The backend for Automated Tag Creator
- Create app instance in own account (Developer settings/GitHub Apps)
- Start
ngrok - Use ngrok address for webhook url like:
https://26680d04b127.ngrok.io/api/webhook - Generate and download private key
- Configure app permissions:
- Content: Read-only
- Discussion: Read-Write
- MetaData:Read-only
- Subscribe to events:
- Create
- Push
- Delete
- Use script like below to start app
export ATC_PEM_PATH=/home/andrey/.ssh/atc-local.2021-03-25.private-key.pem export ATC_APP_ID=106890 bin/atcapp
- Navigate to your account settings.
- Go to
Developer settings->GitGub Apps - Click
NewGitHub App - In
GitHub App name, type the name of your app - In
HomepageURL, type the full URL to your app's website - Cancel select
Webhook -> Active - Click
Create GitHub App
More informations you can see in Creating a GitHub App
- Navigate to your account settings.
- Go to
Developer settings->GitHub Apps - Click
Editin your App- Select
Webhook -> Active - Use ngrok address with api/webhook for webhook url like:
https://26680d04b127.ngrok.io/api/webhook - Click
Save changes - Click
Generate a private keyand download private key
- Select
- Go to
Permissions & events- Configurate
Repository permissions:Content: Read & writeMetaData: Read-only
- Select in
subscribe to events:CreatePushDelete
- Click
Save changes
- Configurate
- Go to
Install App- Choose an account to install and click
Install - Choose
All repositoriesorOnly select repositoriesand select repositories - Click
Install
- Choose an account to install and click
- Add
Webhook URLhttps://github.com/settings/apps/automated-tag-creator - Generate a private key
- Download config file
.atc.yamlhttps://github.com/smartforce-io/atc/.atc.yaml - Move
.atc.yamlto project root - Change
.atc.yamlif You need it:- Change
pathto configuration file your Build automation (pom.xmlfor Maven,.npmrcfor NPM orgradle.propertiesfor Gradle) - Choose when add tags:
BeforeorAftercommit(Default After) - Write template for tags (You need use substring {{.version}})
- Change
Check that the kms api is enabled: cloudkms.googleapis.com.
- Create a keyring
gcloud kms keyrings create atc-secrets --location=global- Create a key
gcloud kms keys create gh-pem-secret \
--location=global \
--keyring atc-secrets \
--purpose encryptiongcloud kms encrypt \
--plaintext-file=gh.pem \
--ciphertext-file=ghpem.enc.txt \
--location=global \
--keyring=atc-secrets \
--key=gh-pem-secret
base64 ghpem.enc.txt -w 0 > ghpem.enc.64.txtAdd to serviceAccount (1007563553609@cloudbuild.gserviceaccount.com) permissions:
Cloud Build Service Account
Cloud KMS CryptoKey Decrypter
Storage Object Viewer
Also you should follow the steps:
-
Grant the Cloud Run Admin role to the Cloud Build service account:
- In the Cloud Console, go to the Cloud Build Settings page:
- Open the Settings page
- Locate the row with the Cloud Run Admin role and set its Status to ENABLED.
- In the Additional steps may be required pop-up, click Skip.
-
Grant the IAM Service Account User role to the Cloud Build service account on the Cloud Run runtime service account:
- In the Cloud Console, go to the Service Accounts page:
- Open the Service Accounts page
- In the list of members, locate and select [PROJECT_NUMBER]-compute@developer.gserviceaccount.com. This is the Cloud Run runtime service account.
- Click SHOW INFO PANEL in the top right corner.
- In the Permissions panel, click the Add Member button.
- In the New member field, enter the email address of the Cloud Build service account. This is of the form [PROJECT_NUMBER]@cloudbuild.gserviceaccount.com. Note: The email address of Cloud Build service account is different from that of Cloud Run runtime service account.
- In the Role dropdown, select Service Accounts, and then Service Account User.
- Click Save.
See more on Stackoverflow
> gcloud config get-value project
atc-sf
gcloud builds submit --config cloudbuild.yaml