This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

App Engine Cloud Build Trigger

Posted on 10-21-2022 03:31 PM
smesh
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I've recently deployed GCP App engine by :

  1. Cloning the project repo through cloud shell.
  2. Manually created the app.yaml at the project root (app.yaml contains prod related env, so didn't want to commit to Github). Added app.yaml to .gitignore.
  3. deployed using gcloud app deploy --appyaml=app.yaml
  4. Now I'm trying to trigger the deployment through Cloud Build trigger. I've pushed a cloudbuild.yaml for build definition.
    1. steps:
      - name: "gcr.io/cloud-builders/gcloud"
        args: ["app", "deploy"]

Will this be pulled to my original cloned directory and retain the manually created app.yaml?

0 4 1,054
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
cristianrm
Staff
Reply posted on --/--/---- --:-- AM

For your concern about production related env, you could use secrets from Secret Manager.

As you have cloned your repository from GitHub to Cloud Shell and then you added your app.yaml file, you could deploy your app to Google App Engine as it were deployed from your local machine.

But as app.yaml is not available in GitHub, it will fail when you try to deploy to the App Engine using Cloud Build.

From the steps you’re using, app.yaml could not be accessible for Cloud Build, because Cloud Build uses a source directory (I suppose you are using GitHub as your source directory) and as you mentioned your configuration in .gitignore does not pull 'app.yaml'.

I suggest changing your configuration in order to take advantage of the Secret Manager.

If I misunderstood your question, please add more details.

Posted on --/--/---- --:-- AM
smesh
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Thanks! I did move the configuration to Secret manager; however the configuration/environment variable is not set properly for my application to access. 

- VERTEX_CONFIG_PROFILE is set properly in env for the application to read (_VERTEX_CONFIG_PROFILE was configured through Cloud Build trigger configuration).

- GOOGLE_CLIENT_ID, and GOOGLE_CLIENT_SECRET weren't set properly in env for the application to read. 

cloudbuild.yaml

steps:
- name: "gcr.io/cloud-builders/gcloud"
  args: ["app", "deploy", "app.yaml"]
  secretEnv: [
    'GOOGLE_CLIENT_ID',
    'GOOGLE_CLIENT_SECRET']
  env:
    - 'VERTEX_CONFIG_PROFILE=${_VERTEX_CONFIG_PROFILE}'
timeout: "1600s"
availableSecrets:
  secretManager:
    - versionName: projects/1234567/secrets/GOOGLE_CLIENT_ID/versions/1
      env: 'GOOGLE_CLIENT_ID'
    - versionName: projects/1234567/secrets/GOOGLE_CLIENT_SECRET/versions/1
      env: 'GOOGLE_CLIENT_SECRET'

app.yaml 

runtime: java17
env: standard
instance_class: F1
entrypoint: cd api && java -Xmx1g -jar target/api.jar
service: default
automatic_scaling:
  min_idle_instances: 1

 

0 Likes

Posted on --/--/---- --:-- AM
smesh
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

@cristianrm Any recommendation? I do see the env and security env in the Build Execution details.

smesh_0-1667863278695.png

 

0 Likes

Posted on --/--/---- --:-- AM
smesh
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

@cristianrm Do you have any suggestion to set secret manager values in environment variable for App Engine to consume?

0 Likes