Cloud Build Gitlab Runner Bridge
This repo hosts the config and scripts required to run your set up Google Cloud Build as the backend for your GitLab CI.
With Cloud Build you get a performant and scalable fleet of executors for your builds and only pay for what you use.
Below is the architecture of this setup:
The main component is a virtual machine, the bridge, which runs a Custom executor that runs your builds in Cloud Build rather than locally.
Quick Start
-
Build the Docker image that contains the config and scripts for the bridge.
export PROJECT=$(gcloud config get-value project) gcloud builds submit -t gcr.io/$PROJECT/gitlab-runner-cloudbuild .
-
Obtain your runner registration token by following docs:
https://docs.gitlab.com/runner/register/#requirements
For gitlab.com, you must configure a project-specific runner.
-
Run the gitlab-runner to register your runner.
mkdir etc export REGISTRATION_TOKEN=<SET_YOUR_TOKEN_HERE> export GITLAB_URL=https://gitlab.com docker run --rm -it -v `pwd`/etc:/etc/gitlab-runner gitlab/gitlab-runner register -n -r ${REGISTRATION_TOKEN} -u ${GITLAB_URL} --tag-list cloudbuild --executor custom
-
Setup IAM for the bridge VM
gcloud iam service-accounts create gitlab-runner gcloud projects add-iam-policy-binding ${PROJECT} --member=serviceAccount:gitlab-runner@${PROJECT}.iam.gserviceaccount.com --role='roles/editor'
-
Get the token from the config file that was generated in ./etc/config.toml:
cat ./etc/config.toml | grep token
-
Create a secret in Secrets Manager with your token in it:
gcloud secrets create gitlab-runner-token echo "$TOKEN" | gcloud secrets versions add gitlab-runner-token --data-file=- gcloud secrets add-iam-policy-binding gitlab-runner-token --member=serviceAccount:gitlab-runner@${PROJECT}.iam.gserviceaccount.com --role='roles/secretmanager.secretAccessor'
-
Create a Cloud Storage bucket for passing artifacts between Cloud Build and the bridge VM.
gsutil mb gs://$PROJECT-gitlab-cache
-
Run the gitlab-runner container in a VM:
gcloud compute instances create-with-container gitlab-runner-cloudbuild-$(date +%s) \ --machine-type=e2-standard-2 \ --service-account=gitlab-runner@${PROJECT}.iam.gserviceaccount.com \ --scopes=https://www.googleapis.com/auth/cloud-platform \ --image-family=cos-stable --image-project=cos-cloud \ --container-image=gcr.io/$PROJECT/gitlab-runner-cloudbuild \ --container-restart-policy=always \ --boot-disk-size=200GB
-
Ensure your
.gitlab-ci.yml
sets the builds tag tocloudbuild
. For example:build: tags: - cloudbuild stage: build script: - echo "This will run in Cloud Build"