Sela. | Cloud Better.

CD-CD Pipeline - GCP Cloud Build

One of the powerful ways to increase productivity is to automate day-to-day development operations. DevOps is a set of practices where we Build, Test and Deploy code in small frequent steps. One of the core practices is CI (Continuous Integration) where developer commits their code in Shared Code Repositories in daily basis, each commits triggers automated workflow on a CI (Build) Server that notifies developer if there are any issues integrating their changes.

Vikrant Barde, Technical Lead at Sela

 

CI/CD With GCP Cloud Build 

One of the powerful ways to increase productivity is to automate day-to-day development operations. 

DevOps is a set of practices where we Build, Test and Deploy code in small frequent steps. One of the core practices is CI (Continuous Integration) where developer commits their code in Shared Code Repositories in daily basis, each commits triggers automated workflow on a CI (Build) Server that notifies developer if there are any issues integrating their changes.  

The repositories evolve gradually like this, helping to prevent the merge conflicts known as Merge Hell. 
E.g. If two developers are working on a new feature on two separate branches, after a certain duration it’s time to merge the code. Now we have got to know that the code is not compatible with each other, and it results in code conflicts and build issues. We need to put in an ample number of resources and time to resolve this conflict. 

CI/CD Terminologies: 

  • CI – Continuous integration  
  • CD – Continuous Delivery 

Deploy the application anytime by clicking a button/trigger, approval requires to proceed with the build/deployment.  

  • A separate build/deployment trigger is created, the goal is to trigger it manually.   
  • CD – Continuous Deployment  

Automated deployment with no human intervention. 

CloudBuild is GCP’s managed CI/CD service. It takes user’s code from Cloud Source Repositories, GitHub, Bitbucket, or any other code repository. Builds it, runs tests, and stores the result in Google Container Registry (Deprecated) or in an Artifact Registry as a build image. 

In deployment stage, cloud build picks a build image from GCR or artifact registry and deploys it in Kubernetes, AppEngine, or VM as per instruction written in cloudbuild.yaml file. 

Supported Repositories -

CloudBuild supports below repositories 

  1. GitHub 
  1. Bitbucket 
  1. Cloud Source Repositories 
  1. Other repositories. 

To support other repositories, we need to create a mirror of that repository in GCP. You can have a look at Azure Repositories (Azure mirroring) mirroring. 

Cloud Build File 

cloudbuild.yaml file is at the root of your project, it contains an array of steps, and each step is a part of the build process. 

The first property “-name” is a part of the actual command and “args” are parameters to a command. 

Steps and commands mentioned in cloud build files are different for languages and hosting strategies e.g., docker, App Engine, VM, etc. You can learn more about it here.  

Have a look at the following configuration sample for the NodeJS application. 

steps

#Add this step if you need to decrypt file during build
- name: gcr.io/cloud-builders/gcloud 

  id: Decrypt
  args:
  - kms
  - decrypt
  - "--ciphertext-file=.env.enc"
  - "--plaintext-file=.env"
  - "--location=global"
  - "--keyring=user-keyring"
  - "--key=user-key

 

# Install dependencies 

- name: node 

  id: Install 

  entrypoint: npm 

  args: ['install'] 

 

# Run tests 

- name: node 

  id: Test 

  entrypoint: npm 

  args: ['test'] 

 

# Build 

- name: node 

  id: Build 

  entrypoint: npm 

  args: ['run', 'build'] 

 

# Deploy 

- name: node 

  id: Deploy 

  entrypoint: npm 

  args: ['run', 'deploy'] 

 

timeout: 3600s 

options: 

  machineType: N1_HIGHCPU_8 

 

Note: run, build, and deploy commands are defined in package.json in case of 

NodeJS app -

Required IAM Permissions for Cloud Builds 

Cloud Build Editor, Cloud Build Viewer -

Require approval before build execution 

Triggers where this option is enabled, required approval to execute it. Users having the role “Cloud Build Approval” can approve builds. 

Artifact Registry -

Built images are stored in the Artifact Registry on a successful build. In the deployment step we pull the latest image or image having a specific tag from the artifact registry and deploy it into VM, App Engine, Docker, etc. 

Build Notifications -

Cloud build publishes messages when your build state changes, such as build created, in working state and success on “cloud-build” pub/subtopic.  

You can perform some tasks on receiving these build events, like triggering cloud functions and perform some tasks. 

Artifact Registry Notifications -

You can receive notifications on pub/sub “gcp” topics. Applications that subscribe to this topic will receive notifications when the repository's stage changes. For following changes artefact registry will publish messages: 

  1. Image Upload 
  1. New tag added to images 
  2. Image deletion  

Google Container Registry (Deprecated) - 

CloudBuild stores build images in GCR, but now it is deprecated. Use Artifact Registry instead. Security, Encryption  

 

Role required

Crypto Key Decryptor IAM Role Secrets that are required for your app can be a part of a build and we can push it in code repository after encrypting it, we can decrypt it in build process and use it in our application as we can see it is configured in step : “name: gcr.io/cloud-builders/gcloud” 

Benefits 

  1. Cloud Build provides first 120 min per day completely free. 
  1. It’s completely serverless and easy to create and manage.  

 

Conclusion 

In the day-to-day development process CI-CD using GCP’s Cloud Build helps us to increase productivity and rapid deployment.