Example config for deploying from Travis CI to Google Cloud Run
This repository shows how to use Travis CI to build a container image and
deploy it to Google Cloud Run when you push a new commit.
cloud-run-travisci directory you cloned.Sign up at www.travis-ci.com and enable Travis CI app on your forkedcloud-run-travisci repository at
https://www.travis-ci.com/account/repositories.
Note: If you have an travis-ci.org account instead of .com, replace
--proarguments in this tutorial with--org.
Google Cloud SDK (gcloud): https://cloud.google.com/sdk
travis command-line tool:
sudo gem install travis
travis login --pro # (use --org if you're on travis-ci.ORG and not .COM)
To authenticate to GCP APIs from Travis CI build environment you will need a
service
account.
PROJECT_ID="$(gcloud config get-value project -q)" # fetch current GCP project ID
SVCACCT_NAME=travisci-deployer # choose name for service account
Create a service account:
gcloud iam service-accounts create "${SVCACCT_NAME?}"
Find the email address of this account:
SVCACCT_EMAIL="$(gcloud iam service-accounts list \--filter="name:${SVCACCT_NAME?}@" \--format=value\(email\))"
Create a JSON key to authenticate as this service account, and save it asgoogle-key.json:
gcloud iam service-accounts keys create "google-key.json" \--iam-account="${SVCACCT_EMAIL?}"
You need to give these IAM roles to the service account created:
gcloud projects add-iam-policy-binding "${PROJECT_ID?}" \--member="serviceAccount:${SVCACCT_EMAIL?}" \--role="roles/storage.admin"
gcloud projects add-iam-policy-binding "${PROJECT_ID?}" \--member="serviceAccount:${SVCACCT_EMAIL?}" \--role="roles/run.admin"
gcloud projects add-iam-policy-binding "${PROJECT_ID?}" \--member="serviceAccount:${SVCACCT_EMAIL?}" \--role="roles/iam.serviceAccountUser"
Run the following command
travis encrypt-file --pro google-key.json
This command will print an openssl [...] command, don’t lose it!
Edit the .travis.yml file, and add this commmand to the before_install step:
before_install:-- echo REMOVE_ME # replace with the openssl command from "travis encrypt-file"+- openssl aes-256-cbc -K $encrypted_fbfaf42b268c_key -iv $encrypted_fbfaf42b268c_iv -in google-key.json.enc -out google-key.json -d- curl https://sdk.cloud.google.com | bash > /dev/null...
Edit the .travis.yml and configure the environment variables under the env:
key (such as GCP_PROJECT_ID, IMAGE, and CLOUD_RUN_SERVICE).
Do not add google-key.json file to your repository as it can be
reached by others.
Make a commit, and push the changes to your fork:
git add google-key.json.enc .travis.yml
git commit -m "Enable Travis CI"
git push -u origin master
Go to www.travis-ci.com and view your build results.
There might be errors that require you to fix.
If the build succeeds, the output of gcloud run beta deploy command will show
you the URL your app is deployed on! Visit the URL to see if the application
works!
[...]Deploying container to Cloud Run service [example-app] in project [...] region [us-central1]Deploying new service...Setting IAM Policy.....doneCreating Revision......doneRouting traffic........doneDone.Service [example-app] revision [example-app-00001] has been deployedand is serving traffic at https://example-app-pwfuv4g72q-uc.a.run.app
Delete the service account you created:
gcloud iam service-accounts delete "${SVCACCT_EMAIL?}"
Delete the Cloud Run application you deployed:
gcloud beta run services delete "YOUR-APP-NAME"
👍Did this tutorial work for you? Click “✭Star” on the top right of this
page and let me know!