Improve Cloud build auto deployment [PE-177] #78
Conversation
andrewmackett
requested review from
aliminaei,
gryevns,
ipeluffo and
thomas-gr4vy
| fi; | ||
|
|
||
| substitutions: | ||
| _NODE_VERSION: '14' | ||
| _ARTIFACT_STORAGE_BUCKET: '' | ||
| _CACHE_BUCKET: '' | ||
| _GITHUB_TOKEN_LOCATION: '' | ||
| _GR4VY_INSTANCES: '' |
There was a problem hiding this comment.
Because this repo is public we leave the definition here empty to avoid advertising the instance names.
The value for this (and other substitutions) is set within the Google Cloud Build trigger that starts running this job.
There was a problem hiding this comment.
would it make sense to store it in the repo's settings like a secret env var?
There was a problem hiding this comment.
I'm not sure I understand... Do you mean in the GitHub repo's secrets?
This is a Cloud Build job, so doesn't use any secrets from GitHub.
We could add availableSecrets block to this file to allow the Cloud Build step to collect a value from Google Secret Manager, but the values for the instances would still need to be set in Secret Manager, just as they are in the Cloud Build trigger.
Effectively it would just move the values from Cloud Build to Secret Manager. Given that these values are not really secret, we just don't want to make them very public, and that there is a (small) cost for using Secret Manager, I'm not sure it's a better approach to having the values defined in the trigger.
There was a problem hiding this comment.
This is a Cloud Build job, so doesn't use any secrets from GitHub.
ignore me, I thought this was a GH action 🙄
Thanks for the explanation
|
🚀 PR was released in |
Description
Jira: PE-177
Amending the Google Cloud Build config to make it trivial to auto deploy changes to any Gr4vy instances we choose.