I am increasingly of the opinion that when writing CI scripts for platforms such as GitHub actions you shouldn't use that platform's features but just wrap a single largish bash script.

It is trivially runnable on your laptop, which is great for testing and debugging changes locally.

And you don't need to learn syntax and conventions that are only used by a single system.

I'd be interested to know why this approach is so unusual. Is it because actions from the marketplace don't mix well with this?

#GitHub #ci #cicd #cloudbuild

Cybersecurity experts have uncovered a significant vulnerability named ConfusedFunction in Google Cloud Platform's Cloud Functions service. This issue allows attackers to elevate their privileges, potentially accessing various services and sensitive data without authorization. When a Cloud Function is created or updated, a Cloud Build service account is automatically generated and linked to a Cloud Build instance. This service account possesses extensive permissions, which, if misused, can lead to unauthorized access to Cloud Storage, Artifact Registry, and Container Registry among others. Google has addressed this by changing the default behavior to use the Compute Engine default service account instead, though this does not retroactively apply to existing instances. Despite this fix, the deployment of a Cloud Function still necessitates assigning certain permissions to the Cloud Build service account, highlighting ongoing concerns about software complexity and inter-service communication in cloud environments.

https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions

#cybersecurity #google #googlecloud #vulnerability #privilege_escalation #confusedfunction #cloudfunction #cloudstorage #cloudbuild #cloud #tenable

Cloud Build has `script` and `automapSubstitutions` to make putting shell in the YAML easier.

https://dev.to/googlecloud/modernizing-cloudbuildyaml-for-container-builds-1je0

#til #googlecloud #cloudbuild #yaml #codegolf

Taking multiple steps to build, pack and publish a NuGet package manually is a distraction and error-prone. Use Google Cloud Build to handle the boring parts of the SDLC.

https://jochen.kirstaetter.name/automate-nuget-package-creation-google-build/

#gde #mvpbuzz #dotnet #gcloud #cloudbuild

If you use Google Cloud Build triggered from a GitHub repo, you can now get the build job logs sent to GitHub (it'll appear in the "details" page for each build job).
You just need to add `include_build_logs = "INCLUDE_BUILD_LOGS_WITH_STATUS"` to your Cloud Build job config YAML file.

#CICD #GoogleCloud #GitHub #CloudBuild #webDevelopment

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloudbuild_trigger#example-usage---cloudbuild-trigger-include-build-logs

Are you thinking about rolling your own software #build environment?

If so, recall the ghost of #SolarWinds: https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/

My tips:

- Don't: prefer using someone else's build environment (#GitHub actions, #CloudBuild)
- If you can't: build within an #ephemeral environment (cluster or nodes). Nuke the environment after each PR or daily.
- If you can't: make builds reproducible & build across two individually run environments (Cloud providers, local) - only accept matching outputs.

https://github.com/jeffbryner/gcp-cloudrun-pipeline <-- TFW you search around on the internet for something you created a year ago..

In this case a simple #gcp #cloudbuild managed #cloudrun container that builds itself

@isaaclyman think that’s odd, I am unable to find even a hint of a guild on how to use #CloudBuild, to build #android apps.
One would think one could use a Google service to build a Google product which you could then deploy to another Google service.
And I have like over a decades worth of Google-fu.😂

This blog will guide readers on a quest to create a lean automated deployment flow for their API service using products such as Cloud Build, Artifact Registry, Cloud Run and Pub/Sub. https://cloud.google.com/blog/products/serverless/the-squires-guide-to-automated-deployments-with-cloud-build/ #GoogleCloud #CloudBuild #ArtifactRegistry #CloudRun

My fav end-to-end #devops on #googlecloud
Cloud Deploy is a game changer with multi-target delivery pipelines and release management, you can use it with Google Kubernetes Engine and Cloud Run
#gke #kubernetes #gcp #cloudbuild #clouddeploy

用 multi-stages build 的話 cloudbuild 把前一個 build 拉下來當 cache 這招就沒用啦，因為中間產物根本沒推上去啊...

#cloudbuild