I have a Google Cloudbuild pipeline, that tests the code committed to the dev branch of my Github repo, and deploys the code to the dev environment. I want to add another step to the pipeline, which would merge my dev branch with the prod branch, upon successful deployment to the dev environment. Is there any way to implement this?
CodePudding user response:
You probably can do that in your 'cloudbuild.yaml' (or another name) file which is 'executed' by the Cloud Build trigger.
In my experience you will need a pair of keys - the public key should be in GitHub, the private key value - stored as a secret in the Secret Manager.
Thus, in the yaml file you might need to use (change according to your case, do not use like this):
volumes:
- name: 'ssh'
path: /root/.ssh
So far:
- get the private key (from the secret) and save it as a a file
/root/.ssh/githubby using something likegcloud secrets versions access latest ... - change permissions
chmod 600 /root/.ssh/github - create a config file:
cat <<EOF >/root/.ssh/config
Hostname github.com
IdentityFile /root/.ssh/github
EOF
- save GitHub public key to a known_hosts file
ssh-keyscan -t rsa github.com > /root/.ssh/known_hosts
After that, you (actually your Cloud Build service account using provided credentials) can do with GitHub repository whatever is required (subject to permissions granted in GitHub) using ordinary git commands.