How to Set Up a Deployment Pipeline on Google Cloud with Cloud Build and Cloud Functions

Automatically deploying Cloud Function instances when changes get pushed to your Git repositories.

Ivam Luz
Ivam Luz
Jul 28, 2020 · 9 min read
Image for post
Image for post
Photo by roman pentin on Unsplash

Introduction

In my last two articles, I showed How to Set Up a Deployment Pipeline on Google Cloud with Cloud Build, Container Registry and Cloud Run and also How to Develop, Debug and Test your Python Google Cloud Functions on Your Local Dev Environment.

Cloud Build

Cloud Functions

Set Up the GCP Project

Create the Project

To follow this tutorial, you’ll need to have access to a GCP Project. If you don’t have one already, follow these steps to create it:

  1. Once your project is created, make sure it’s selected on the top-left corner, right beside the Google Cloud Platform logo.

Enable the Required APIs

  1. From the top-left menu, select APIs & Services, then click the ENABLE APIS AND SERVICES button;
  2. Enable Cloud Build API, Cloud Functions API and Cloud Resource Manager API.
ERROR: (gcloud.functions.deploy) User [<project-number>@cloudbuild.gserviceaccount.com] does not have permission to access project [<project-id>:testIamPermissions] (or it may not exist): Cloud Resource Manager API has not been used in project <project-number> before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=<project-number> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
  • Find the service account identified by <project-number>@cloudbuild.gserviceaccount.com;
  • Edit the service account and add the Cloud Functions Admin and Service Account User roles.
WARNING: Setting IAM policy failed, try “gcloud alpha functions add-iam-policy-binding sample_http — member=allUsers — role=roles/cloudfunctions.invoker”
ERROR: (gcloud.functions.deploy) ResponseError: status=[403], code=[Forbidden], message=[Missing necessary permission iam.serviceAccounts.actAs for $MEMBER on the service account <project-id>@appspot.gserviceaccount.com.
Ensure that service account <project-id>@appspot.gserviceaccount.com is a member of the project <project-id>, and then grant $MEMBER the role ‘roles/iam.serviceAccountUser’.
You can do that by running ‘gcloud iam service-accounts add-iam-policy-binding <project-id>@appspot.gserviceaccount.com — member=$MEMBER — role=roles/iam.serviceAccountUser’
In case the member is a service account please use the prefix ‘serviceAccount:’ instead of ‘user:’.]

The Sample Repository

The sample repository we’ll use for this tutorial is the same used on the previous one, where we talked about How to Develop, Debug and Test your Python Google Cloud Functions on Your Local Dev Environment. It provides two very basic functions:

The source code for our cloud functions
  • sample_pubsub receives Pub/Sub messages and logs their contents.

Configuring our Cloud Build Pipeline

The steps of our pipeline are defined in a YML file called cloudbuild.yaml. As you can see, our pipeline is composed of two steps:

  1. The second step is responsible for deploying the Pub/Sub-triggered function.
cloudbuild.yaml — Our Cloud Build pipeline file
deploy-http.sh — Scripting for deploying the HTTP-triggered cloud function
deploy-pubsub.sh — Scripting for deploying the Pub/Sub-triggered cloud function

Set Up the Cloud Build Trigger

With everything in place, it’s now time to set up our Cloud Build Trigger. To do so, follow these steps:

Image for post
Image for post
The Cloud Build Triggers page
Image for post
Image for post
Selecting the source to configure the Cloud Builder trigger
Image for post
Image for post
GitHub authorization page
Image for post
Image for post
Cloud Build GitHub App installation prompt
Image for post
Image for post
Selecting the account to install the Google Cloud Build app for GitHub
Image for post
Image for post
Selecting the repository to install the Google Cloud Build app for GitHub
Image for post
Image for post
Connecting the GitHub repository to Cloud Build
Image for post
Image for post
Creating the GitHub repository push trigger
Image for post
Image for post
Editing the Cloud Build trigger
Image for post
Image for post
Cloud Build trigger configuration
  • That the build should be triggered whenever stuff is pushed into the master branch of the repository;
  • That the build configuration is provided by the cloudbuild.yaml file from our repository.

Triggering builds

To test the configuration done so far, you have two options:

  1. Run the trigger manually by clicking the Run trigger button:
Image for post
Image for post
Option to run the Cloud Build trigger manually
Image for post
Image for post
Cloud Build dashboard
  • The build duration;
  • A description of the trigger;
  • A link to the source repository;
  • The hash of the commit for which the build was triggered;
  • A small chart with the Success/Failure build history;
  • The average duration of the builds;
  • The percentage of success and failures.
Image for post
Image for post
Image for post
Image for post
Cloud Build — Build details

Testing the deployed functions

Testing the HTTP-triggered function

To test the HTTP-triggered function, we can make use of the test-deployed-http.sh script:

test-deployed-http.sh helper script

Testing the Pub/Sub-triggered function

To test the Pub/Sub-triggered function, we can make use of the test-deployed-pubsub.sh script:

test-deployed-pubsub.sh helper script
Image for post
Image for post
The log output from Pub/Sub-Triggered function

Clean-up

To undo the changes done while following this tutorial, make sure to:

  • Delete the generated Pub/Sub topic;
  • Delete the Cloud Build configured triggers;

Final Thoughts

In this tutorial, we have gone through the process of setting up a deployment pipeline powered by GitHub, Cloud Build, and Cloud Functions.

CI&T

CI&T combines strategy, design and engineering expertise…

Ivam Luz

Written by

Ivam Luz

A generalist software developer based in Brazil — https://www.linkedin.com/in/ivam-luz-26698617/

CI&T

CI&T

CI&T combines strategy, design and engineering expertise, working cross-functionally to deliver lasting impact to our clients.

Ivam Luz

Written by

Ivam Luz

A generalist software developer based in Brazil — https://www.linkedin.com/in/ivam-luz-26698617/

CI&T

CI&T

CI&T combines strategy, design and engineering expertise, working cross-functionally to deliver lasting impact to our clients.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium