Automatically deploy resources to Google Cloud from Terraform code hosted in the source control repository.
To be able to realize all the steps of this article, you will need a functional google cloud account (You can use the free trial ), a Github account, and some basic knowledge in Google Cloud and Terraform.
Granting necessary permissions to Cloud Build
To be able to perform the necessary deployments on the infrastructure, Cloud Build will need proper permissions. In this lab I will go faster by giving the service account the project editor role. Get the Cloud Build service account and give it the necessary permissions so that it can make required changes to the resources.
Of course, in a production environment it is necessary to comply with the principle of least privilege.
To do so, run the following command in the cloud shell
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:theCloudBuidServiceAccount --role roles/editor
To get Cloud Build service account, click on Cloud Build then settings And there you will find the email address of the service account
Setup the Github repo and connect Cloud Build to it
Login to Github and create a new repo , then upload Terraform files or edit new ones directly on Github. [Click here](Github.com/davWK/ci-cd-terraform-cloudbuild.. to fork my example infrastructure files repository, or if you are comfortable with Terraform and want to deploy a custom infrastructure write ones from scratch. After that go to Cloud Build to set up automated deployment with a build trigger, you will use Cloud Build and its build triggers to deploy your ressources automatically every time you push a new git commit to the source repository.
Go to Cloud Build
And on the left select trigger
click on create trigger
Give it a name, and for the event choose push to the branch
For the source , select repository and click connect new repository Here it is possible to link a Github repo to Cloud Build by mirroring a Github repository to Cloud Source Repositories or by using Google Cloud Build Github app. We will use the application in this case see how to configure the application . After configuring the app,
Back to create trigger page, and click on repository and choose the newly created repository
In branch set it to ^master$ or ^main$
For the configuration type choose Cloud Build configuration file (yaml or json) and in your Github repo create a cloudbuid.yaml with the content below.
steps: - id: 'tf init' name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' - | terraform init - id: 'tf apply' name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' - | terraform apply -auto-approve
Back yo trigger page, in the location, by selecting repository, put the path to the yaml file or choose inline (in this case you would not need to create the yaml file in the repo but rather paste the yaml content directly into code editor) Leave the other values as default and click on create
Voila :) the deployment of your resources should start automatically if you make a push of the yaml file created previously, if not you can run it manually for the first time, for the next times as soon as you update your Terraform configuration the update of your resources should be done automatically