Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to access a GCP Cloud Source Repository from another project?

I have project A and project B.

I use a GCP Cloud Source Repository on project A as my 'origin' remote.

I use Cloud Build with a trigger on changes to the 'develop' branch of the repo to trigger builds. As part of the build I deploy some stuff with the gcloud builder, to project A.

Now, I want to run the same build on project B. Maybe the same branch, maybe a different branch (i.e. 'release-*'). In the end want to deploy some stuff with the gcloud builder to project B.

The problem is, when I'm on project B (in Google Cloud Console), I can't even see the repo in project A. It asks me to "connect repository", but I can only select GitHub or Bitbucket repos for mirroring. The option "Cloud Source Repositories" is greyed out, telling me that they "are already connected". Just evidently not one from another project.

I could set up a new repo on project B, and push to both repos, but that seems inefficient (and likely not sustainable long term). The curious thing is, that such a setup could easily be achieved using an external Bitbucket/GitHub repo as origin and mirrored in both projects.

Is anything like this at all possible in Google Cloud Platform without external dependencies?

I also tried running all my builds in project A and have a separate trigger that deploys to project B (I use substitutions to manage that), but it fails with permission issues. Cloud Builds seem to always run with a Cloud Build service account, of which you can manage the roles, but I can't see how I could give it access to another project. Also in this case both builds would appear indistinguishable in a single build history, which is not ideal.

like image 488
ci_ Avatar asked Nov 18 '19 15:11

ci_


People also ask

How do I connect to a GCP project?

To view a project using the Google Cloud console, do the following: Go to the Dashboard page in the Google Cloud console. Click the Select from drop-down list at the top of the page. In the Select from window that appears, select your project.

What is GCP cloud source repositories?

Cloud Source Repositories are private Git repositories hosted on Google Cloud. These repositories let you develop and deploy an app or service in a space that provides collaboration and version control for your code.


3 Answers

My solution:

  1. From service A, create new Cloud Build on branch release-* with Build Configuration specify $_PROJECT_ID is project B id
  2. On GCP Cloud Build definition, add new Variable name _PROJECT_ID is project B id

NOTE: Remember grant permissons for your service account of project A(@cloudbuild.gserviceaccount.com) on project B

cloudbuild.yaml

  - name: gcr.io/cloud-builders/docker
    args:
      - build
      - '--no-cache'
      - '-t'
      - '$_GCR_HOSTNAME/$_PROJECT_ID/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA'
      - .
      - '-f'
      - Dockerfile
    id: Build
  - name: gcr.io/cloud-builders/docker
    args:
      - push
      - '$_GCR_HOSTNAME/$_PROJECT_ID/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA'
    id: Push
  - name: gcr.io/cloud-builders/gcloud
    args:
      - beta
      - run
      - deploy
      - $_SERVICE_NAME
      - '--platform=managed'
      - '--image=$_GCR_HOSTNAME/$_PROJECT_ID/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA'
      - >-
        --labels=managed-by=gcp-cloud-build-deploy-cloud-run,commit-sha=$COMMIT_SHA,gcb-build-id=$BUILD_ID,gcb-trigger-id=$_TRIGGER_ID,$_LABELS
      - '--region=$_DEPLOY_REGION'
      - '--quiet'
      - '--project=$_PROJECT_ID'
    id: Deploy
    entrypoint: gcloud
images:
  - '$_GCR_HOSTNAME/$_PROJECT_ID/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA'
options:
  substitutionOption: ALLOW_LOOSE
timeout: '20m'
tags:
  - gcp-cloud-build-deploy-cloud-run
  - gcp-cloud-build-deploy-cloud-run-managed
  - driveit-hp-agreement-mngt-api```


  [1]: https://i.stack.imgur.com/XhRJ4.png
like image 79
Hung Hoang Avatar answered Oct 13 '22 21:10

Hung Hoang


I faced a similar problem and I solved it by having multiple Cloud Build files.

A Cloud Build file (which got triggered when codes were pushed to a certain branch) was dedicated to copying all of my source codes into the new project source repo, of which it also has it's own Cloud Build file for deployment to that project.

Here is a sample of the Cloud Build file that copies sources to another project:


steps:
  - name: gcr.io/cloud-builders/git
    args: ['checkout', '--orphan', 'temp']
  - name: gcr.io/cloud-builders/git
    args: ['add', '-A']
  - name: gcr.io/cloud-builders/git
    args: ['config', '--global', 'user.name', 'Your Name']
  - name: gcr.io/cloud-builders/git
    args: ['config', '--global', 'user.email', 'Your Email']
  - name: gcr.io/cloud-builders/git
    args: ['commit', '-am', 'latest production commit']
  - name: gcr.io/cloud-builders/git
    args: ['branch', '-D', 'master']
  - name: gcr.io/cloud-builders/git
    args: ['branch', '-m', 'master']
  - name: gcr.io/cloud-builders/git
    args: ['push', '-f', 'https://source.developers.google.com/p/project-prod/r/project-repo', 'master']


This pushed all of the source codes into the new project.

Note that: You need to give your Cloud Build service account permissions to push source codes into the other project source repositories.

like image 37
Tim Avatar answered Oct 13 '22 20:10

Tim


As you have already said, you can host your repos outside in BitBucket/Github and sync them to each project, but you need to pay an extra for each build.

You could use third party services otherwise to build your repos outside and deploy the result wherever you want for ex. look into CircleCI or similar service.

You could give permissions to build that it could refer to resources from another project, but I would keep them separated to minimize complexity.

like image 2
skjagini Avatar answered Oct 13 '22 22:10

skjagini