Support using a customer service account to run Cloud Build triggers in the cicd recipe #1031
Assignees
Labels
Comments
xingao267
added
cicd
|
PR #5237 for adding the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The work needs to be done are roughly
Follow this and add necessary resources to our cicd recipe, which includes a new logging bucket, an optional service account (either passed in or created in our recipe, toggled by an input param). The service account will later be used in
google_cloudbuild_triggerresources.The feature to use a custom SA in cloud build triggers are still in beta, and Terraform's google beta provider does not seem to support that yet. See pending issue. The code to support that likely should be added here. We can help implement that. Terraform provider has a weekly release schedule. Once the change is approved and merged, it might take 1-2 weeks for it to be available, so need to plan accordingly.
Note: the cloud build's doc suggests that feature is still in beta, but in that issue in terraform provider repo, someone suggests that it's already GA. This is something to look into a bit more and verify.
Change the google_cloudbuild_trigger resources in cicd recipe to use the service account. If need to switch to beta provider, we should add google-beta in the resource's
providerfield. The cloudbuild yaml file should be modified to use the custom logging bucket as well.Test, add docs for upgrade instructions, etc.
The text was updated successfully, but these errors were encountered: