CODEWITHSUNDEEP
mavengoogle-app-enginejenkins
Brian Bauman
Brian Bauman

Reputation: 1150

Deploy Google App Engine Via Jenkins

I am trying to deploy a Java Google App Engine project via my Jenkins server. The idea is that on a commit I run my tests and if all pass, I deploy to my Google project.

I have tried a variety of things and have gotten close with service account json files. I am currently running: mvn clean appengine:update -Dapplication-id=<app_id> -Dappengine.additionalParams=--service_account_json_key_file=<json_file>.

The problem I am running into is getting an error of:

You do not have permission to modify this app (app_id=...)

The service account has Google App Engine Deploy permissions and added Google App Engine Owner just to see if that fixed anything, but it didn't.

Previously, I tried to use the gcloud command line tool to authenticate prior to running maven but every time I did that I would have the build prompt to authenticate via a browser (which doesn't work in a CI environment).

Has anyone been able to build and deploy to Google App Engine from Jenkins?

Upvotes: 1

Views: 3565

Answers (1)

Tuxdude
Tuxdude

Reputation: 49583

TL;DR - Your steps and command look reasonable and should have worked. You might want to double check the following:

  • Service account has at least App Engine Deployer role assigned to it.

  • Maven command needs to use the credentials from the service account json file (look at the log line which looks something like this that includes --service_account_json_key_file=):

    [INFO] Retrieving Google App Engine Java SDK from Maven
[INFO] Updating Google App Engine Application
[INFO] Running -A PROJECT_NAME -V 100 --oauth2 --service_account_json_key_file=/path/to/service_account.json update /Users/tuxdude/google-cloud-examples/google-app-engine/java/helloworld-email/appengine/helloworld/target/appengine-helloworld-1.0-SNAPSHOT

Steps that worked for me

I just tried these steps and it worked for me:

  1. Create a new service account from IAM & Admin page in Google Cloud Console.
  2. Grant just the 'App Engine Deployer' role.
  3. Select the checkbox which says Furnish a new private key. Choose key type as json
  4. Save the json file

  5. Run the following maven command to deploy using the service account credentials:

    mvn clean appengine:update -Dappengine.additionalParams=--service_account_json_key_file=path/to/service_account_key.json

If your path has any characters which could break argument tokenization, you can use this version:

    mvn clean appengine:update -Dappengine.additionalParams=--service_account_json_key_file="path/to/service_account_key.json"

Upvotes: 4

Related Questions