Skip to content

Cloud Build

Cloud Build is used for CI/CD. It is setup with triggers from Github and we have to workflows that deploy to:

Cloud Build Dashboard

Cloud Build list of builds

Workflows

Each workflow has is based on its own cloudbuild.yml

Cloud Build Triggers

Website

cloudbuild.yml
steps:
  # ----------------------------------------------------------------------------
  # Build website

  - name: node
    entrypoint: npm
    args: ["install"]

  - name: node
    entrypoint: npm
    args: ["run", "build"]
    env:
      - "PUBLIC_VERSION=${SHORT_SHA}"
    secretEnv: ["PUBLIC_FIREBASE_API_KEY"]

  # ----------------------------------------------------------------------------
  # Build docs

  - name: python
    dir: docs
    entrypoint: pip
    args: ["install", "-r", "requirements.txt", "--user"]

  - name: python
    dir: docs
    entrypoint: python
    args: ["-m", "mkdocs", "build"]

  # ----------------------------------------------------------------------------
  # Deploy to Firebase

  - name: us-central1-docker.pkg.dev/demucs-service/firebase/firebase
    args: ["deploy", "--project=demucs-service", "--only=hosting"]

Secret Manager

This workflow also uses Secret Manager to pass the Firebase API key to the build process.

Note

The Firebase API key is not needed to be kept secret. We do that to show whats possible with the build process.

firebase

Secret Manager
cloudbuild.yml
availableSecrets:
  secretManager:
    - versionName: projects/demucs-service/secrets/FIREBASE_API_KEY/versions/1
      env: "PUBLIC_FIREBASE_API_KEY"

Model API to Cloud Run

This workflow was initially created by Cloud Run itself and moved to the Github repository to take advantage of version control.

The workflow builds a docker image, pushes it to the registry and deploys it to Cloud Run

Build Docker image
steps:
  - name: gcr.io/cloud-builders/docker
    args:
      - build
      - "--no-cache"
      - "-t"
      - "${_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${_REPOSITORY}/${_IMAGE}:$COMMIT_SHA"
      - model
      - "-f"
      - model/Dockerfile
    id: Build
Push Docker image
  - name: gcr.io/cloud-builders/docker
    args:
      - push
      - "${_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${_REPOSITORY}/${_IMAGE}:$COMMIT_SHA"
    id: Push
Deploy to Cloud Run
  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk:slim"
    args:
      - run
      - services
      - update
      - $_SERVICE_NAME
      - "--platform=managed"
      - "--image=${_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${_REPOSITORY}/${_IMAGE}:$COMMIT_SHA"
      - >-
        --labels=managed-by=gcp-cloud-build-deploy-cloud-run,commit-sha=$COMMIT_SHA,gcb-build-id=$BUILD_ID,gcb-trigger-id=$_TRIGGER_ID,$_LABELS
      - "--region=$_DEPLOY_REGION"
      - "--quiet"
    id: Deploy
    entrypoint: gcloud