Membangun repositori dari GitHub Enterprise di jaringan pribadi
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Cloud Build memungkinkan Anda membuat pemicu di instance GitHub Enterprise.
Halaman ini menjelaskan cara menggunakan pemicu GitHub Enterprise untuk memanggil build sebagai respons terhadap commit atau permintaan pull dari instance GitHub Enterprise dan menjelaskan cara membangun repositori dari GitHub Enterprise jika instance Anda dihosting di jaringan pribadi.
Sebelum memulai
Enable the Cloud Build and Service Directory APIs.
Jika Anda belum membuat kumpulan pribadi, ikuti petunjuk di
Membuat dan mengelola kumpulan pribadi
untuk membuat kumpulan pribadi. Anda memerlukan kumpulan pribadi untuk
membangun di jaringan pribadi.
Membangun repositori dari GitHub Enterprise di jaringan pribadi
Selesaikan langkah-langkah berikut untuk menghubungkan instance GitHub Enterprise Anda ke Cloud Build dari jaringan pribadi:
Memberi agen layanan Cloud Build akses ke Service Directory:
PROJECT_ID_CONTAINING_NETWORK adalah ID project Google Cloud Anda yang berisi jaringan VPC Anda.
NETWORK adalah nama jaringan VPC Anda.
Sekarang Anda dapat menggunakan resource layanan (projects/{PROJECT_ID}/locations/{LOCATION}/namespaces/{NAMESPACE}/services/{SERVICE}) untuk membuat koneksi Anda dalam langkah-langkah berikut.
Menggunakan Direktori Layanan untuk menjangkau host di luar Google Cloud
Service Directory menggunakan rentang alamat IP 35.199.192.0/19 untuk menghubungkan host Anda di luar Google Cloud. Anda harus menambahkan rentang ini ke daftar yang diizinkan di firewall Anda. Selain itu, jaringan pribadi Anda harus
dikonfigurasi untuk merutekan rentang ini melalui koneksi Cloud VPN atau Cloud Interconnect.
Jika koneksi Anda menggunakan Cloud Router, Anda dapat mengonfigurasi koneksi untuk
mengomunikasikan
rentang ke jaringan pribadi Anda.
Menggunakan Cloud Load Balancing untuk menjangkau host di luar Google Cloud
Jika konfigurasi jaringan Anda tidak memungkinkan Anda merutekan rentang alamat IP Service Directory 35.199.192.0/19 ke Cloud VPN atau Cloud Interconnect, Anda dapat membuat load balancer menggunakan Cloud Load Balancing yang mengarahkan traffic ke host Anda.
Saat membuat load balancer TCP, pertimbangkan hal berikut:
Hanya grup endpoint jaringan (NEG) dengan konektivitas campuran yang diperlukan untuk menjangkau host Anda.
Load balancer TCP tidak memerlukan kunci pribadi yang tidak terenkripsi untuk sertifikat SSL Anda.
Penyiapan Cloud VPN Anda harus menggunakan Cloud Router dengan perutean dinamis global. Jika Cloud VPN Anda menggunakan perutean statis, Anda dapat menggunakan proxy yang menggunakan Cloud Service Mesh. Untuk mempelajari lebih lanjut, lihat Menyiapkan layanan edge jaringan untuk deployment hibrida.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[[["\u003cp\u003eCloud Build enables the creation of triggers on a GitHub Enterprise instance to initiate builds in response to commits or pull requests.\u003c/p\u003e\n"],["\u003cp\u003eTo build repositories from a private GitHub Enterprise instance, you will need to enable the Cloud Build and Service Directory APIs.\u003c/p\u003e\n"],["\u003cp\u003eConnecting a GitHub Enterprise instance in a private network to Cloud Build involves granting specific service account access and setting up a Service Directory service with a namespace, service, and endpoint.\u003c/p\u003e\n"],["\u003cp\u003eService Directory connects to hosts outside of Google Cloud using the IP address range \u003ccode\u003e35.199.192.0/19\u003c/code\u003e, which must be allowlisted in your firewall, or alternatively, you can use Cloud Load Balancing to direct traffic to your host.\u003c/p\u003e\n"],["\u003cp\u003eYou must set up a private pool to build in a private network.\u003c/p\u003e\n"]]],[],null,["# Build repositories from GitHub Enterprise in a private network\n\n1st gen 2nd gen\n\nCloud Build enables you to create triggers on a GitHub Enterprise instance.\nThis page explains how you can use GitHub Enterprise triggers to invoke builds\nin response to commits or pull requests from a GitHub Enterprise instance\nand explains how you can build repositories from\nGitHub Enterprise if your instance is hosted in a private network.\n\nBefore you begin\n----------------\n\n-\n\n\n Enable the Cloud Build and Service Directory APIs.\n\n\n [Enable the APIs](https://console.cloud.google.com/flows/enableapi?apiid=cloudbuild.googleapis.com, servicedirectory.googleapis.com&redirect=https://cloud.google.com/build/docs/automating-builds/github/build-repos-from-github-enterprise-private-network)\n\n\u003c!-- --\u003e\n\n- If you have not created a private pool, follow the instructions in [Create and manage private pools](/build/docs/private-pools/create-manage-private-pools) to create a private pool. You will need a private pool to build in a private network.\n\nBuild repositories from GitHub Enterprise in a private network\n--------------------------------------------------------------\n\nComplete the following steps to connect your GitHub Enterprise instance\nto Cloud Build from a private network:\n\n1. Grant Service Directory access to the Cloud Build service agent:\n\n export PROJECT_NUMBER=$(gcloud projects describe \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e --format=\"value(projectNumber)\")\n export CLOUD_BUILD_SERVICE_AGENT=\"service-$PROJECT_NUMBER@gcp-sa-cloudbuild.iam.gserviceaccount.com\"\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003ePROJECT_ID_CONTAINING_SERVICE_DIRECTORY\u003c/var\u003e \\\n --member=\"serviceAccount:$CLOUD_BUILD_SERVICE_AGENT\" \\\n --role=\"roles/servicedirectory.viewer\"\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e is your Cloud Build project ID.\n - \u003cvar translate=\"no\"\u003ePROJECT_ID_CONTAINING_SERVICE_DIRECTORY\u003c/var\u003e is the ID of your Google Cloud project that contains your Service Directory.\n2. Grant VPC network resource access to the Cloud Build service agent:\n\n export PROJECT_NUMBER=$(gcloud projects describe \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e --format=\"value(projectNumber)\")\n export CLOUD_BUILD_SERVICE_AGENT=\"service-$PROJECT_NUMBER@gcp-sa-cloudbuild.iam.gserviceaccount.com\"\n gcloud projects add-iam-policy-binding \u003cvar translate=\"no\"\u003ePROJECT_ID_CONTAINING_NETWORK_RESOURCE\u003c/var\u003e \\\n --member=\"serviceAccount:$CLOUD_BUILD_SERVICE_AGENT\" \\\n --role=\"roles/servicedirectory.pscAuthorizedService\"\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e is your Cloud Build project ID.\n - \u003cvar translate=\"no\"\u003ePROJECT_ID_CONTAINING_NETWORK_RESOURCE\u003c/var\u003e is the ID of your Google Cloud project that contains your network resource.\n3. Set up a Service Directory service by completing the following steps:\n\n 1. Configure a [namespace](/../service-directory/docs/configuring-service-directory#configure_a_namespace) for your service:\n\n gcloud service-directory namespaces create \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e --location=\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e --project=\u003cvar translate=\"no\"\u003ePROJECT_ID_CONTAINING_SERVICE_DIRECTORY\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e is the name of your Service Directory namespace.\n - \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e is the [region](/build/docs/locations) where you create connections and link repositories.\n - \u003cvar translate=\"no\"\u003ePROJECT_ID_CONTAINING_SERVICE_DIRECTORY\u003c/var\u003e is the ID of your Google Cloud project that contain your Service Directory.\n\n | **Note:** The region you specify in your namespace **must** match the region you specify in your Cloud Build host connection.\n 2. Configure a [service](/../service-directory/docs/configuring-service-directory#configure_a_service) for your namespace:\n\n gcloud service-directory services create \u003cvar translate=\"no\"\u003eSERVICE\u003c/var\u003e --namespace=\u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e --location=\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eSERVICE\u003c/var\u003e is the name of your Service Directory resource.\n - \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e is the name of your Service Directory namespace.\n - \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e is the [region](/build/docs/locations) where you create connections and link repositories.\n 3. Configure an [endpoint](/../service-directory/docs/configuring-service-directory#configure_an_endpoint) for your service:\n\n gcloud service-directory endpoints create \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eENDPOINT_NAME\u003c/span\u003e\u003c/var\u003e \\\n --namespace=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eNAMESPACE\u003c/span\u003e\u003c/var\u003e \\\n --service=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eSERVICE\u003c/span\u003e\u003c/var\u003e \\\n --location=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eLOCATION\u003c/span\u003e\u003c/var\u003e \\\n --address=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eINSTANCE_IP_ADDRESS\u003c/span\u003e\u003c/var\u003e \\\n --port=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003ePORT\u003c/span\u003e\u003c/var\u003e \\\n --network=projects/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003ePROJECT_ID_CONTAINING_NETWORK\u003c/span\u003e\u003c/var\u003e/locations/global/networks/\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-nx\"\u003eNETWORK\u003c/span\u003e\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eENDPOINT_NAME\u003c/var\u003e is the name of your endpoint.\n - \u003cvar translate=\"no\"\u003eNAMESPACE\u003c/var\u003e is the name of your Service Directory namespace.\n - \u003cvar translate=\"no\"\u003eSERVICE\u003c/var\u003e is the name of your Service Directory resource.\n - \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e is the [region](/build/docs/locations) where you create connections and link repositories.\n - \u003cvar translate=\"no\"\u003eINSTANCE_IP_ADDRESS\u003c/var\u003e is the IP address of your GitHub Enterprise instance in your network. For example, `123.45.67.89`. To learn more, see [Use Service Directory to reach hosts outside Google Cloud](/build/docs/automating-builds/github/build-repos-from-github-enterprise-private-network?generation=2nd-gen#service_dir_gc).\n - \u003cvar translate=\"no\"\u003ePORT\u003c/var\u003e is the name of your port for HTTPS.\n - \u003cvar translate=\"no\"\u003ePROJECT_ID_CONTAINING_NETWORK\u003c/var\u003e is your Google Cloud project ID that contains your VPC network.\n - \u003cvar translate=\"no\"\u003eNETWORK\u003c/var\u003e is the name of your VPC network.\n\n You can now use the service resource (`projects/{PROJECT_ID}/locations/{LOCATION}/namespaces/{NAMESPACE}/services/{SERVICE}`) to create your connection in the following steps.\n4. [Connect a GitHub Enterprise host](/build/docs/automating-builds/github/connect-host-github-enterprise).\n\n5. [Connect a GitHub Enterprise repository](/build/docs/automating-builds/github/connect-repo-github-enterprise).\n\n6. [Create a GitHub Enterprise trigger](/build/docs/automating-builds/github/build-repos-from-github-enterprise) to build repositories hosted on your\n GitHub Enterprise instance.\n\nUse Service Directory to reach hosts outside Google Cloud\n---------------------------------------------------------\n\nService Directory uses the IP address range `35.199.192.0/19` to\nconnect your host outside of Google Cloud. You must add this range to\nan allowlist in your firewall. Additionally, your private network needs to be\nconfigured to route this range through the Cloud VPN or Cloud Interconnect\nconnection.\n\nIf your connection uses a Cloud Router, you can configure your connection to\n[communicate](/../network-connectivity/docs/router/how-to/advertising-custom-ip)\nthe range to your private network.\n\nTo learn more, see [Configure private network access](/../service-directory/docs/configuring-private-network-access).\n\n### Use Cloud Load Balancing to reach hosts outside Google Cloud\n\nIf your network configuration does not allow you to route the\nService Directory IP address range `35.199.192.0/19` to the\nCloud VPN or Cloud Interconnect, you can\n[create a load balancer](/../load-balancing/docs/l7-internal) using\nCloud Load Balancing that directs traffic to your host.\n\nWhen you create the Service Directory endpoint, make sure to use\nthe IP address of the forwarding rule of the load balancer instead of the IP\naddress of your host. You can use an\n[internal HTTPS load balancer](/../load-balancing/docs/l7-internal/setting-up-int-https-hybrid)\nor an\n[internal transmission control protocol (TCP) load balancer](/../load-balancing/docs/tcp/set-up-int-tcp-proxy-hybrid)\nwhen creating your endpoint.\n\nWhen creating your TCP load balancer, consider the following:\n\n- Only a hybrid connectivity network endpoint group (NEG) is required to reach your host.\n- The TCP load balancer does not require the unencrypted private key for your SSL certificate.\n- Your Cloud VPN setup needs to use Cloud Router with global dynamic routing. If your Cloud VPN uses static routing, you can use a proxy that uses Cloud Service Mesh instead. To learn more, see [Set up network\n edge services for hybrid\n deployments](/../traffic-director/tutorials/network-edge-services-multi-environment).\n\nTo learn more about creating an HTTPS load balancer, see\n[Set up an internal Application Load Balancer with hybrid connectivity](/../load-balancing/docs/l7-internal/setting-up-int-https-hybrid).\nTo learn more about creating a TCP load balancer, see\n[Set up a regional internal proxy Network Load Balancer with hybrid connectivity](/../load-balancing/docs/tcp/set-up-int-tcp-proxy-hybrid).\n\nNext steps\n----------\n\n- Learn how to [create and manage build triggers](/build/docs/automating-builds/create-manage-triggers).\n- Learn how to [perform blue/green deployments on Compute Engine](/build/docs/deploying-builds/deploy-compute-engine)."]]