Table of Contents

Preface

Part 1: The Fundamentals

1

Introducing Google Cloud Build

Technical requirements

The value of automation

Before there was the cloud

Making sure there are enough resources

Who needs to manage all of this?

Reducing toil with managed services

Cloud-native automation with Google Cloud Build

GCP service integrations

Summary

2

Configuring Cloud Build Workers

Technical requirements

How worker pools can be configured in Cloud Build

Prerequisites for running builds on worker pools

Using the default pool

Using private pools

Summary

3

Getting Started – Which Build Information Is Available to Me?

Technical requirements

How your build resources are accessed

Build submission and status

Using the GCP console

Build operations

Summary

Part 2: Deconstructing a Build

4

Build Configuration and Schema

Defining the minimum configuration for build steps

Setting up your environment

Defining your build step container image

Defining your build step arguments

Adjusting the default configuration for the build steps

Defining the relationships between individual build steps

Configuring build-wide specifications

Summary

5

Triggering Builds

Technical requirements

The anatomy of a trigger

Integrations with source code management platforms

Defining your own triggers

Webhook triggers

Manual triggers

Summary

6

Managing Environment Security

Defense in depth

The principle of least privilege

Accessing sensitive data and secrets

Secret Manager

Cloud Key Management

Build metadata for container images

Provenance

Attestations

Securing the network perimeter

Summary

Part 3: Practical Applications

7

Automating Deployment with Terraform and Cloud Build

Treating infrastructure as code

Simple and straightforward Terraform

The separation of resource creation and the build steps

Building a custom builder

Managing the principle of least privilege for builds

Human-in-the-loop with manual approvals

Summary

8

Securing Software Delivery to GKE with Cloud Build

Creating your build infrastructure and deployment target

Enabling foundational Google Cloud services

Setting up the VPC networking for your environment

Setting up your private GKE cluster

Securing build and deployment infrastructure

Creating private pools with security best practices

Securing access to your private GKE control plane

Applying POLP to builds

Creating build-specific IAM service accounts

Custom IAM roles for build service accounts

Configuring release management for builds

Integrating SCM with Cloud Build

Gating builds with manual approvals

Executing builds via build triggers

Enabling verifiable trust in artifacts from builds

Building images with build provenance

Utilizing Binary Authorization for admission control

Summary

9

Automating Serverless with Cloud Build

Understanding Cloud Functions and Cloud Run

Cloud Functions

Cloud Run

Cloud Functions 2nd gen

Comparing Cloud Functions and Cloud Run

Building containers without a build configuration

Dockerfile

Language-specific tooling

Buildpacks

Automating tasks for Cloud Run and Cloud Functions

Deploying services and jobs to Cloud Run

Deploying to Cloud Functions

Going from source code directly to containers running in Cloud Run

Progressive rollouts for revisions of a Cloud Run service

Securing production with Binary Authorization

Summary

10

Running Operations for Cloud Build in Production

Executing in production

Leveraging Cloud Build services from different projects

Securing build triggers even further

Notifications

Deriving more value from logs

Configurations to consider in production

Making builds more dynamic

Changes in Cloud Build related to secret management

Speeding up your builds

Summary

Part 4: Looking Forward

11

Looking Forward in Cloud Build

Implementing continuous delivery with Cloud Deploy

The relationship between Cloud Build and Cloud Deploy

Summary

Index

Other Books You May Enjoy