1. circleci/gcp-cli@3.3.0

circleci/gcp-cli@3.3.0

Certified
Sections
Easily install and configure the Google Cloud CLI (gcloud CLI). Supports the Docker and Machine executors.
Created: November 7, 2018Version Published: November 13, 2024Releases: 36
Org Usage:
756
Categories:

Orb Quick Start Guide

Use CircleCI version 2.1 at the top of your .circleci/config.yml file.

1 version: 2.1

Add the orbs stanza below your version, invoking the orb:

1 2 orbs: gcp-cli: circleci/gcp-cli@3.3.0

Use gcp-cli elements in your existing workflows and jobs.

Usage Examples

setup

Install and initalize the gcloud CLI.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 version: '2.1' orbs: gcp-cli: circleci/gcp-cli@3.2.2 jobs: use-gcp: executor: gcp-cli/default steps: - gcp-cli/setup: version: 404.0.0 workflows: install_and_configure_cli: jobs: - use-gcp: context: myContext

Commands

install

Install the gcloud CLI. When installing within the Docker executor, the install will only occur if the CLI isn't already installed. If installing in a Linux machine image, it will remove the pre-installed version and instead install the version specified by this orb.

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
components
The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info.
No
''
string
version
The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives"
No
latest
string

setup

Install and initialize the gcloud CLI. When installing within the Docker executor, the install will only occur if the CLI isn't already installed. If installing in a Linux machine image, it will remove the pre_installed version and instead install the version specified by this orb.

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
components
The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info.
No
''
string
gcloud_service_key
Name of environment variable storing the full service key JSON file for the Google project.
No
GCLOUD_SERVICE_KEY
env_var_name
gcp_cred_config_file_path
Output location of OIDC credentials.
No
~/gcp_cred_config.json
string
google_compute_region
Name of environment variable storing the Google compute region to set as default for the gcloud CLI.
No
GOOGLE_COMPUTE_REGION
env_var_name
google_compute_zone
Name of environment variable storing the Google compute zone to set as default for the gcloud CLI.
No
GOOGLE_COMPUTE_ZONE
env_var_name
google_project_id
Name of environment variable storing the Google project ID to set as default for the gcloud CLI.
No
GOOGLE_PROJECT_ID
env_var_name
google_project_number
Name of environment variable storing the Google project number used to configure OIDC.
No
GOOGLE_PROJECT_NUMBER
env_var_name
service_account_email
Environment variable containing OIDC service account email.
No
OIDC_SERVICE_ACCOUNT_EMAIL
env_var_name
skip_install
Set to true, if want to install step
No
false
boolean
use_oidc
Set to true to enable OIDC
No
false
boolean
version
The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives
No
latest
string
workload_identity_pool_id
Environment variable containing OIDC configured workload identity pool is stored.
No
OIDC_WIP_ID
env_var_name
workload_identity_pool_provider_id
Environment variable containing OIDC configured workload identity pool provider ID is stored.
No
OIDC_WIP_PROVIDER_ID
env_var_name

Executors

default

The default executor is the CircleCI Python Convenience Image.

Show executor Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
version
Python version to use. Take into account the versions of Python available from CircleCI (https://hub.docker.com/r/cimg/python/tags) as well as what is supported by gcloud CLI itself (https://cloud.google.com/sdk/docs/install).
No
'3.8'
string

google

The official Google Docker image with gcloud SDK and CLI pre-installed.

Show executor Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
sdk-version
What version of the Google Cloud SDK Docker image? For full options, see https://hub.docker.com/r/google/cloud-sdk/tags
No
latest
string

machine

CircleCI's machine executor: https://circleci.com/docs/2.0/executor-types/#using-machine

Show executor Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
image
Which machine executor image to use. For details, see https://circleci.com/docs/2.0/configuration-reference/#machine
No
ubuntu-2204:current
string

Orb Source

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 # This code is licensed from CircleCI to the user under the MIT license. # See here for details: https://circleci.com/developer/orbs/licensing version: 2.1 description: | Easily install and configure the Google Cloud CLI (gcloud CLI). Supports the Docker and Machine executors. display: home_url: https://cloud.google.com/sdk source_url: https://github.com/CircleCI-Public/gcp-cli-orb commands: install: description: | Install the gcloud CLI. When installing within the Docker executor, the install will only occur if the CLI isn't already installed. If installing in a Linux machine image, it will remove the pre-installed version and instead install the version specified by this orb. parameters: components: default: "" description: | The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info. type: string version: default: latest description: | The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives" type: string steps: - run: command: | #!/usr/bin/env sh # shellcheck disable=SC3043 # while "local" isn't POSIX, it's supported in many shells. See: https://www.shellcheck.net/wiki/SC3043 fetch_latest_version() { local release_notes local release_notes_exit_code release_notes="$(curl --location --silent --fail --retry 3 https://cloud.google.com/sdk/docs/release-notes)" release_notes_exit_code="$?" [ "$release_notes_exit_code" -gt 0 ] && { printf '%s\n' "Failed to get release notes"; return "$release_notes_exit_code"; } local releases releases="$(printf '%s\n' "$release_notes" | grep -E '<h2 id=".*" data-text=".*">[0-9]+.[0-9]+.[0-9]+.*</h2>' | sed 's/<h2.*>\([0-9]*.[0-9]*.[0-9]*\).*<\/h2>/\1/')" local latest_version latest_version="$(printf '%s\n' "$releases" | head -n 1)" [ -z "$latest_version" ] && { printf '%s\n' "Couldn't find out what is the latest version available."; return 1; } version="$latest_version" } # $1: version install() { local arg_version="$1" [ -z "$arg_version" ] && { printf '%s\n' "No version provided."; return 1; } local install_dir install_dir="$(mktemp -d)" # after version 370, gcloud is called "cli" rather than "sdk" major_version="$(echo "$1" | awk -F. '{print $1}')" if [ "$major_version" -gt 370 ]; then url_path_fixture="cli" else url_path_fixture="sdk"; fi download_with_retry "$url_path_fixture" "$arg_version" "$install_dir" || exit 1 printf '%s\n' ". $install_dir/google-cloud-sdk/path.bash.inc" >> ~/.bashrc printf '%s\n' ". $install_dir/google-cloud-sdk/path.fish.inc" >> ~/.fishrc printf '%s\n' ". $install_dir/google-cloud-sdk/path.zsh.inc" >> ~/.zshrc printf '%s\n' "export PATH=$PATH:$install_dir/google-cloud-sdk/bin" >> ~/.profile printf '%s\n' ". $install_dir/google-cloud-sdk/path.bash.inc" >> "$BASH_ENV" # If the environment is Alpine, remind the user to source $BASH_ENV in every step. if [ -f /etc/os-release ] && grep -q "Alpine" "/etc/os-release"; then printf '%s\n' "Alpine detected. Please make sure to source \$BASH_ENV in every step." printf '%s\n' "Otherwise gcloud won't be available." printf '%s\n' "You can do this by adding the following line in the beginning of your command:" printf '%s\n' "\". \$BASH_ENV\"" # Alpine also needs a workaround since Google's "path.bash.inc" doesn't work. printf '%s\n' "export PATH=$install_dir/google-cloud-sdk/bin:$PATH" >> "$BASH_ENV" fi # shellcheck disable=SC1090 . "$BASH_ENV" if ! command -v gcloud > /dev/null 2>&1; then return 1; fi printf '%s\n' "Google Cloud SDK version: $(gcloud --version)" } uninstall() { if [ "${platform}" != "windows" ] && ! command -v sudo > /dev/null 2>&1; then printf '%s\n' "sudo is required to uninstall the Google Cloud SDK." printf '%s\n' "Please install it and try again." return 1 fi # Set sudo to work whether logged in as root user or non-root user. if [ "$(id -u)" -eq 0 ] || [ "${platform}" = "windows" ]; then sudo=""; else sudo="sudo"; fi local installation_directory installation_directory="$(gcloud info --format='value(installation.sdk_root)')" local config_directory config_directory="$(gcloud info --format='value(config.paths.global_config_dir)')" # shellcheck disable=SC2086 # $sudo is not a variable, it's a command. $sudo rm -rf "$installation_directory" || return 1 # shellcheck disable=SC2086 # $sudo is not a variable, it's a command. $sudo rm -rf "$config_directory" || return 1 } download_and_extract() { local url_path_fixture="$1" local version="$2" local install_directory="$3" if [ "${platform}" = "windows" ]; then output_file="$install_directory/google-cloud-sdk.zip" curl --location --silent --fail --retry 3 --output "$output_file" "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-$url_path_fixture-$version-windows-x86_64.zip" unzip "$output_file" -d "$install_directory" else output_file="$install_directory/google-cloud-sdk.tar.gz" curl --location --silent --fail --retry 3 --output "$output_file" "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-$url_path_fixture-$version-$platform-x86_64.tar.gz" tar -xzf "$output_file" -C "$install_directory" fi return $? } download_with_retry() { local url_path_fixture="$1" local version="$2" local install_directory="$3" local download_tries=0 local max_download_tries=3 while [ $download_tries -lt $max_download_tries ]; do if download_and_extract "$url_path_fixture" "$version" "$install_directory"; then break else download_tries=$((download_tries + 1)) printf "Download failed, retrying... (attempt: %d)\n" "$download_tries" rm -rf "${install_directory:?}"/* fi done if [ $download_tries -ge $max_download_tries ]; then printf "Failed to download and extract the tar file after %d attempts.\n" "$max_download_tries" return 1 fi } # Check if curl is installed if ! command -v curl > /dev/null 2>&1; then printf '%s\n' "curl is required to install the Google Cloud SDK." printf '%s\n' "Please install it and try again." exit 1 fi unameOut="$(uname -s)" case "${unameOut}" in Linux*) platform=linux;; Darwin*) platform=darwin;; CYGWIN*) platform=windows;; MINGW*) platform=windows;; MSYS_NT*) platform=windows;; *) platform="UNKNOWN:${unameOut}" esac printf "Detected platform: %s (%s)\n" "${platform}" "$(python --version)" sort_versions () { local installed_version="$1" local version="$2" if [ "$platform" = "windows" ]; then # this leans on the knowledge that node is bundled in the machine images printf "%s %s" "$installed_version" "$version" | xargs npx semver | head -n 1 else printf '%s\n%s\n' "$installed_version" "$version" | sort -V | head -n 1 fi } # Figure out what is latest version available if "latest" is passed as an argument. version="$ORB_VAL_VERSION" [ "$version" = "latest" ] && fetch_latest_version if command -v gcloud > /dev/null 2>&1; then installed_version="$(gcloud version | head -n 1 | sed 's/Google Cloud SDK \([0-9]*.[0-9]*.[0-9]*\)/\1/')" if [ "$installed_version" != "$version" ]; then # Figure out which version is older between the installed version and the requested version. older_version="$(sort_versions "$installed_version" "$version")" # If the version requested is "latest" and the installed version is newer than the latest version available, skip installation. if [ "$ORB_VAL_VERSION" = "latest" ] && [ "$older_version" = "$version" ]; then printf '%s\n' "The version installed ($installed_version) is newer than the latest version listed in the release notes ($version)." printf '%s\n' "Skipping installation." else printf '%s\n' "The version installed ($installed_version) differs from the version requested ($version)." printf '%s\n' "Uninstalling v${installed_version}..." if ! uninstall; then printf '%s\n' "Failed to uninstall the current version."; exit 1; fi printf '%s\n' "Installing v${version}..." if ! install "$version"; then printf '%s\n' "Failed to install the requested version."; exit 1; fi fi else printf '%s\n' "The version installed ($installed_version) matches the version requested ($version)." printf '%s\n' "Skipping installation." fi else printf '%s\n' "Google Cloud SDK is not installed. Installing it." if ! install "$version"; then printf '%s\n' "Failed to install the requested version."; exit 1; fi fi # Install user provided gcloud components if [ -n "$ORB_VAL_COMPONENTS" ]; then set -f for component in $ORB_VAL_COMPONENTS; do set -- "$@" "$component" done set +f gcloud --quiet components install "$@" fi environment: ORB_VAL_COMPONENTS: <<parameters.components>> ORB_VAL_VERSION: <<parameters.version>> name: Install latest gcloud CLI version, if not available setup: description: | Install and initialize the gcloud CLI. When installing within the Docker executor, the install will only occur if the CLI isn't already installed. If installing in a Linux machine image, it will remove the pre_installed version and instead install the version specified by this orb. parameters: components: default: "" description: | The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info. type: string gcloud_service_key: default: GCLOUD_SERVICE_KEY description: | Name of environment variable storing the full service key JSON file for the Google project. type: env_var_name gcp_cred_config_file_path: default: ~/gcp_cred_config.json description: Output location of OIDC credentials. type: string google_compute_region: default: GOOGLE_COMPUTE_REGION description: | Name of environment variable storing the Google compute region to set as default for the gcloud CLI. type: env_var_name google_compute_zone: default: GOOGLE_COMPUTE_ZONE description: | Name of environment variable storing the Google compute zone to set as default for the gcloud CLI. type: env_var_name google_project_id: default: GOOGLE_PROJECT_ID description: | Name of environment variable storing the Google project ID to set as default for the gcloud CLI. type: env_var_name google_project_number: default: GOOGLE_PROJECT_NUMBER description: | Name of environment variable storing the Google project number used to configure OIDC. type: env_var_name service_account_email: default: OIDC_SERVICE_ACCOUNT_EMAIL description: Environment variable containing OIDC service account email. type: env_var_name skip_install: default: false description: Set to true, if want to install step type: boolean use_oidc: default: false description: Set to true to enable OIDC type: boolean version: default: latest description: | The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives type: string workload_identity_pool_id: default: OIDC_WIP_ID description: | Environment variable containing OIDC configured workload identity pool is stored. type: env_var_name workload_identity_pool_provider_id: default: OIDC_WIP_PROVIDER_ID description: | Environment variable containing OIDC configured workload identity pool provider ID is stored. type: env_var_name steps: - when: condition: not: << parameters.skip_install >> steps: - install: components: << parameters.components >> version: << parameters.version >> - run: command: | #!/usr/bin/env bash # Expand parameters readonly service_key=${!ORB_ENV_SERVICE_KEY} readonly project_id=${!ORB_ENV_PROJECT_ID} readonly compute_zone=${!ORB_ENV_COMPUTE_ZONE} readonly compute_region=${!ORB_ENV_COMPUTE_REGION} # Eval parameters cred_file_path=$(eval "echo $ORB_EVAL_CRED_FILE") # Store service account printf '%s\n' "$service_key" > "$HOME"/gcloud-service-key.json # Initialize gcloud CLI gcloud --quiet config set core/disable_usage_reporting true gcloud --quiet config set component_manager/disable_update_check true # Use oidc if [ "$ORB_VAL_USE_OIDC" = 1 ]; then echo "Authorizing using OIDC token" if [ -z "$CIRCLE_OIDC_TOKEN" ]; then echo "Ensure this job has a context to populate OIDC token" echo "See more: https://circleci.com/docs/openid-connect-tokens/#openid-connect-id-token-availability" exit 1 fi echo "$CIRCLE_OIDC_TOKEN" > "$HOME/oidc_token" # Store OIDC token in temp file gcloud iam workload-identity-pools create-cred-config \ "projects/${!ORB_ENV_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${!ORB_ENV_POOL_ID}/providers/${!ORB_ENV_POOL_PROVIDER_ID}" \ --service-account="${!ORB_ENV_SERVICE_EMAIL}" \ --credential-source-type="text" \ --credential-source-file="$HOME/oidc_token" \ --output-file="$cred_file_path" # Configure gcloud to leverage the generated credential configuration gcloud auth login --brief --cred-file "$cred_file_path" # Configure ADC echo "export GOOGLE_APPLICATION_CREDENTIALS='$cred_file_path'" | tee -a "$BASH_ENV" else gcloud auth activate-service-account --key-file="$HOME"/gcloud-service-key.json fi gcloud --quiet config set project "$project_id" if [[ -n "$compute_zone" ]]; then gcloud --quiet config set compute/zone "$compute_zone" fi if [[ -n "$compute_region" ]]; then gcloud --quiet config set compute/region "$compute_region" fi environment: ORB_ENV_COMPUTE_REGION: <<parameters.google_compute_region>> ORB_ENV_COMPUTE_ZONE: <<parameters.google_compute_zone>> ORB_ENV_POOL_ID: <<parameters.workload_identity_pool_id>> ORB_ENV_POOL_PROVIDER_ID: <<parameters.workload_identity_pool_provider_id>> ORB_ENV_PROJECT_ID: <<parameters.google_project_id>> ORB_ENV_PROJECT_NUMBER: <<parameters.google_project_number>> ORB_ENV_SERVICE_EMAIL: <<parameters.service_account_email>> ORB_ENV_SERVICE_KEY: <<parameters.gcloud_service_key>> ORB_EVAL_CRED_FILE: <<parameters.gcp_cred_config_file_path>> ORB_VAL_USE_OIDC: <<parameters.use_oidc>> name: Initialize gcloud CLI to connect to Google Cloud executors: default: description: The default executor is the CircleCI Python Convenience Image. docker: - image: cimg/python:<<parameters.version>> parameters: version: default: "3.8" description: | Python version to use. Take into account the versions of Python available from CircleCI (https://hub.docker.com/r/cimg/python/tags) as well as what is supported by gcloud CLI itself (https://cloud.google.com/sdk/docs/install). type: string google: description: The official Google Docker image with gcloud SDK and CLI pre-installed. docker: - image: google/cloud-sdk:<<parameters.sdk-version>> parameters: sdk-version: default: latest description: | What version of the Google Cloud SDK Docker image? For full options, see https://hub.docker.com/r/google/cloud-sdk/tags type: string machine: description: | CircleCI's machine executor: https://circleci.com/docs/2.0/executor-types/#using-machine machine: image: <<parameters.image>> parameters: image: default: ubuntu-2204:current description: | Which machine executor image to use. For details, see https://circleci.com/docs/2.0/configuration-reference/#machine type: string examples: setup: description: Install and initalize the gcloud CLI. usage: version: "2.1" orbs: gcp-cli: circleci/gcp-cli@3.2.2 jobs: use-gcp: executor: gcp-cli/default steps: - gcp-cli/setup: version: 404.0.0 workflows: install_and_configure_cli: jobs: - use-gcp: context: myContext
Developer Updates
Get tips to optimize your builds
Or join our research panel and give feedback
By submitting this form, you are agreeing to ourTerms of UseandPrivacy Policy.