Automating configuration for notifications

You can configure Cloud Build to send you build notifications to Slack, an SMTP server, an HTTP endpoint, or a BigQuery instance using Cloud Build notifiers. This page explains how you can automate the configuration process for your desired notifier.

Automating notification configuration

Cloud Build provides a setup script that you can use to automate notification configuration. To configure notifications using the setup script:

Slack

Setting up

The following sections describe steps you need to complete before automating notification configuration for your notifier.

Enabling APIs

Enable the Cloud Build, Compute Engine, Cloud Run, Pub/Sub, and Secret Manager APIs.

Enable the APIs

Obtaining and storing credentials

  1. Create a Slack app for the Slack workspace to which you want to send notifications.

  2. Activate incoming webhooks to post messages from Cloud Build to Slack.

  3. Navigate to your Slack app to locate the URL for the incoming webhook. Your URL will look similar to the following:

    http://hooks.slack.com/services/...
    
  4. Store your incoming webhook URL in Secret Manager:

    1. Open the Secret Manager page in the Google Cloud Console:

      Open the Secret Manager page

    2. Click Create secret.

    3. Enter a name for your secret.

    4. Under Secret value, add your incoming webhook URL for your Slack app.

    5. To save your secret, click Create secret.

Granting permissions

Cloud Run runs your notifier images with the Compute Engine default service account. For the service account to be able to fetch your secret from Secret Manager, you must grant the service account the Secret Manager Secret Accessor role:

Give your Cloud Run service account access to your secret:

  1. Go to the IAM page in the Google Cloud Console:

    Open the IAM page

  2. Locate the Compute Engine default service account associated with with your project:

    Your Compute Engine default service account will look similar to the following, where project-number is your project number:

    project-number-compute@developer.gserviceaccount.com
    

    Take note of your Compute Engine default service account.

  3. Open the Secret Manager page in the Google Cloud Console:

    Open the Secret Manager page

  4. Click on your secret name that contains your secret.

  5. In the Permissions tab, click Add member.

  6. Add the Compute Engine default service account associated with your project as a member.

  7. Select Secret Manager Secret Accessor permission as the role.

  8. Click Save.

Writing a notifier configuration file

Write a notifier configuration file to configure your Slack notifier and filter on build events:

In the following example notifier configuration file, the filter field uses Common Expression Language with the available variable, build, to filter build events with a SUCCESS status:

  apiVersion: cloud-build-notifiers/v1
  kind: SlackNotifier
  metadata:
    name: example-slack-notifier
  spec:
    notification:
      filter: build.status == Build.Status.SUCCESS
      delivery:
        webhookUrl:
          secretRef: webhook-url
    secrets:
    - name: webhook-url
       value: projects/project-id/secrets/secret-name/versions/latest

Where:

  • webhook-url is the configuration variable used in this example to reference the Slack webhook URL path stored in Secret Manager. The variable name you specify here should match the name field under secrets.
  • project-id is the ID of your Cloud project.
  • secret-name is the name of your secret that contains your Slack webhook URL.

To view the example, see the notifier configuration file for the Slack notifier.

Running the automation script

To automate notification configuration your notfier:

  1. Clone the cloud-build-notifiers repository.

  2. Run the following command in the root of the repository:

     ./setup.sh notifier config-path secret-name
    

    Where:

    • notifier is the name of your notifier, such as slack, smtp, bigquery, or http.
    • config-path is the path to your notifiers configuration file.
    • secret-name is the name of your secret stored in Secret Manager.

After running the script, you will see the following message:

** NOTIFIER SETUP COMPLETE **

Your notifier is now set up. You can view the complete script in the cloud-build-notifiers repository or run ./setup.sh --help for usage instructions associated with the script.

SMTP

Setting up

The following sections describe steps you need to complete before automating notification configuration for your notifier.

Enabling APIs

Enable the Cloud Build, Compute Engine, Cloud Run, Pub/Sub, and Secret Manager APIs.

Enable the APIs

Storing credentials

  1. Store the sender's email account password in Secret Manager:

  2. Open the Secret Manager page in the Google Cloud Console:

    Open the Secret Manager page

  3. Click Create secret.

  4. Enter a name for your secret.

  5. Under Secret value, add the sender's email account password.

  6. To save your secret, click Create secret.

Granting permissions

Cloud Run runs your notifier images with the Compute Engine default service account. For the service account to be able to fetch your secret from Secret Manager, you must grant the service account the Secret Manager Secret Accessor role:

Give your Cloud Run service account access to your secret:

  1. Go to the IAM page in the Google Cloud Console:

    Open the IAM page

  2. Locate the Compute Engine default service account associated with with your project:

    Your Compute Engine default service account will look similar to the following, where project-number is your project number:

    project-number-compute@developer.gserviceaccount.com
    

    Take note of your Compute Engine default service account.

  3. Open the Secret Manager page in the Google Cloud Console:

    Open the Secret Manager page

  4. Click on your secret name that contains your secret.

  5. In the Permissions tab, click Add member.

  6. Add the Compute Engine default service account associated with your project as a member.

  7. Select Secret Manager Secret Accessor permission as the role.

  8. Click Save.

Writing a notifier configuration file

Write a notifier configuration file to configure your SMTP notifier and filter on build events:

In the following example notifier configuration file, the filter field uses Common Expression Language with the available variable, build, to filter build events with a SUCCESS status:

 apiVersion: cloud-build-notifiers/v1
 kind: SMTPNotifier
 metadata:
   name: example-smtp-notifier
 spec:
   notification:
     filter: build.status == Build.Status.SUCCESS
     delivery:
       server: server-host-name
       port: "port"
       sender: sender-email
       from: from-email
       recipients:
         - recipient-email
         # optional: more emails here
       password:
         secretRef: smtp-password
   secrets:
   - name: smtp-password
     value: projects/project-id/secrets/secret-name/versions/latest

Where:

  • server-host-name is the address of your SMTP server.
  • port is the port that will handle SMTP requests. This value should be specified as a string.
  • sender-email is the email address of the sender account that is seen by the specified server-host-name.
  • from-email is the email address that is seen by recipients.
  • recipient-email is a list of one or more email addresses to receive messages from the sender.
  • smtp-password is the configuration variable used in this example to reference the sender's email account password stored in Secret Manager. The variable name you specify here should match the name field under secrets.
  • project-id is the ID of your Cloud project.
  • secret-name is the name of your secret that contains the password to the sender's email account.

To view the example, see the notifier configuration file for the SMTP notifier.

Running the automation script

To automate notification configuration your notfier:

  1. Clone the cloud-build-notifiers repository.

  2. Run the following command in the root of the repository:

     ./setup.sh notifier config-path secret-name
    

    Where:

    • notifier is the name of your notifier, such as slack, smtp, bigquery, or http.
    • config-path is the path to your notifiers configuration file.
    • secret-name is the name of your secret stored in Secret Manager.

After running the script, you will see the following message:

** NOTIFIER SETUP COMPLETE **

Your notifier is now set up. You can view the complete script in the cloud-build-notifiers repository or run ./setup.sh --help for usage instructions associated with the script.

BigQuery

Setting up

The following sections describe steps you need to complete before automating notification configuration for your notifier.

Enabling APIs

Enable the Cloud Build, Cloud Run, Pub/Sub, and BigQuery APIs.

Enable the APIs

Granting permissions

Give your Cloud Run service account permission to create and write BigQuery tables and permission to fetch Artifact Registry data related to your build:

  1. Go to the IAM page in the Google Cloud Console:

    Open the IAM page

  2. Locate the Compute Engine default service account associated with with your project:

    Your Compute Engine default service account will look similar to the following, where project-number is your project number:

        project-number-compute@developer.gserviceaccount.com
    
  3. Click on the pencil icon in the row containing your Compute Engine default service account.

    You will see the Edit permissions tab.

    1. Click Add another role.

    2. Add the following roles:

      • Artifact Registry Reader
      • BigQuery Data Editor

        The Artifact Registry Reader role enables you to fetch data for your images. The BigQuery Data Editor gives you read and write access to your data.

    3. Click Save.

Writing a notifier configuration file

Write a notifier configuration file to configure your BigQuery notifier and filter on build events:

In the following example notifier config file, the filter field uses Common Expression Language with the variable, build, to filter build events with a specified trigger ID:

 apiVersion: cloud-build-notifiers/v1
 kind: BigQueryNotifier
 metadata:
   name: example-bigquery-notifier
 spec:
   notification:
     filter: build.build_trigger_id == "123e4567-e89b-12d3-a456-426614174000"
     delivery:
       table: projects/project-id/datasets/dataset-name/tables/table-name

Where:

  • project-id is the ID of your Cloud project.
  • dataset-name is the name you want to give your dataset.
  • table-name is the name you want to give your table.

The table-name in your notifier config file can refer to:

  • a nonexistent table
  • an empty table without a schema
  • an existing table with a schema that matches the schema specifications in the BigQuery notifier

To view the example, see the notifier config file for the BigQuery notifier.

Running the automation script

To automate notification configuration your notfier:

  1. Clone the cloud-build-notifiers repository.

  2. Run the following command in the root of the repository:

     ./setup.sh notifier config-path
    

    Where:

    • notifier is the name of your notifier, such as slack, smtp, bigquery, or http.
    • config-path is the path to your notifiers configuration file.

After running the script, you will see the following message:

** NOTIFIER SETUP COMPLETE **

Your notifier is now set up. You can view the complete script in the cloud-build-notifiers repository or run ./setup.sh --help for usage instructions associated with the script.

HTTP

Setting up

The following sections describe steps you need to complete before automating notification configuration for your notifier.

Enabling APIs

Enable the Cloud Build, Cloud Run, and Pub/Sub APIs.

Enable the APIs

Writing a notifier configuration file

Write a notifier configuration file to configure your HTTP notifier and filter on build events:

In the following example notifier configuration file, the filter field uses Common Expression Language with the available variable, build, to filter build events with a SUCCESS status:

    apiVersion: cloud-build-notifiers/v1
    kind: HTTPNotifier
    metadata:
      name: example-http-notifier
    spec:
      notification:
        filter: build.status == Build.Status.SUCCESS
        delivery:
          # The `http(s)://` protocol prefix is required.
          url: url

Where:

  • url is the configuration variable used in this example to specify the URL for your request.
  • url is the URL you want to specify as your recipient server.

To view the example, see the notifier configuration file for the HTTP notifier.

Running the automation script

To automate notification configuration your notfier:

  1. Clone the cloud-build-notifiers repository.

  2. Run the following command in the root of the repository:

     ./setup.sh notifier config-path
    

    Where:

    • notifier is the name of your notifier, such as slack, smtp, bigquery, or http.
    • config-path is the path to your notifiers configuration file.

After running the script, you will see the following message:

** NOTIFIER SETUP COMPLETE **

Your notifier is now set up. You can view the complete script in the cloud-build-notifiers repository or run ./setup.sh --help for usage instructions associated with the script.

What's next