This two-part article guides developers on how to develop, test, publish, and promote code in Application Integration.
- Part 1 focuses on building a simple integration and tests, then using integrationcli to save the integration to a code repository. It also covers how to manually publish and promote the integration using integrationcli.
- Part 2 (this one) explores automating the entire process with CI/CD tools like Cloud Deploy and GitHub Actions, in conjunction with integrationcli.
Deployments
In the following section, we will learn how to deploy/promote integrations with tools like Cloud Deploy and GitHub Actions
Integration with Cloud Deploy
In this section we will use Cloud Deploy to deploy the integration. Once you have your integration ready in your dev project. You can run the scaffold command with the “–cloud-deploy” argument which will create the Cloud Deploy configuration files as well.
git checkout feature/cicd
token=$(gcloud auth print-access-token)
project=
region=
integrationcli prefs set -p $project -r $region -t $token
integrationcli integrations scaffold -n sample --latest -f . -e dev <strong>--cloud-deploy
</strong>
Add/update the following fragments (items marked bold) to the clouddeploy.yaml file
apiVersion: deploy.cloud.google.com/v1
kind: DeliveryPipeline
metadata:
name: appint-sample-pipeline
serialPipeline:
stages:
- targetId: dev
**- targetId: qa**
---
apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
name: dev
customTarget:
customTargetType: appint-sample-target
deployParameters:
APP_INTEGRATION_PROJECT_ID: "**<DEV-project-id>**"
APP_INTEGRATION_REGION: "**<DEV-region>**"
---
<strong>apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
name: qa
customTarget:
customTargetType: appint-sample-target
deployParameters:
APP_INTEGRATION_PROJECT_ID: "<QA-project-id>"
APP_INTEGRATION_REGION: "<QA-region>"</strong>
---
apiVersion: deploy.cloud.google.com/v1
kind: CustomTargetType
metadata:
name: appint-sample-target
customActions:
renderAction: render-sample-integration
deployAction: deploy-sample-integration
Update the Dev & QA Project ID and Region information in the yaml
Deployments to Dev using Cloud Deploy
The artifacts in the dev folder can now be deployed to the DEV environment (GCP project). Make sure you have enabled Cloud Deploy in your project and have provided the necessary roles to the Default compute service account.
Create/Update the Deployment Pipeline
LOCATION=<set DEV region here>
PROJECT_ID=<set DEV project here>
gcloud deploy apply --file=clouddeploy.yaml --region=${LOCATION} --project=${PROJECT_ID}
# release name can be any string. We recommend the integration name
RELEASE_NAME=sample
gcloud deploy releases create ${RELEASE_NAME}-$(date +'%Y%m%d%H%M%S') --region=${LOCATION} --delivery-pipeline=appint-sample-pipeline --to-target=dev --project=${PROJECT_ID}
Promote Release to QA
To promote using the same pipeline, you will need to add the service account used by the pipeline in the DEV project to your QA project and assign necessary Application Integration and Connector Admin roles
You can click the “Promote” link in the Cloud Deploy via console
or via command line interface:
gcloud deploy releases promote --release=${RELEASE_NAME} --delivery-pipeline=appint-sample-pipeline --project=${PROJECT_ID} --to-target=qa --region=${LOCATION}
where PROJECT_ID and REGION are pointing to the project and region where Cloud Deploy is configured
Execution Service Accounts
By default, Cloud Deploy runs using the default Compute Engine service account. The name of this service account follows this pattern: [project-number]-compute@developer.gserviceaccount.com. This service account must be given Application Integration roles to create and publish Integration Versions, Connectors, Auth Configs etc.
Custom Service Accounts may be used by adding the following (marked in bold) to a Target
apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
name: dev
customTarget:
customTargetType: appint-sample-target
deployParameters:
APP_INTEGRATION_PROJECT_ID: "**<DEV-project-id>**"
APP_INTEGRATION_REGION: "**<DEV-region>**"
<strong>executionConfigs:
- usages:
- DEPLOY
privatePool:
workerPool: "projects/p123/locations/us-central1/workerPools/wp123"
serviceAccount: "[name]@[project_name].iam.gserviceaccount.com"
- usages:
- RENDER
- PREDEPLOY
- VERIFY
- POSTDEPLOY
</strong>
Read more about changing default service accounts here.
Integration with Github Actions
In this section we will use GitHub Actions to deploy the integration. Once you have your integration ready in your dev project. You can run the scaffold command with the “–github-action” argument which will create the Cloud Deploy configuration files as well.
git checkout feature/cicd
token=$(gcloud auth print-access-token)
project=<set DEV project here>
region=<set DEV region here>
integrationcli prefs set -p $project -r $region -t $token
integrationcli integrations scaffold -n sample --latest -f . -e dev <strong>--github-action
</strong>
The file “sample.yaml” contains a Github Action like this:
name: apply-sample-action
permissions: read-all
# Controls when the workflow will run
on: push
env:
ENVIRONMENT: ${{ vars.ENVIRONMENT }}
PROJECT_ID: ${{ vars.PROJECT_ID }}
REGION: ${{ vars.REGION }}
WORKLOAD_IDENTITY_PROVIDER_NAME: ${{ vars.PROVIDER_NAME }}
SERVICE_ACCOUNT: ${{ vars.SERVICE_ACCOUNT }}
jobs:
integrationcli-action:
permissions:
contents: 'read'
id-token: 'write'
name: Apply integration version
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout Code
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4
- name: Authenticate Google Cloud
id: 'gcp-auth'
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f #v2.1.7
with:
workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER_NAME }}'
service_account: '${{ env.SERVICE_ACCOUNT }}'
token_format: 'access_token'
- name: Calculate variables
id: 'calc-vars'
run: |
echo "SHORT_SHA=$(git rev-parse --short $GITHUB_SHA)" >> $GITHUB_OUTPUT
- name: Create and Publish Integration
id: 'publish-integration'
uses: docker://us-docker.pkg.dev/appintegration-toolkit/images/integrationcli:0.81.3 #pin to version of choice
with:
args: integrations apply --env=${{ env.ENVIRONMENT}} --folder=. --userlabel=${{ steps.calc-vars.outputs.SHORT_SHA }} --wait=true --run-tests=true --proj=${{ env.PROJECT_ID }} --reg=${{ env.REGION }} --token ${{ steps.gcp-auth.outputs.access_token }}
Move this file to the .github/workflows
folder. This sample is triggered automatically based on a push to the repo. You can update the trigger based on your requirements.
The GitHub Action template generated uses Workload Identity Federation. You can find more information and configuring in GitHub by following the documentation here. You can use different branches to trigger the code promotion from one env to another by setting the appropriate variables.
Integration with Cloud Build
If you are interested to know more about using Cloud Build to automate the Application Integration deployments, you can refer to this post. There is a section for Cloud Build discussed in detail..
Conclusion
This concludes our two-part series on developing and deploying Application Integration code using best practices and available tools.
Special Thanks to Nandan Sridhar for his collaboration on this article and also for all his contribution to integrationcli