DEV Community

Cover image for UPDATED 2023: Auto deploy AppEngine app from Gitlab
Giuliano Ribeiro
Giuliano Ribeiro

Posted on • Edited on

UPDATED 2023: Auto deploy AppEngine app from Gitlab

Nowadays, CI/CD is a common task during Software Development and almost all platforms enable us to do this automatically. It is not different on Gitlab.
Today, I'll show you how to configure your Gitlab project to automatically deploy to Google Cloud App Engine.

Google Cloud part

First things first

First, you need to setup your App Engine project on GCP console. It is necessary because App Engine requires you to set the region of your app.
If you didn't do this, first you will need to setup using this cmd:

gcloud app create
Setup your App Engine app.

and follow the instructions.

Updates

The stesp below were made a few years ago, so some permissions were changed.
To simplify the process, I paste here a script. Take a look, and change the appropriated information:

export SA_NAME=gitlab-sa
export GCLOUD_PROJECT=<YOUR_PROJECT_ID_HERE>
export SA_EMAIL=${SA_NAME}@${GCLOUD_PROJECT}.iam.gserviceaccount.com

gcloud services enable appengine.googleapis.com cloudbuild.googleapis.com

gcloud iam service-accounts create ${SA_NAME} --display-name 'Gitlab Service Account to deploy' --project ${GCLOUD_PROJECT}

gcloud iam service-accounts keys create ${SA_NAME}.json --iam-account=SA_EMAIL --project ${GCLOUD_PROJECT}

cat ${SA_NAME}.json
Enter fullscreen mode Exit fullscreen mode

Copy the JSON content and save to include in the Gitlab CICD variables page.

Now continue the process, giving to the service account some permissions:


gcloud projects add-iam-policy-binding ${GCLOUD_PROJECT} \
    --member="serviceAccount:${SA_EMAIL}" \
    --role=roles/appengine.appAdmin

gcloud projects add-iam-policy-binding ${GCLOUD_PROJECT} \
    --member="serviceAccount:${SA_EMAIL}" \
    --role=roles/storage.objectAdmin


gcloud projects add-iam-policy-binding ${GCLOUD_PROJECT} \
    --member="serviceAccount:${SA_EMAIL}" \
    --role=roles/iam.serviceAccountUser

gcloud projects add-iam-policy-binding ${GCLOUD_PROJECT} \
    --member="serviceAccount:${SA_EMAIL}" \
    --role=roles/cloudbuild.builds.builder

Enter fullscreen mode Exit fullscreen mode

Service Account and Permissions

Jump to Gitlab Config part, if you already did the script above.

The entire process should be made without human intervention. So, to do this on GCP you'll need a Service Account.

~~First, create a Service Account to be used during the process: ~~Service Account Create

Step 1


Step 1

Step2: Critical step, here you MUST give all those permissions. Without them, the automation will not work properly.

Step 2


Step 2: VERY IMPORTANT!

Step 3: Create a Key


Step 3: Create a Key

Step 4: choose the JSON option.


Step 4: choose the JSON option!

In the last step, you should open the file and copy the content. This content will be necessary to configure the Gitlab.

API Enabling

Some APIs must be enabled before trying to run the deploy.

  1. Enable the App Engine Admin API, here:
    Enable App Engine Admin API

    App Engine Admin API enabling
    App Engine Admin API enabling
  2. Enable Cloud Builder API: Cloud Builder API Enable

    Cloud Build API enabling
    Cloud Build API enabling

Gitlab Config

Now you have all done on GCP, Gitlab part!
Go to your project and configure the CI/CD options:

Gitlab CI/CD menu option


CI/CD menu option

Instead of having the content of your Service Account in a file inside your repository, a best practice is to have this as a variable. So, configure a variable, following the image:

Configure the SERVICE_ACCOUNT_KEY variable with the JSON content downloaded in the Step 4.


Configure the SERVICE_ACCOUNT_KEY variable with the JSON content downloaded in the Step 4.

Gitlab CI file descriptor

To enable all these pieces together is required to "tell" to Gitlab: "Please my friend, run all these now". To do this, you should create a file in your repository called .gitlab-ci.yml, this file describes what you want to do.

xxxxxxxxx


Basic gitlab ci descriptor.

File content available here.
https://gitlab.com/giulianobr/simple-go-app/blob/235de13e310d7614f9b8cb2dab0f804c6b82a041/.gitlab-ci.yml

The CI process runs inside the container platform in Gitlab. At the glance, it seems like a Dockerfile, as you should define and base image where your deploy will run.
In this case, I'm using Google's base image that contains the Google Cloud SDK already installed.
To understand more about all configs available on Gitlab CI, take a look here.

Conclusion

This post aims to help you to deploy an app to App Engine Standard. As my example is a Golang app in the 2nd gen runtime, it is a bit easier. To deploy a Java 8 app is a little bit different. If you want any help to setup your Java 8 app, ask me in the comments, I also have an example for this scenario.

I hope it helps you, people!
See you soon.

You can find this project in my Gitlab project.

Top comments (1)

Collapse
 
sirhamy profile image
Hamilton Greene

Great guide - thanks!

Looks like a few things have changed since this was written.

  1. You now create keys after you've created the service account. So in that step you go to your Service Accounts list, find the one you just created, hit the hamburger button / more options, and then generate the key from there.

  2. You'll now need to give your account the App Engine x environment Service Agent role, where x is Flexible or Standard. There's a lot of discussion about the best way to give access to this role here (stackoverflow.com/questions/642364...) but that role should do it.