Page tree
Skip to end of metadata
Go to start of metadata

This is rudimentary info about setting up the Google Cloud Build github marketplace app integration.

Overview

Google Cloud Build is available in the github marketplace. It provides integration between a repo and Google Cloud Build.

Setting up shared netid

By default, github makes it really easy to use your personal credentials to establish the webhook between github and Google. This describes what Eric did to set up a shared netid.

  1. Create shared netid, set administrators to responsible people on your team.
  2. Set netid password and put it in your team lastpass or share it with even more responsible people on your team.
  3. Set email forwarding for shared netid to a list of people that need to administer all this stuff. (We use a group, ie u_mciman_admins@uw.edu) This is the address github would use if something broke I assume.
  4. G Suite enable the shared netid account at provision.uw.edu
  5. For github, have netid added to u_devtools_github_users
  6. Create github account
    1. Username: shared-netid or similar
    2. Set email to <shared-netid>@uw.edu
    3. Set password, share password with other responsible people on your team..
    4. Verify email address to finish github setup.
  7. If you use 2fa on your github organization, enable github two-factor
    1. Enable two-factor
    2. Download recovery codes and save them. Share with other responsible people on your team.
    3. Add app-based two-factor. But can only have one of these.
    4. Can add multiple security keys. Have other responsible people add a security key to the account.
  8. Invite new shared netid github user to your github organization, might take two tries.

In the end the team members responsible for maintaining this automation should have in a secure place the shared netid, shared netid password, github username, github password, github recovery codes (if 2fa) and have a registered 2fa token. And they should have a rough understanding of it. 

Enable shared netid for Github Google Cloud Build

  1. Add IAM permission for <shared-netid>@uw.edu to use cloudbuild in your MCI aux project, ie ours is uwit-mci-ueteam.
    1. Use terraform if. you've got it.
    2. In aux project add <shared-netid>@uw.edu with role:  roles/cloudbuild.builds.editor
  2. Change <shared netid github id> role in your github org to owner so it can install github apps
  3. Log in to github as shared netid user.
  4. Enable github Google Cloud Build https://github.com/marketplace/google-cloud-build
  5. Go through authorization to access account
  6. Link some initial repos.
  7. Configure cloudbuild repositories, triggers https://console.cloud.google.com/cloud-build/triggers


Using Cloud Build

  • Don't have to log in as shared netid user to configure cloud build.
  • After this is setup, any github user with proper access can add additional repos to the cloud build app.
  • Any GCP user with proper access can add additional triggers to Cloud Build.
  • No labels