Cloud Build
steps:
- name: gcr.io/cloud-builders/git
args: ["fetch", "--unshallow", "--tags"]
- name: gcr.io/cloud-builders/docker
args: ['build', '-t', 'gcr.io/$PROJECT_ID/$REPO_NAME', '.']
- name: gcr.io/cloud-builders/docker
args: ["push", "gcr.io/$PROJECT_ID/$REPO_NAME:latest"]
- name: 'gcr.io/cloud-builders/gcloud'
args: ['run', 'deploy', '$REPO_NAME', '--image', 'gcr.io/$PROJECT_ID/$REPO_NAME:latest', '--region', 'us-central1', '--platform', 'managed', '--allow-unauthenticated', '--add-cloudsql-instances', '/next18-industrysolutions-trax:us-central1:soundtracker-production/']
Cloud Run IAM
# Config
GC_PROJECT=your-gcp-project-id
GC_PROJECT_NUMBER=your-gcp-project-number
# Grant the Cloud Run Admin role to the Cloud Build service account
gcloud projects add-iam-policy-binding $GC_PROJECT \
--member "serviceAccount:$GC_PROJECT_NUMBER@cloudbuild.gserviceaccount.com" \
--role roles/run.admin
# Grant the IAM Service Account User role to the Cloud Build service account on the Cloud Run runtime service account
gcloud iam service-accounts add-iam-policy-binding \
$GC_PROJECT_NUMBER-compute@developer.gserviceaccount.com \
--member="serviceAccount:$GC_PROJECT_NUMBER@cloudbuild.gserviceaccount.com" \
--role="roles/iam.serviceAccountUser"
# _variables
variable "region" {
default = "us-central1"
}
variable "project" {
default = "<project-id>"
}
variable "env" {
default="dev"
type = "string"
}
variable "repo" {
default = "sandbox"
}
variable "email" {
default = "mguttenplan@wearesparks.com"
}
# _provider.tf
# Specify whether to use GCP, Azure, AWS, etc. We will use GCP.
provider "google" {
credentials = "${file("./creds.json")}"
project = "${var.project}"
region = "${var.region}"
}
# List of APIs to Enable
resource "google_project_service" "service" {
for_each = toset([
"cloudresourcemanager.googleapis.com",
"oslogin.googleapis.com",
"compute.googleapis.com",
"container.googleapis.com",
"containerregistry.googleapis.com",
"cloudbuild.googleapis.com",
"deploymentmanager.googleapis.com",
"dns.googleapis.com",
"logging.googleapis.com",
"monitoring.googleapis.com",
"pubsub.googleapis.com",
"replicapool.googleapis.com",
"replicapoolupdater.googleapis.com",
"resourceviews.googleapis.com",
"servicemanagement.googleapis.com",
"servicenetworking.googleapis.com",
"sql-component.googleapis.com",
"sqladmin.googleapis.com",
"storage-api.googleapis.com",
])
service = each.key
project = "${var.project}"
disable_on_destroy = false
}
data "google_iam_policy" "admin" {
binding {
role = "roles/source.reader"
members = []
}
binding {
role = "roles/source.writer"
members = ["user:${var.email}"]
}
}
resource "google_sourcerepo_repository" "repo" {
name = "${var.repo}"
}
resource "google_sourcerepo_repository_iam_policy" "repo" {
project = google_sourcerepo_repository.repo.project
repository = google_sourcerepo_repository.repo.name
policy_data = data.google_iam_policy.admin.policy_data
}
resource "google_cloudbuild_trigger" "image" {
project = google_sourcerepo_repository.repo.project
trigger_template {
branch_name = "master"
repo_name = google_sourcerepo_repository.repo.name
}
filename = "cloudbuild_prod.yaml"
}
resource "google_cloudbuild_trigger" "image" {
project = google_sourcerepo_repository.repo.project
trigger_template {
branch_name = "dev"
repo_name = google_sourcerepo_repository.repo.name
}
filename = "cloudbuild_dev.yaml"
}