Open in app

Sign in

Write

Sign in

Upgrading Your Cloud Run CI/CD with Jenkins

Geekette
3 min readJul 11, 2024

--

Hello fellow techies! Today, I’m taking you on a magical journey into the world of Cloud Run and Jenkins. Grab your coffee, sit back, and let’s get started. First, let me tell you about the repository I found, which is basically a ‘Hello World’ for Cloud Run. Because, let’s be honest, who doesn’t love a good ol’ “Hello World”?

You can check it out here: Hello World Cloud Run CI/CD.

Step 1: Dockerize and Push it Like a Pro.

Alright, let’s roll up our sleeves and get our hands dirty with Docker. First things first, let’s build that Docker image and push it to the registry. Remember, Cloud Run is a bit picky and only likes GCP registries.

docker build -t eu.gcr.io/PROJECT_NAME/demo:0.1 -f Dockerfile .
docker push eu.gcr.io/PROJECT_NAME/demo:0.1

PS: you can use gcloud builds submit to build and push but you need to enable cloudbuild.googleapis.com

I chose the European registry because, well, compliance and stuff. Feel free to choose another region, but Europe has the best chocolate, so…

Oh, and by the way, there’s been an update. Check this out: GCR to Artifact Registry Transition. Always keep up with the latest trends, right?

Step 2: Service Account Shenanigans

Next, you need to create a service account. Think of it as giving Cloud Run the keys to your car. Just make sure it has the right permissions, like:

  • roles/run.developer
  • roles/iam.serviceAccountUser
  • roles/secretmanager.secretAccessor

Step 3: Deploy Like a Boss

Time to deploy our masterpiece. Here’s the command to deploy your Docker image to Cloud Run:

gcloud run deploy demo --image=eu.gcr.io/PROJECT_NAME/demo:0.1 --no-allow-unauthenticated 
--set-env-vars=K_VAR1='value1' --platform managed --update-secrets=/etc/secrets/config=demo_secret:latest
--region europe-west9 --ingress internal

Of course, don’t forget to create the secret before you try to deploy. Secrets are like the special sauce in your grandma’s recipe — crucial but often overlooked.

Step 4: VPC Connector Magic

Finally, let’s add a VPC connector. Think of it as giving your app a direct line to the VPC, like a VIP pass at a concert.

--vpc-connector our-vpc

And there you have it! You’re now a Cloud Run and Jenkins wizard. Stay tuned for more adventures in the world of cloud computing. Until next time, happy deploying!

Let’s just take it to an CICD

I will drop a draft jenkins file not tested nut i know it works , it may need to add credentials to every step or do at global level .

First of all create a json key of your service account
Create a secret in Jenkins with the json key

there is another thing to not deal with the Json named Workload identity xD https://blog.searce.com/how-to-use-google-workload-identity-federation-with-jenkins-d65bfa8c8268

pipeline {
    agent any

    environment {
        PROJECT_ID = 'your-gcp-project-id'
        SERVICE_NAME = 'your-cloud-run-service'
        REGION = 'your-region' // e.g., us-central1
        SECRETS_VOLUME = '/secrets'
    }

    stages {
        stage('Checkout') {
            steps {
                checkout scm
            }
        }
        
        stage('Build') {
            steps {
                script {
                    // Build and push Docker image
                    def image = docker.build("${env.PROJECT_ID}/${env.SERVICE_NAME}:latest")
                    image.push()
                }
            }
        }

        stage('Deploy to Cloud Run') {
            steps {
              withCredentials([[$class: 'FileBinding', credentialsId: 'GCP-Project-keyM', variable: 'JSON_KEY']]) {
                script {
                    // Deploy to Cloud Run with internal visibility and secrets mounted
                    sh """
                    export GOOGLE_APPLICATION_CREDENTIALS=${JSON_KEY}"
                    gcloud run deploy ${env.SERVICE_NAME} \
                        --image eu.gcr.io/${env.PROJECT_ID}/${env.SERVICE_NAME}:latest \
                        --region ${env.REGION} \
                        --allow-unauthenticated \
                        --vpc-connector our-vpc-connector \
                        --no-traffic \
                        --set-env-vars SECRET_PATH=${env.SECRETS_VOLUME} \
                        --port 8080 \
                        --platform managed \
                        --memory 512Mi
                    """
                    
                }
            }
        }
        }
}
        stage('Redirect Traffic to Latest Revision') {
            steps {
                script {
                    // Redirect all traffic to the latest revision
                    sh """
                    gcloud run services update-traffic ${env.SERVICE_NAME} \
                        --to-latest
                    """
                }
            }
        }
    }

    post {
        success {
            echo 'Deployment successful!'
        }
        failure {
            echo 'Deployment failed. Initiating rollback.'
            script {
                // Rollback to the previous revision
                def previousRevision = sh(script: "gcloud run revisions list --service ${env.SERVICE_NAME} --sort-by ~createTime --limit 2 --format 'value(metadata.name)' | tail -n 1", returnStdout: true).trim()
                sh """
                gcloud run services update-traffic ${env.SERVICE_NAME} \
                    --to-revision=${previousRevision}=100
                """
            }
        }
    }
}

--

--

Geekette
Geekette

Written by Geekette

42 Followers
167 Following

Manal lamine just a simple human ( you can call me geekette )

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams