Continuous Delivery (CD) is a set of software engineering practices that enables teams to deliver software quickly and safely by automating the entire software release process through a deployment pipeline.

To build a continuous delivery pipeline, you typically need separate tools to perform the necessary tasks, including the following:

• Automate artifact builds and software tests
• Manage source code
• Store, secure, and distribute software artifacts
• Manage and automate deployment to different runtime environments

You can choose tools from different providers and different deployment or installation methods, and integrate them. Or you can use a set of managed services from the same cloud provider, reducing the setup, integration, and management effort, allowing you to focus on your code.

The goal of this book is to use hands-on exercises to show you how to build an end-to-end continuous delivery pipeline on Google Cloud using Google-managed services, covering not only how to get code from commit to production but also how you can optimize your inner development loop.

The book starts by introducing continuous delivery principles and best practices to implement them while protecting your artifacts from security threats. You’ll then learn how to use Skaffold, Cloud Code, Duet AI, and Cloud Workstations to help stay in the flow and optimize feedback loops while you code. You’ll experiment with automating your builds and tests and generating signed provenance for your artifacts using Cloud Build. You’ll understand how to store your software artifacts and assess their security posture using Artifact Registry. You’ll learn how to orchestrate deployments and promotions through different stages using Cloud Deploy, and release your software on GKE and Cloud Run. You’ll also see how to use Binary Authorization to protect these runtime environments. Furthermore, we'll show some examples of integrating these tools with other services you may have.

After you learn about each tool or service, following the hands-on examples, we’ll guide you through creating an end-to-end software delivery pipeline that represents a real production environment, with multiple actors involved, using all the aforementioned services together.

Lastly, we’ll provide some additional best practices, as well as insights into some possible future trends.

By the end of this book, you’ll be able to build a secure software delivery pipeline from development to production using Google Cloud’s managed services and best practices.

This book is mainly for technical practitioners, such as DevOps engineers and platform engineers, who manage application deployment, create continuous delivery pipelines, and want to automate workflows in a fully managed, scalable, and secure platform.

Another group who will find the book useful are software developers involved in application delivery, who are interested in learning how to leverage Google Cloud tools to optimize development flow status and feedback loop.

Chapter 1, Introducing Continuous Delivery and Software Supply Chain Security, describes continuous delivery principles and some of the practices and technical capabilities that drive the ability to implement them. The chapter also provides an overview of the security threats that a software supply chain can be exposed to and some practices that can mitigate them.

Chapter 2, Using Skaffold for Development, Build, and Deploy, describes Skaffold and how you can use it to test your application continuously while you develop it, build the container image containing your application, execute tests, and deploy it on different Kubernetes clusters.

Chapter 3, Developing and Testing with Cloud Code, demonstrates how to use Cloud Code, a Google-provided IDE add-on, to optimize the development flow state and feedback loops, and how to use Duet AI to get help while coding.

Chapter 4, Securing Your Code with Cloud Workstations, describes how an administrator can preconfigure Cloud Workstations, fully managed developer workstations hosted in Google Cloud, and how developers can use those workstations to work on code using their preferred IDE.

Chapter 5, Automating Continuous Integration with Cloud Build, describes Cloud Build, a managed service used to automate building artifacts, as well as other continuous integration (CI) tasks, and how you can use Cloud Build to build your application from source to a deployable container image.

Chapter 6, Securely Store Your Software on Artifact Registry, describes Artifact Registry, the Google-managed container and software artifact repository, and shows how to use it to store container images, application dependencies, and all of your software artifacts, scan them for vulnerabilities, and store vulnerabilities’ metadata.

Chapter 7, Exploring Runtimes – GKE, GKE Enterprise, and Cloud Run, describes the main runtime environments into which you can deploy your applications using Google Cloud continuous delivery tooling. This chapter includes Google Kubernetes Engine (GKE) hosted on GCP as well as Cloud Run, and on-premises Kubernetes or hosted on other hyperscale cloud platforms.

Chapter 8, Automating Software Delivery Using Cloud Deploy, describes Cloud Deploy, a service you can use to automate how your application is delivered to a predetermined sequence of runtime environments. You’ll learn how to create the software delivery pipeline that guides your application delivery to those target environments.

Chapter 9, Securing Your Runtimes with Binary Authorization, describes Binary Authorization, a service that lets you configure policies to control the execution of container-based applications on Google Cloud runtimes such as GKE and Cloud Run.

Chapter 10, Demonstrating an End-to-End Software Delivery Pipeline, shows how to use all the Google Cloud tools described in the previous chapters to create and run an end-to-end pipeline from code to production for an example application.

Chapter 11, Integrating with Your Organization's Workflows, demonstrates an example of how to integrate your pipeline with external systems present in your organization, such as source-code management systems or workflow management tools.

Chapter 12, Diving into Best Practices and Trends in Continuous Delivery, describes some best practices for continuous delivery on Google Cloud that we didn’t cover exhaustively in previous chapters. This chapter also provides some hints on future improvements, directions, and developments in software delivery capabilities.

To get the most out of this book, you’ll need a basic understanding of software development and application packaging (basic project structure, builds, and unit tests), application deployment, Linux containers, Kubernetes, and the fundamentals of Google Cloud (Cloud APIs, IAM, etc.).

All the tasks in the book that require a terminal or an editor can be performed with Cloud Shell (or Cloud Workstations), accessible with one of the aforementioned supported browsers. We suggest using Cloud Shell or Cloud Workstations because they have all the necessary tools already installed. If you prefer, you can install the gcloud CLI, Skaffold, and Cloud Code locally, following the requirements in the preceding table.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Secure-Continuous-Delivery-on-Google-Cloud. If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “A new build now runs, linked to the scdbook-e2e-merge trigger.”

A block of code is set as follows:

[{
"id" : "upstream1",
"repository" : "projects/$PROJECT_ID/locations/us-central1/repositories/python-local",
"priority" : 100
},

Any command-line input or output is written as follows:

gcloud artifacts repositories list --project=$PROJECT_ID \
--location=us-central1

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “To view the render logs, click the link next to Render logs, under Rendering.”

Tips or important notes

Appear like this.

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at customercare@packtpub.com and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packtpub.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Once you’ve read Secure Continuous Delivery on Google Cloud, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content..

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily.

Follow these simple steps to get the benefits:

1. Scan the QR code or visit the link below

https://packt.link/free-ebook/978-1-80512-928-8

2. Submit your proof of purchase
3. That’s it! We’ll send your free PDF and other benefits to your email directly