Setting Up a CI/CD Pipeline on Google Cloud Platform with Cloud Build and Cloud Deploy

Continuous Integration and Continuous Deployment (CI/CD) pipelines are essential for modern software development, enabling teams to automate building, testing, and deploying applications. Google Cloud Platform (GCP) offers robust tools like Cloud Build and Cloud Deploy to streamline these processes. In this blog, we’ll walk through setting up a CI/CD pipeline using Cloud Build for building Docker containers and Cloud Deploy for deploying to Cloud Run, triggered by GitHub repository events.

Overview of GCP CI/CD Tools

  • Cloud Build: A serverless CI/CD platform that automates building, testing, and deploying applications. It supports importing source code from repositories like GitHub, executing builds in Docker containers, and producing artifacts like Docker images. Learn more.
  • Cloud Deploy: A managed service for continuous delivery, enabling automated deployments to multiple environments, such as development, staging, and production, with support for advanced deployment strategies like blue/green or canary deployments.
  • Artifact Registry: A repository for storing Docker images and other artifacts, integrated with Cloud Build and Cloud Deploy for seamless pipeline management.

Prerequisites

Before we begin, ensure you have the following:

  • A Google Cloud Platform account with a project set up.
  • Billing enabled for your GCP project.
  • A GitHub repository with a Dockerfile and application code.
  • Google Cloud CLI installed locally.
  • Permissions: Ensure the Cloud Build service account has the following IAM roles:
    • roles/artifactregistry.admin
    • roles/cloudbuild.builds.editor
    • roles/run.admin (for Cloud Run deployments)

Step-by-Step Guide to Setting Up the CI/CD Pipeline

Step 1: Enable Required APIs

Enable the necessary APIs in your GCP project:

gcloud services enable cloudbuild.googleapis.com
gcloud services enable artifactregistry.googleapis.com
gcloud services enable clouddeploy.googleapis.com
gcloud services enable run.googleapis.com

These APIs enable Cloud Build, Artifact Registry, Cloud Deploy, and Cloud Run services.

Step 2: Set Up Artifact Registry

Create a repository to store your Docker images:

gcloud artifacts repositories create my-repo \
  --repository-format=docker \
  --location=us-central1 \
  --description="Docker repository for CI/CD pipeline"

Replace my-repo with your repository name and us-central1 with your preferred region.

Step 3: Create a Cloud Build Configuration

Create a cloudbuild.yaml file in your GitHub repository root to define the build steps. Below is an example for building and pushing a Docker image, then deploying to Cloud Run:

steps:
  # Build the Docker image
  - name: 'gcr.io/cloud-builders/docker'
    args: ['build', '-t', 'us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA', '.']
  # Push the image to Artifact Registry
  - name: 'gcr.io/cloud-builders/docker'
    args: ['push', 'us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA']
  # Deploy to Cloud Run
  - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
    - 'run'
    - 'deploy'
    - 'my-app'
    - '--image'
    - 'us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA'
    - '--region'
    - 'us-central1'
    - '--platform'
    - 'managed'
    - '--allow-unauthenticated'
images:
  - 'us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA'

This configuration:

  • Builds a Docker image using the Dockerfile in the repository.
  • Pushes the image to Artifact Registry, tagged with the commit SHA.
  • Deploys the image to a Cloud Run service named my-app.

Step 4: Configure GitHub Trigger

Set up a Cloud Build trigger to run the pipeline on code pushes to your GitHub repository:

  1. Navigate to the Cloud Build section in the GCP Console.
  2. Go to Triggers and click Create Trigger.
  3. Configure the trigger:
    • Name: e.g., github-push-trigger
    • Event: Select Push to a branch.
    • Repository: Connect your GitHub repository using the Cloud Build GitHub App.
    • Branch: Specify a branch (e.g., ^main$ for the main branch).
    • Configuration: Select Cloud Build configuration file and specify cloudbuild.yaml.
  4. Click Create to save the trigger.

Now, pushing code to the specified branch will trigger the pipeline.

Step 5: Set Up Cloud Deploy for Multi-Environment Deployments

Cloud Deploy allows you to manage deployments across multiple environments. Create a delivery-pipeline.yaml file:

apiVersion: deploy.cloud.google.com/v1
kind: DeliveryPipeline
metadata:
  name: my-app-pipeline
description: Pipeline for deploying my-app to multiple environments
serialPipeline:
  stages:
  - targetId: dev
    profiles: [dev]
  - targetId: prod
    profiles: [prod]

Define target environments (skaffold.yaml for profiles):

apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
  name: dev
description: Development environment
run:
  location: projects/$PROJECT_ID/locations/us-central1
---
apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
  name: prod
description: Production environment
run:
  location: projects/$PROJECT_ID/locations/us-central1

Apply the pipeline configuration:

gcloud deploy apply --file=delivery-pipeline.yaml --region=us-central1

Integrate Cloud Deploy with Cloud Build by adding a step to cloudbuild.yaml:

  - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
    - 'deploy'
    - 'releases'
    - 'create'
    - 'release-$COMMIT_SHA'
    - '--delivery-pipeline'
    - 'my-app-pipeline'
    - '--region'
    - 'us-central1'
    - '--images'
    - 'my-app=us-central1-docker.pkg.dev/$PROJECT_ID/my-repo/my-app:$COMMIT_SHA'

Step 6: Test the Pipeline

Push a change to your GitHub repository’s main branch. The Cloud Build trigger will:

  • Build and push the Docker image to Artifact Registry.
  • Deploy the image to Cloud Run (via the initial cloudbuild.yaml).
  • Create a release in Cloud Deploy for multi-environment deployment.
Monitor the build progress in the Cloud Build Build History section of the GCP Console. Upon success, you’ll see the deployed service URL in Cloud Run.

Best Practices

  • Use Secret Manager: Store sensitive data like API keys in Google Secret Manager and access them in Cloud Build. Learn more.
  • Monitor Builds: Use Cloud Monitoring to track build performance and set alerts for failures.
  • Implement Testing: Add test steps in cloudbuild.yaml to run unit and integration tests before deployment.
  • Secure Deployments: Use IAM roles with least privilege and Binary Authorization to ensure only trusted images are deployed.
  • Multi-Environment Strategy: Use Cloud Deploy to manage staged rollouts across dev, staging, and prod environments.

Conclusion

By combining Cloud Build and Cloud Deploy, you can create a robust CI/CD pipeline on GCP that automates building, testing, and deploying containerized applications. GitHub triggers ensure the pipeline runs seamlessly on code changes, while Cloud Deploy provides advanced deployment strategies for multiple environments. This setup minimizes manual intervention, reduces errors, and accelerates software delivery.

Try it out and let us know how it works for you! For more details, check the official Cloud Build and Cloud Deploy documentation.

Tags:

Post a Comment

0 Comments