-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild.yaml
28 lines (27 loc) · 1.06 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
steps:
- name: python:3.7-slim
id: functional testing
entrypoint: 'bash'
args: ['-c', 'pip install -r ./app/requirements.txt && pytest -v .']
env:
- CONFIGBUCKET=staging.imp-iot-project.appspot.com
- name: python:3.7-slim
id: security testing
entrypoint: 'bash'
args: ['-c', 'pip install -r ./app/requirements.txt && bandit -l -s B101 -r .']
- name: 'gcr.io/cloud-builders/gcloud'
id: function deployment
dir: app
args: ['functions', 'deploy', 'foobotapi',
'--trigger-topic=foobotcron',
'--memory=128MB',
'--runtime=python37',
'--service-account=foobotfunction@imp-iot-project.iam.gserviceaccount.com',
'--region=us-central1',
'--entry-point=oneshot']
env:
- CONFIGBUCKET=imp-iot-project.appspot.com
# CONFIGBUCKET has the name of the bucket that holds the foobotsecrets.json file with the secrets
# The executing function should be the only entity having read access to it.
# Operationally, the service account needs to have read access to the secrets bucket.
# The builder should have access to a version of it that allows testing.