Implementing continuous delivery with Travis CI and App Engine

Testing is an important aspect of creating software. To ensure that unit tests are run against every build of a project, many engineering organizations have adopted the practice of continuous integration (CI), which involves using tools, such as Jenkins or Travis CI, to ensure that all new code is automatically and consistently tested for errors. Continuous delivery (CD) goes one step further by ensuring you can deploy every build into a production-like environment and then pass integration tests in that environment. You can run integration tests by using a CI/CD service on Google Cloud Platform (GCP) to deploy your app as part of the build process.

Although this article discusses Travis CI, most of the ideas apply to other CI tools, such as Jenkins. Travis integrates with GitHub, runs tests in isolation, and best of all, when running on GCP, you don't need to manage your own infrastructure.

About the tutorial

This tutorial demonstrates a Python Flask app that runs on App Engine and interacts with the Google Books API. The app demonstrates how Travis CI can deploy and run end-to-end tests in a staging environment as part of the testing process, triggered by a git push command. The following diagram shows an overview of the process.

Travis CI runs local tests between GitHub and GCP deployment

Travis CI has built-in support for deploying to the App Engine standard or flexible environments by using deployment providers. When you use these providers, some of the basic setup steps stay the same, but the configuration file is simpler. This tutorial demonstrates what these providers do. In this tutorial, Travis CI downloads the Cloud SDK, which can also be used for purposes other than deployment, such as running local emulators for your unit tests. Although this tutorial uses the App Engine deployment provider, refer to the Travis CI documentation, for more information on other providers.

This tutorial creates new service account credentials and API keys that you should only use for this tutorial. To simplify this tutorial, the encrypted keys are uploaded to GitHub. This is a security anti-pattern that you should avoid in production environments.

Objectives

  • Configure Cloud Shell for use with GitHub.
  • Configure GitHub and Travis CI accounts.
  • Fork the sample code repo and enable it in Travis.
  • Create an App Engine app and create credentials for Travis CI.
  • Install the Travis command-line tools.
  • Update the sample code for your project and use Travis to encrypt secrets.
  • Push new code to GitHub and have Travis CI automatically test the code on App Engine.

Costs

Neste tutorial, os seguintes componentes faturáveis do Google Cloud Platform são usados:

  • App Engine

Use a calculadora de preços para gerar uma estimativa de custo com base no uso do projeto. Novos usuários do GCP são qualificados para uma avaliação gratuita.

Before you begin

  1. Faça login na sua Conta do Google.

    Se você ainda não tiver uma, inscreva-se.

  2. Selecione ou crie um projeto do GCP.

    Acessar a página Gerenciar recursos

  3. Verifique se o faturamento foi ativado para o projeto.

    Saiba como ativar o faturamento

  4. Ativar Compute Engine, Google Books, and App Engine APIs.

    Ativar a de APIs

  5. Create accounts for GitHub and Travis CI.

Ao concluir este tutorial, exclua os recursos criados para evitar a continuidade no faturamento. Veja mais detalhes em Limpeza.

Configuring Cloud Shell for your GitHub account

For the majority of this tutorial you are using Cloud Shell, including committing code to a GitHub repository. GitHub only allows commits by using SSH connections; therefore, Cloud Shell needs to be configured with SSH keys.

  1. In the GCP Console, click Activate Cloud Shell.

    GO TO Cloud Shell

  2. Generate a new SSH key.

  3. Add the new SSH key to your GitHub account.

  4. Verify that your SSH key can communicate with GitHub.

Configuring Travis CI with your GitHub account

  1. On the Travis CI page, sign in with your GitHub account.
  2. On the Sign in to GitHub to continue to Travis CI page, enter your GitHub credentials and then click Sign In.
  3. Click Authorize travis-pro.
  4. On the GitHub Apps Integration page, click Activate.
  5. Click Approve & Install.

Forking the sample code repository

You fork the repository in GitHub to replace the sample project's credentials with your own project's credentials.

  1. Go to the sample code repository, and then click Fork.

    Sample code repository in GitHub

  2. In Cloud Shell, set up your local git config.

    git config --global user.email "you@example.com"
    git config --global user.name "Your Name"
    
  3. Clone the sample code. Replace [YOUR-GITHUB-USERNAME] with your username.

    git clone git@github.com:[YOUR-GITHUB-USERNAME]/continuous-deployment-demo.git
    

Verifying your fork is in Travis CI

  • On the Travis CI website, in the upper-right corner, click your username to open your account settings.

    On the Repositories tab, the continuous-deployment-demo repository is listed.

    Repositories in Travis CI

    Now, every time you push a commit to this repository, Travis CI runs the configured tests and provides a detailed report of the tests' results.

Install Travis command-line tools

  • In Cloud Shell, install the Travis client.

    sudo gem install travis
    

Create an App Engine app

  • In Cloud Shell, create your App Engine app. Replace [REGION] with your GCP region.

    gcloud app create --region=[REGION]
    

Creating credentials

To deploy the app to your GCP project, you must create two types of credentials:

  • Service account credentials that enable the Cloud SDK to authenticate with your GCP project.
  • A public API key that the App Engine app uses to communicate with the Books API.

Create a service account

  1. In the GCP Console, open the IAM Service Accounts page.

    GO TO IAM SERVICE ACCOUNTS PAGE

  2. Click Create Service Account

  3. Enter a Service account name, such as continuous-integration-test.

  4. Click Create.

  5. In the Role menu, select App Engine > App Engine Admin.

  6. Click +Add Another Role, and then select Storage > Storage Admin.

  7. Click Continue.

  8. Click Create Key.

  9. Under Key type, select JSON.

  10. Click Create. The GCP Console downloads a new JSON file to your computer. The name of this file starts with your project ID.

  11. To upload this file to Cloud Shell, click More more_vert, and then select Upload file.

    Upload button in Cloud Shell

  12. Move and rename this file to the root of your GitHub repo.

    mv ~/<your_credentials_filename>.json ~/continuous-deployment-demo/client-secret.json
    

Create the Books API Key

  1. In the Google Cloud Platform Console, open the API Credentials page.

    Go to the Credentials page

  2. Go to Create credentials > API key.

    Create credentials page

  3. A key is automatically created. Copy the API key, and then click Close.

  4. In Cloud Shell, add the new API key to the api_key.py file. Replace [YOUR_API_KEY] with the API key you copied previously.

    export API_KEY=[YOUR_API_KEY]
    cd ~/continuous-deployment-demo
    echo "key = '${API_KEY}'" > api_key.py
    

Encrypt the credentials for Travis CI to use

These credentials are added to a public GitHub repository, and therefore need to be encrypted. You encrypt the files locally and configure Travis to decrypt them. For more information, see encrypting files for Travis CI.

  1. In Cloud Shell, create a tar archive file containing both of these credentials because Travis CI can only decrypt one file.

    tar -czf credentials.tar.gz client-secret.json api_key.py
    
  2. Log in to Travis CI.

    travis login --pro
    
  3. When asked to complete shell installation, enter Y and then enter your GitHub credentials.

  4. Encrypt the file locally.

    travis encrypt-file credentials.tar.gz --pro
    
  5. When prompted to overwrite the existing file, enter yes.

  6. Copy the output line that begins with openssl aes-256-cbc to the clipboard.

    Console output that begins with `openssl`

  7. In the .travis.yml file, replace the DECRYPT_COMMAND string with the previous console output by using the following command. Replace [YOUR_COMMAND_OUTPUT] with the console output you copied in the previous step.

    sed -i 's/DECRYPT_COMMAND/[YOUR_COMMAND_OUTPUT]/g' .travis.yml
    
  8. Edit the .travis.yml file and the e2e_test.py file to reflect your project name.

    sed -i "s/continuous-deployment-python/${DEVSHELL_PROJECT_ID}/g" .travis.yml
    sed -i "s/continuous-deployment-python/${DEVSHELL_PROJECT_ID}/g" e2e_test.py
    
  9. Add the encrypted archive to the repository.

    git add credentials.tar.gz.enc .travis.yml e2e_test.py
    git commit -m "Adds encrypted credentials for Travis and updates project name"
    

Commit to GitHub and test with Travis CI

Now that you have configured the sample app for Travis CI and enabled Travis CI on your fork of the project in GitHub, you can push the latest version of the code to watch a build and testing cycle.

git push origin master

While the test runs, you can watch the build output in real time on the Travis dashboard. If both tests and deployment to App Engine succeed, your CI/CD process has run successfully. The process is defined by the .travis.yml file, for more information on the .travis.yml visit the Travis CI documentation.

Travis dashboard with test's output

Additional output

Cleaning up

To avoid incurring charges to your Google Cloud Platform account for the resources used in this tutorial:

You can delete the project entirely or stop the App Engine.

Delete the project

  1. No Console do GCP, acesse a página "Projetos".

    Acessar a página Projetos

  2. Na lista de projetos, selecione um e clique em Excluir projeto.
  3. Na caixa de diálogo, digite o código do projeto e clique em Encerrar para excluí-lo.

What's next

Esta página foi útil? Conte sua opinião sobre:

Enviar comentários sobre…