Deploying a NodeJS Application on GCP with App Engine & CloudBuild (Part 3)

Running the Triggers and Fixing Permissions

This three-part tutorial will walk you through all the steps you need to deploy your NodeJS application to Google App Engine, replete with build triggers from Github and environment variables as the sprinkles on top. This is the third and final installment of the series — the first part is found here, and the second part is found here.

In the second part of the series, we’ve just finished setting up the .yaml files necessary for our application’s deployment. Now it’s time to finish the job, by pushing these files up to Github and ensuring our triggers work as expected (hint: they won’t at first). Let’s go!

Launching the Frontend

Since the frontend is the “default” service, we need to deploy it first.

Thus, open a terminal (I did this in VSCode) and navigate to the folder with your frontend repository. First, make sure you’re on the branch connected to the build trigger — otherwise, it won’t run when we push to Github!

Here I was on master, but then I checked out the branch that my build trig is connected to. Now I can confirm I’m on the right branch!

Once on the right branch, perform the typical git process of git add and git commit , and then use git push to launch the new commit up to Github.

Following the git push , the trigger created in the first part for the frontend repository should run. Thus, navigate to your GCP console, inside the Cloud Build section, and you’ll see… oh no, looks like we’ve got an error.

GCP is trying to be helpful, so let’s follow the link they give at the bottom of the Build Log. Clicking the link will take you to the following page:

Looks like we need to enable this service in order for Cloud Build to actually deploy to App Engine! Let’s click “Enable”.

Looks like it’s set up. However, it’s telling us that “you may need credentials”. As it turns out, we won’t need to generate new ones as Google App Engine has its own! Nonetheless, let’s click on “Create Credentials” to ensure that the API knows we are using GAE.

Right off the bat, we just need to click “Yes, I’m using one or both” and then click “What credentials do I need?” to continue.

As previously mentioned, looks like we don’t need any credentials! After clicking “Done”, we’re taken to the following screen:

Looks like the service account was automatically generated. Great! Now, before we can re-run our trigger, there is one more thing we need to do: fix some permissions.

Permissions

First, let’s click the sidebar so that we can navigate to the right page for adjusting our permissions. Hover over the “IAM & Admin” section, then click on the top result, “IAM”.

This will take us to the following page:

Find the row where the Member column has some string of numbers (this is actually our Project ID) followed by “cloudbuild.gserviceaccount.com”. The Role column should say, “Cloud Build Service Account”. Click on the corresponding pencil icon on the far right side.

The page will then appear as follows:

Click on “Add Another Role”, and a search/dropdown list will come up. Type in “app engine” and the following results should appear. We need to select the bottom result, “App Engine Deployer”, as this will provide Cloud Build with the necessary permissions to actually deploy to Google App Engine with a trigger.

Next, we’ll need to add one more permission, so click on “Add Another Role” again. This time, type in “app engine service”, and the following result will appear:

We need this permission for the traffic splitting we perform in our cloud build steps.

Special thanks to this StackOverflow post for help on these permissions.

Now that these permissions are set, go ahead and save. We should be ready now!

Permissions page should now look like this. See, our project now has some more permissions!

Finally, navigate back to our Cloud Build “Triggers” page and click “Run trigger” on the frontend trigger.

Wait a minute or two and then, tada, it’s a success!

Backend

The backend process will go much more smoothly, as we’ve fixed the issues regarding the App Engine API and permissions — there’s no need to do any of it twice, as it is now set for the entire project.

To deploy the backend, simply follow the same git process on the correct branch ( git add , git commit , git push ), then pull up the Cloud Build page and your backend trigger should have automatically run.

If all goes well, you should see a similar page to this, indicating that your backend deployment was successful.

The Final Check

Finally, navigate back to the App Engine “Dashboard” using the sidebar to check that our application is actually deployed.

The dashboard will appear, with everything seeming normal.

At the top righthand corner, we can see a link to our app. Click it!

Our beautiful application is now deployed.

end.

Thanks for reading! If you have any questions or need further assistance, feel free to leave a comment below.