Setting up the CI Environment

We are going to setup Cloud Deploy to monitor a branch and kickoff a build when a commit is made to it. This is a really useful service as it happens ON the cloud instance so you don’t need any exported security keys to put into a travis or jenkins instance.

Funny story — I was loose with my credentials and had someone buy $150 of google ads with them so I highly recommend NOT deploying outside of Google Cloud.

Build Trigger

1. Navigate to Cloud Build => Build Triggers => Create Trigger
2. Select Github and go through the OAuth process
3. Select your forked repository
4. Enter a Name, select branch, enter master
5. Select cloudbuild as the build configuration
6. Enter /ci/prod/cloudbuild.yaml as the location
7. Create the trigger

Now go ahead and click Run Trigger

Click on Cloud Builds and the link to your running build. If you see an error like below navigate to the url given, click Enable, and trigger the build again manually as before.

ERROR: (gcloud.app.deploy) User [[email protected]] does not have permission to access app [ci-example-218319] (or it may not exist): App Engine Admin API has not been used in project 615259048819 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/appengine.googleapis.com/overview?project=615259048819 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

If you still get an error like the one below, you will need to add the App Engine Deploy permission to your Cloud Build service account.

ERROR: build step 0 "gcr.io/cloud-builders/gcloud" failed: exit status 1ERRORERROR: (gcloud.app.deploy) Permissions error fetching application [apps/ci-example-218319]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.

Navigate to IAM & accounts and find the account with the Cloud Build Service Account role.

Edit this account and add the App Engine => App Engine Admin role to it

Try your build again… It should succeed and after 5–10 mins you should see a new service show up. We intentionally went through these error conditions to show you how to understand the deployment api permission issues which were an issue when I first started working on this myself.

In our Build History we see two things related to this triggered build. We see the artifacts(docker) that were created and we see the deployed application.

Here we see the deployed prod service from our master build trigger