Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
gcp-cli: circleci/gcp-cli@3.3.0
Use gcp-cli
elements in your existing workflows and jobs.
Install and initalize the gcloud CLI.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
version: '2.1'
orbs:
gcp-cli: circleci/gcp-cli@3.2.2
jobs:
use-gcp:
executor: gcp-cli/default
steps:
- gcp-cli/setup:
version: 404.0.0
workflows:
install_and_configure_cli:
jobs:
- use-gcp:
context: myContext
Install the gcloud CLI. When installing within the Docker executor, the install will only occur if the CLI isn't already installed. If installing in a Linux machine image, it will remove the pre-installed version and instead install the version specified by this orb.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
components | The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info.
| No | '' | string |
version | The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives"
| No | latest | string |
Install and initialize the gcloud CLI. When installing within the Docker executor, the install will only occur if the CLI isn't already installed. If installing in a Linux machine image, it will remove the pre_installed version and instead install the version specified by this orb.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
components | The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info.
| No | '' | string |
gcloud_service_key | Name of environment variable storing the full service key JSON file
for the Google project.
| No | GCLOUD_SERVICE_KEY | env_var_name |
gcp_cred_config_file_path | Output location of OIDC credentials. | No | ~/gcp_cred_config.json | string |
google_compute_region | Name of environment variable storing the Google compute region to set as
default for the gcloud CLI.
| No | GOOGLE_COMPUTE_REGION | env_var_name |
google_compute_zone | Name of environment variable storing the Google compute zone to set as
default for the gcloud CLI.
| No | GOOGLE_COMPUTE_ZONE | env_var_name |
google_project_id | Name of environment variable storing the Google project ID to set as
default for the gcloud CLI.
| No | GOOGLE_PROJECT_ID | env_var_name |
google_project_number | Name of environment variable storing the Google project number
used to configure OIDC.
| No | GOOGLE_PROJECT_NUMBER | env_var_name |
service_account_email | Environment variable containing OIDC service account email. | No | OIDC_SERVICE_ACCOUNT_EMAIL | env_var_name |
skip_install | Set to true, if want to install step | No | false | boolean |
use_oidc | Set to true to enable OIDC | No | false | boolean |
version | The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives
| No | latest | string |
workload_identity_pool_id | Environment variable containing OIDC configured workload identity pool is stored.
| No | OIDC_WIP_ID | env_var_name |
workload_identity_pool_provider_id | Environment variable containing OIDC configured workload identity pool provider ID is stored.
| No | OIDC_WIP_PROVIDER_ID | env_var_name |
The default executor is the CircleCI Python Convenience Image.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
version | Python version to use. Take into account the versions of Python available
from CircleCI (https://hub.docker.com/r/cimg/python/tags) as well as what
is supported by gcloud CLI itself (https://cloud.google.com/sdk/docs/install).
| No | '3.8' | string |
The official Google Docker image with gcloud SDK and CLI pre-installed.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
sdk-version | What version of the Google Cloud SDK Docker image? For full options, see https://hub.docker.com/r/google/cloud-sdk/tags
| No | latest | string |
CircleCI's machine executor: https://circleci.com/docs/2.0/executor-types/#using-machine
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
image | Which machine executor image to use. For details, see
https://circleci.com/docs/2.0/configuration-reference/#machine
| No | ubuntu-2204:current | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
version: 2.1
description: |
Easily install and configure the Google Cloud CLI (gcloud CLI).
Supports the Docker and Machine executors.
display:
home_url: https://cloud.google.com/sdk
source_url: https://github.com/CircleCI-Public/gcp-cli-orb
commands:
install:
description: |
Install the gcloud CLI. When installing within the Docker executor, the
install will only occur if the CLI isn't already installed. If installing in
a Linux machine image, it will remove the pre-installed version and instead
install the version specified by this orb.
parameters:
components:
default: ""
description: |
The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info.
type: string
version:
default: latest
description: |
The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives"
type: string
steps:
- run:
command: |
#!/usr/bin/env sh
# shellcheck disable=SC3043 # while "local" isn't POSIX, it's supported in many shells. See: https://www.shellcheck.net/wiki/SC3043
fetch_latest_version() {
local release_notes
local release_notes_exit_code
release_notes="$(curl --location --silent --fail --retry 3 https://cloud.google.com/sdk/docs/release-notes)"
release_notes_exit_code="$?"
[ "$release_notes_exit_code" -gt 0 ] && { printf '%s\n' "Failed to get release notes"; return "$release_notes_exit_code"; }
local releases
releases="$(printf '%s\n' "$release_notes" | grep -E '<h2 id=".*" data-text=".*">[0-9]+.[0-9]+.[0-9]+.*</h2>' | sed 's/<h2.*>\([0-9]*.[0-9]*.[0-9]*\).*<\/h2>/\1/')"
local latest_version
latest_version="$(printf '%s\n' "$releases" | head -n 1)"
[ -z "$latest_version" ] && { printf '%s\n' "Couldn't find out what is the latest version available."; return 1; }
version="$latest_version"
}
# $1: version
install() {
local arg_version="$1"
[ -z "$arg_version" ] && { printf '%s\n' "No version provided."; return 1; }
local install_dir
install_dir="$(mktemp -d)"
# after version 370, gcloud is called "cli" rather than "sdk"
major_version="$(echo "$1" | awk -F. '{print $1}')"
if [ "$major_version" -gt 370 ]; then url_path_fixture="cli"
else url_path_fixture="sdk"; fi
download_with_retry "$url_path_fixture" "$arg_version" "$install_dir" || exit 1
printf '%s\n' ". $install_dir/google-cloud-sdk/path.bash.inc" >> ~/.bashrc
printf '%s\n' ". $install_dir/google-cloud-sdk/path.fish.inc" >> ~/.fishrc
printf '%s\n' ". $install_dir/google-cloud-sdk/path.zsh.inc" >> ~/.zshrc
printf '%s\n' "export PATH=$PATH:$install_dir/google-cloud-sdk/bin" >> ~/.profile
printf '%s\n' ". $install_dir/google-cloud-sdk/path.bash.inc" >> "$BASH_ENV"
# If the environment is Alpine, remind the user to source $BASH_ENV in every step.
if [ -f /etc/os-release ] && grep -q "Alpine" "/etc/os-release"; then
printf '%s\n' "Alpine detected. Please make sure to source \$BASH_ENV in every step."
printf '%s\n' "Otherwise gcloud won't be available."
printf '%s\n' "You can do this by adding the following line in the beginning of your command:"
printf '%s\n' "\". \$BASH_ENV\""
# Alpine also needs a workaround since Google's "path.bash.inc" doesn't work.
printf '%s\n' "export PATH=$install_dir/google-cloud-sdk/bin:$PATH" >> "$BASH_ENV"
fi
# shellcheck disable=SC1090
. "$BASH_ENV"
if ! command -v gcloud > /dev/null 2>&1; then return 1; fi
printf '%s\n' "Google Cloud SDK version: $(gcloud --version)"
}
uninstall() {
if [ "${platform}" != "windows" ] && ! command -v sudo > /dev/null 2>&1; then
printf '%s\n' "sudo is required to uninstall the Google Cloud SDK."
printf '%s\n' "Please install it and try again."
return 1
fi
# Set sudo to work whether logged in as root user or non-root user.
if [ "$(id -u)" -eq 0 ] || [ "${platform}" = "windows" ]; then sudo=""; else sudo="sudo"; fi
local installation_directory
installation_directory="$(gcloud info --format='value(installation.sdk_root)')"
local config_directory
config_directory="$(gcloud info --format='value(config.paths.global_config_dir)')"
# shellcheck disable=SC2086 # $sudo is not a variable, it's a command.
$sudo rm -rf "$installation_directory" || return 1
# shellcheck disable=SC2086 # $sudo is not a variable, it's a command.
$sudo rm -rf "$config_directory" || return 1
}
download_and_extract() {
local url_path_fixture="$1"
local version="$2"
local install_directory="$3"
if [ "${platform}" = "windows" ]; then
output_file="$install_directory/google-cloud-sdk.zip"
curl --location --silent --fail --retry 3 --output "$output_file" "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-$url_path_fixture-$version-windows-x86_64.zip"
unzip "$output_file" -d "$install_directory"
else
output_file="$install_directory/google-cloud-sdk.tar.gz"
curl --location --silent --fail --retry 3 --output "$output_file" "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-$url_path_fixture-$version-$platform-x86_64.tar.gz"
tar -xzf "$output_file" -C "$install_directory"
fi
return $?
}
download_with_retry() {
local url_path_fixture="$1"
local version="$2"
local install_directory="$3"
local download_tries=0
local max_download_tries=3
while [ $download_tries -lt $max_download_tries ]; do
if download_and_extract "$url_path_fixture" "$version" "$install_directory"; then
break
else
download_tries=$((download_tries + 1))
printf "Download failed, retrying... (attempt: %d)\n" "$download_tries"
rm -rf "${install_directory:?}"/*
fi
done
if [ $download_tries -ge $max_download_tries ]; then
printf "Failed to download and extract the tar file after %d attempts.\n" "$max_download_tries"
return 1
fi
}
# Check if curl is installed
if ! command -v curl > /dev/null 2>&1; then
printf '%s\n' "curl is required to install the Google Cloud SDK."
printf '%s\n' "Please install it and try again."
exit 1
fi
unameOut="$(uname -s)"
case "${unameOut}" in
Linux*) platform=linux;;
Darwin*) platform=darwin;;
CYGWIN*) platform=windows;;
MINGW*) platform=windows;;
MSYS_NT*) platform=windows;;
*) platform="UNKNOWN:${unameOut}"
esac
printf "Detected platform: %s (%s)\n" "${platform}" "$(python --version)"
sort_versions () {
local installed_version="$1"
local version="$2"
if [ "$platform" = "windows" ]; then
# this leans on the knowledge that node is bundled in the machine images
printf "%s %s" "$installed_version" "$version" | xargs npx semver | head -n 1
else
printf '%s\n%s\n' "$installed_version" "$version" | sort -V | head -n 1
fi
}
# Figure out what is latest version available if "latest" is passed as an argument.
version="$ORB_VAL_VERSION"
[ "$version" = "latest" ] && fetch_latest_version
if command -v gcloud > /dev/null 2>&1; then
installed_version="$(gcloud version | head -n 1 | sed 's/Google Cloud SDK \([0-9]*.[0-9]*.[0-9]*\)/\1/')"
if [ "$installed_version" != "$version" ]; then
# Figure out which version is older between the installed version and the requested version.
older_version="$(sort_versions "$installed_version" "$version")"
# If the version requested is "latest" and the installed version is newer than the latest version available, skip installation.
if [ "$ORB_VAL_VERSION" = "latest" ] && [ "$older_version" = "$version" ]; then
printf '%s\n' "The version installed ($installed_version) is newer than the latest version listed in the release notes ($version)."
printf '%s\n' "Skipping installation."
else
printf '%s\n' "The version installed ($installed_version) differs from the version requested ($version)."
printf '%s\n' "Uninstalling v${installed_version}..."
if ! uninstall; then printf '%s\n' "Failed to uninstall the current version."; exit 1; fi
printf '%s\n' "Installing v${version}..."
if ! install "$version"; then printf '%s\n' "Failed to install the requested version."; exit 1; fi
fi
else
printf '%s\n' "The version installed ($installed_version) matches the version requested ($version)."
printf '%s\n' "Skipping installation."
fi
else
printf '%s\n' "Google Cloud SDK is not installed. Installing it."
if ! install "$version"; then printf '%s\n' "Failed to install the requested version."; exit 1; fi
fi
# Install user provided gcloud components
if [ -n "$ORB_VAL_COMPONENTS" ]; then
set -f
for component in $ORB_VAL_COMPONENTS; do
set -- "$@" "$component"
done
set +f
gcloud --quiet components install "$@"
fi
environment:
ORB_VAL_COMPONENTS: <<parameters.components>>
ORB_VAL_VERSION: <<parameters.version>>
name: Install latest gcloud CLI version, if not available
setup:
description: |
Install and initialize the gcloud CLI. When installing within the Docker executor, the
install will only occur if the CLI isn't already installed. If installing in
a Linux machine image, it will remove the pre_installed version and instead
install the version specified by this orb.
parameters:
components:
default: ""
description: |
The list of gcloud components to install. Space separated. See https://cloud.google.com/sdk/docs/components for additional info.
type: string
gcloud_service_key:
default: GCLOUD_SERVICE_KEY
description: |
Name of environment variable storing the full service key JSON file
for the Google project.
type: env_var_name
gcp_cred_config_file_path:
default: ~/gcp_cred_config.json
description: Output location of OIDC credentials.
type: string
google_compute_region:
default: GOOGLE_COMPUTE_REGION
description: |
Name of environment variable storing the Google compute region to set as
default for the gcloud CLI.
type: env_var_name
google_compute_zone:
default: GOOGLE_COMPUTE_ZONE
description: |
Name of environment variable storing the Google compute zone to set as
default for the gcloud CLI.
type: env_var_name
google_project_id:
default: GOOGLE_PROJECT_ID
description: |
Name of environment variable storing the Google project ID to set as
default for the gcloud CLI.
type: env_var_name
google_project_number:
default: GOOGLE_PROJECT_NUMBER
description: |
Name of environment variable storing the Google project number
used to configure OIDC.
type: env_var_name
service_account_email:
default: OIDC_SERVICE_ACCOUNT_EMAIL
description: Environment variable containing OIDC service account email.
type: env_var_name
skip_install:
default: false
description: Set to true, if want to install step
type: boolean
use_oidc:
default: false
description: Set to true to enable OIDC
type: boolean
version:
default: latest
description: |
The version of the gcloud CLI to install. If left to "latest", the latest version will be installed. Otherwise, provide the full version number as it appears in the URL on this page: https://cloud.google.com/sdk/docs/downloads-versioned-archives
type: string
workload_identity_pool_id:
default: OIDC_WIP_ID
description: |
Environment variable containing OIDC configured workload identity pool is stored.
type: env_var_name
workload_identity_pool_provider_id:
default: OIDC_WIP_PROVIDER_ID
description: |
Environment variable containing OIDC configured workload identity pool provider ID is stored.
type: env_var_name
steps:
- when:
condition:
not: << parameters.skip_install >>
steps:
- install:
components: << parameters.components >>
version: << parameters.version >>
- run:
command: |
#!/usr/bin/env bash
# Expand parameters
readonly service_key=${!ORB_ENV_SERVICE_KEY}
readonly project_id=${!ORB_ENV_PROJECT_ID}
readonly compute_zone=${!ORB_ENV_COMPUTE_ZONE}
readonly compute_region=${!ORB_ENV_COMPUTE_REGION}
# Eval parameters
cred_file_path=$(eval "echo $ORB_EVAL_CRED_FILE")
# Store service account
printf '%s\n' "$service_key" > "$HOME"/gcloud-service-key.json
# Initialize gcloud CLI
gcloud --quiet config set core/disable_usage_reporting true
gcloud --quiet config set component_manager/disable_update_check true
# Use oidc
if [ "$ORB_VAL_USE_OIDC" = 1 ]; then
echo "Authorizing using OIDC token"
if [ -z "$CIRCLE_OIDC_TOKEN" ]; then
echo "Ensure this job has a context to populate OIDC token"
echo "See more: https://circleci.com/docs/openid-connect-tokens/#openid-connect-id-token-availability"
exit 1
fi
echo "$CIRCLE_OIDC_TOKEN" > "$HOME/oidc_token"
# Store OIDC token in temp file
gcloud iam workload-identity-pools create-cred-config \
"projects/${!ORB_ENV_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${!ORB_ENV_POOL_ID}/providers/${!ORB_ENV_POOL_PROVIDER_ID}" \
--service-account="${!ORB_ENV_SERVICE_EMAIL}" \
--credential-source-type="text" \
--credential-source-file="$HOME/oidc_token" \
--output-file="$cred_file_path"
# Configure gcloud to leverage the generated credential configuration
gcloud auth login --brief --cred-file "$cred_file_path"
# Configure ADC
echo "export GOOGLE_APPLICATION_CREDENTIALS='$cred_file_path'" | tee -a "$BASH_ENV"
else
gcloud auth activate-service-account --key-file="$HOME"/gcloud-service-key.json
fi
gcloud --quiet config set project "$project_id"
if [[ -n "$compute_zone" ]]; then
gcloud --quiet config set compute/zone "$compute_zone"
fi
if [[ -n "$compute_region" ]]; then
gcloud --quiet config set compute/region "$compute_region"
fi
environment:
ORB_ENV_COMPUTE_REGION: <<parameters.google_compute_region>>
ORB_ENV_COMPUTE_ZONE: <<parameters.google_compute_zone>>
ORB_ENV_POOL_ID: <<parameters.workload_identity_pool_id>>
ORB_ENV_POOL_PROVIDER_ID: <<parameters.workload_identity_pool_provider_id>>
ORB_ENV_PROJECT_ID: <<parameters.google_project_id>>
ORB_ENV_PROJECT_NUMBER: <<parameters.google_project_number>>
ORB_ENV_SERVICE_EMAIL: <<parameters.service_account_email>>
ORB_ENV_SERVICE_KEY: <<parameters.gcloud_service_key>>
ORB_EVAL_CRED_FILE: <<parameters.gcp_cred_config_file_path>>
ORB_VAL_USE_OIDC: <<parameters.use_oidc>>
name: Initialize gcloud CLI to connect to Google Cloud
executors:
default:
description: The default executor is the CircleCI Python Convenience Image.
docker:
- image: cimg/python:<<parameters.version>>
parameters:
version:
default: "3.8"
description: |
Python version to use. Take into account the versions of Python available
from CircleCI (https://hub.docker.com/r/cimg/python/tags) as well as what
is supported by gcloud CLI itself (https://cloud.google.com/sdk/docs/install).
type: string
google:
description: The official Google Docker image with gcloud SDK and CLI pre-installed.
docker:
- image: google/cloud-sdk:<<parameters.sdk-version>>
parameters:
sdk-version:
default: latest
description: |
What version of the Google Cloud SDK Docker image? For full options, see https://hub.docker.com/r/google/cloud-sdk/tags
type: string
machine:
description: |
CircleCI's machine executor:
https://circleci.com/docs/2.0/executor-types/#using-machine
machine:
image: <<parameters.image>>
parameters:
image:
default: ubuntu-2204:current
description: |
Which machine executor image to use. For details, see
https://circleci.com/docs/2.0/configuration-reference/#machine
type: string
examples:
setup:
description: Install and initalize the gcloud CLI.
usage:
version: "2.1"
orbs:
gcp-cli: circleci/gcp-cli@3.2.2
jobs:
use-gcp:
executor: gcp-cli/default
steps:
- gcp-cli/setup:
version: 404.0.0
workflows:
install_and_configure_cli:
jobs:
- use-gcp:
context: myContext