~oyvindsk/rss-web-reader

ea6bffa83a74846c5152b333f149c699ef41ccb3 — Øyvind Skaar 8 months ago 0df1e9f
sourcehut build, take1 (broken)
2 files changed, 35 insertions(+), 0 deletions(-)

A .build.yml
M notes-sourcehut-build.txt
A .build.yml => .build.yml +32 -0
@@ 0,0 1,32 @@
image: archlinux
packages:
    - docker
    - google-cloud-sdk
sources:
    - https://git.sr.ht/~oyvindsk/rss-web-reader
secrets:
    - 9d61efde-4af5-466e-aa6b-b2987cac54b0
    - e11f80bf-43c5-4cd7-86b2-cc155fa9bb23
    - e62b6180-b306-4f6e-9ca2-ef2a55480f3a
tasks:
    - setup-run: |
        gcloud auth activate-service-account --key-file ~/service-account-secret.json
    - setup-docker: |
        sudo systemctl start docker
    - setup-rss-web-reader: |
        cd rss-web-reader
        cp  ~/SECRET-* .
        source SECRET-config.sh
    - build-docker-image: |
        cd rss-web-reader
        source SECRET-config.sh
        ./deployment/build-docker-image-locally.sh
    - push-docker-image-to-gcr: |
        cd rss-web-reader
        source SECRET-config.sh
        ./deployment/push-local-image-to-google-container-registry.sh
    - deploy-from-gcr: |
        cd rss-web-reader
        source SECRET-config.sh
        ./deployment/deploy-from-google-container-registry.sh
    

M notes-sourcehut-build.txt => notes-sourcehut-build.txt +3 -0
@@ 7,6 7,9 @@ Create a secret, download the secret file as json
Grant the new Service Account permissions to deploy:
To deploy to Cloud Run (fully managed) grant the Cloud Run Admin and Service Account User roles to the Cloud Build service account:
https://cloud.google.com/cloud-build/docs/deploying-builds/deploy-cloud-run

https://stackoverflow.com/questions/55788714/deploying-to-cloud-run-with-a-custom-service-account-failed-with-iam-serviceacco/57689331#57689331
https://stackoverflow.com/questions/55605972/what-predefined-iam-roles-does-a-service-account-need-to-complete-the-google-clo
    

Use service account