROJECT --key-file=gcp-service-account.json 2>&1
# Checkout code from CSR
if [[ -e $REPO_NAME ]]; then
echo Repo exists. Pulling latest.
cd $REPO_NAME
git pull 2>&1
else
echo Repo not found. Cloning.
gcloud source repos clone $REPO_NAME --project=$PROJECT 2>&1
cd $REPO_NAME
fi
cd src
# Trigger Cloud Build
echo
echo Submitting to Cloud Build
gcloud builds submit --tag $REGISTRY/$PROJECT/$IMAGE:$TAG . &> /tmp/cloud_build/output
# Check status
echo
cat /tmp/cloud_build/output
BUILD_ID=$(sed -n -e "s/^starting build \"\(.*\)\"/\1/p" /tmp/cloud_build/output)
STATUS=$(gcloud builds describe $BUILD_ID | grep "^status:" | cut -d ' ' -f 2)
if [[ "$STATUS" != SUCCESS ]]; then
echo
echo Build had status [$STATUS] 1>&2
echo
exit 1
fi
echo
Cheers!
-Brett and Ravi