From 294171b98a9dcbbedec70d95e05d1b79ab2cde89 Mon Sep 17 00:00:00 2001 From: Aurimas Liutikas Date: Wed, 15 Jun 2022 18:29:48 -0700 Subject: [PATCH] Add instructions on how to set up GCP --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index 09963a2..d48dcc4 100644 --- a/README.md +++ b/README.md @@ -53,3 +53,28 @@ buildCache { } } ``` + +## Setting up Google Cloud Platform project + +1. [Install `gcloud` CLI on your machine](https://cloud.google.com/sdk/docs/install) +2. Create a GCP project `YOUR-GCP-PROJECT` and [set up billing](https://cloud.google.com/billing/docs/how-to/manage-billing-account#create_a_new_billing_account). +3. Create a Google Cloud Storage bucket +```bash +gsutil mb –p YOUR-GCP-PROJECT gs://YOUR-BUCKET-NAME +``` +4. Create IAM roles for read and read/write +```bash +gcloud iam roles create CacheReadWrite --project=YOUR-GCP-PROJECT --title=CacheReadWrite --description="Have access to read and write to remote Gradle cache" --permissions=storage.buckets.get,storage.objects.create,storage.objects.delete,storage.objects.get,storage.objects.getIamPolicy,storage.objects.list +gcloud iam roles create CacheRead --project=YOUR-GCP-PROJECT --title=CacheRead --description="Have access to read from remote Gradle cache" --permissions=storage.buckets.get,storage.objects.get,storage.objects.getIamPolicy,storage.objects.list +``` +5. Create IAM Service Accounts +```bash +gcloud iam service-accounts create cache-read-write --project=YOUR-GCP-PROJECT +gcloud iam service-accounts create cache-read --project=YOUR-GCP-PROJECT +``` +6. Grant the service account roles that we just created +```bash +gcloud projects add-iam-policy-binding YOUR-GCP-PROJECT --member=serviceAccount:cache-read@YOUR-GCP-PROJECT.iam.gserviceaccount.com --role=projects/YOUR-GCP-PROJECT/roles/CacheRead +gcloud projects add-iam-policy-binding YOUR-GCP-PROJECT --member=serviceAccount:cache-read-write@YOUR-GCP-PROJECT.iam.gserviceaccount.com --role=projects/YOUR-GCP-PROJECT/roles/CacheReadWrite +``` +7. Use `YOUR-GCP-PROJECT` and `YOUR-BUCKET-NAME` in the plugin configuration with exported service account credentials.