Google Cloud Build

Import Onboardbase secrets into Google Cloud Build

πŸ“˜

TIP

You can authenticate the CLI with Environment variables.
Supported environment variables are:

  • ONBOARDBASE_TOKEN - A service token
  • ONBOARDBASE_PROJECT - an onboardbase project name
  • ONBOARDBASE_ENVIRONMENT - an environment in the specified project

In this guide, we will discuss how to use onboardbase build to deploy a GCP cloud build service

Using Variable Substitution

We can use variable substitution to configure our Onboardbase credentials.

First, go to your Onboardbase account to create a service token or request one from your admin if you don't have permission.

Create a new trigger or modify an existing one; at the substitution section, add these three variables:

  • _ONBOARDBASE_TOKEN: Set to be the token generated earlier
  • _ONBOARDBASE_PROJECT: Set as the name of an Onboardbase project
  • _ONBOARDBASE_ENVIRONMENT: Set as the name of the environment inside of the project.

Cloud build configuration

steps:
  - name: ubuntu
    entrypoint: bash
    args:
      - -c
      - apt-get update > /dev/null &&  apt-get install -y curl gnupg > /dev/null & (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://onboardbase-cli.fra1.digitaloceanspaces.com/install.sh || wget -t 3 -qO- https://onboardbase-cli.fra1.digitaloceanspaces.com/install.sh) | sh && onboardbase build  -c "./build.sh";
    env:
      - 'ONBOARDBASE_TOKEN=$_ONBOARDBASE_TOKEN'
      - 'ONBOARDBASE_PROJECT=$_ONBOARDBASE_PROJECT'
      - 'ONBOARDBASE_ENVIRONMENT=$_ONBOARDBASE_PROJECT'

In the build's configuration file, the build step environment variables were mapped with their respective substitutions to properly configure Onboardbase CLI.

Sample build script within your project:

# Access secrets using onboardbase build command 
# Image name is expected to be a secret from onboardbase
docker build "$IMAGE_NAME":latest