Windows Using gcloud in Azure Pipelines

About six months back, I published the article Creating a CI/CD pipeline with Azure Pipelines and Cloud Run. This article describes how you can set up a pipeline in Azure Pipelines that builds a .NET application and deploys it to Cloud Run.

The challenge I faced when writing this article was that the Azure Pipeline build agents did not have gcloud pre-installed. Without gcloud, deploying to Cloud Run is not possible – or at least it’s pretty difficult.

One solution to the lack of a pre-installed gcloud would have been to use a self-hosted agent. But using a self-hosted agent to deploy a serverless application would be rather absurd, so I described a different approach to overcome the lack of gcloud:

docker run --entrypoint /bin/bash gcr.io/cloud-builders/gcloud-slim \
    -c "echo $(ServiceAccountKey) | base64 -d > _key.json && \
    gcloud auth activate-service-account \
        --quiet \
        --key-file=_key.json && \
    gcloud run deploy musicstore \
        --quiet \
        --service-account=musicstore-runner@$(CloudRun.ProjectId.Development).iam.gserviceaccount.com \
        --allow-unauthenticated \
        --image=gcr.io/$(ContainerRegistry.ProjectId)/musicstore:$BUILD_BUILDID \
        --platform=managed \
        --region=$(CloudRun.Region) \
        --project=$(CloudRun.ProjectId.Development)"

What this command does is run the gcr.io/cloud-builders/gcloud-slim image (which contains a gcloud installation without optional components), inject credentials from a pipeline variable, and then run gcloud run deploy.

Although this workaround works well, it’s not self-explanatory and more importantly, it’s pretty slow due to the Docker image pull.

Fortunately, this trick is not necessary anymore – Microsoft recently added gcloud to the list of tools that come pre-installed on Microsoft-hosted agents. With gcloud pre-installed, you can now use a much simpler command to trigger a Cloud Run deployment

gcloud auth activate-service-account \
    --quiet \
    --key-file <(echo $(ServiceAccountKey) | base64 -d) && \
gcloud run deploy clouddemo \
    --quiet \
    --service-account=clouddemo-runner@$(CloudRun.ProjectId.Development).iam.gserviceaccount.com \
    --allow-unauthenticated \
    --image=gcr.io/$(ContainerRegistry.ProjectId)/clouddemo:$BUILD_BUILDID \
    --platform=managed \
    --region=$(CloudRun.Region) \
    --project=$(CloudRun.ProjectId.Development)

I recently updated the article on the Google Cloud website to take advantage of the pre-installed gcloud and used this opportunity to make some other changes – including swapping out the (deprecated) Music Store sample application against a new ASP.NET MVC Core sample application.

Any opinions expressed on this blog are Johannes' own. Refer to the respective vendor’s product documentation for authoritative information.
« Back to home