Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from GitHub Actions to Google Cloud Build #1442

Open
16 tasks
NimJay opened this issue Jan 5, 2023 · 2 comments
Open
16 tasks

Migrate from GitHub Actions to Google Cloud Build #1442

NimJay opened this issue Jan 5, 2023 · 2 comments
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@NimJay
Copy link
Collaborator

NimJay commented Jan 5, 2023
edited

Background

  • Today, all of our CI (automated tests triggered by pull-requests and pushes to main) use GitHub Actions.
  • See /.github/workflows.

Feature Request

Why migrate to Google Cloud Build?

  • We can dog-food yet another Google Cloud product and provide feedback to improve Google Cloud Build.
  • We can support more Google Cloud users with an open source demonstration of Google Cloud Build.
  • We can be consistent with the Point of Sale app which uses Google Cloud Build.

Work to be done:
@NimJay NimJay added priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels Jan 5, 2023
@NimJay NimJay mentioned this issue Jan 5, 2023
Open
@bourgeoisor
Copy link
Member

It's also worth considering (to reduce scope) only porting some of the Actions over to Cloud Build (for example, the ci-main and ci-pr Actions), and having the other ones run in GitHub instead of self-hosted (that's already the case for helm-chart-ci and terraform-validate-ci!)

@minherz
Copy link
Contributor

minherz commented Sep 25, 2023

It is nice to add few "cons" to this list of "pros".

  • Security risk to allow a custom code (anyone can submit a code change) to be run by Cloud Build in the CI project on GCP
  • Security risk to expose extensive output that Cloud Build prints out to logs

These both bullets can be addressed by constraining who can run builds and/or who can see the logs. However, these solutions seriously slow development efforts on Open Source projects and contradict the first bullet in the "why" list.

There is a question regarding the last bullet in the "why" list. Can you please provide arguments that support a need to be consistent with PoC? Otherwise, that bullet does not qualify to be included.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bourgeoisor @minherz @NimJay