Simulacrum of a Jenkins deployment to App Engine

deploy.sh

export ORG=[[ORG]]
export ROOT=[[PROJECT_ROOT]]
export PROJECT=${ROOT}-$(shuf -i 1000-9999 -n 1)
export BILLING=[[BILLING]]
export VERSION=$(shuf -i 1000-9999 -n 1)
export REGION="us-central"
export SERVICES="cloudresourcemanager"

export ACCOUNT=$(gcloud config get-value account)

gecho() {
    local GREEN="\033[0;32m"
    local BLACK="\033[0m"
    echo -e "$(date +%s.%N): ${GREEN}${1}${BLACK}"
}

echo "Project: ${PROJECT}"
echo "Account: ${ACCOUNT}"
echo ""

gecho "projects create"
gcloud projects create ${PROJECT} --organization=${ORG}

gecho "billing link"
gcloud config set account [[BILLLING_ACCOUNT]]
gcloud beta billing projects link $PROJECT --billing-account=$BILLING
gcloud config set account ${ACCOUNT}

gecho "enable services [${SERVICES}]"
for SERVICE in ${SERVICES}
do
  gcloud services enable ${SERVICE}.googleapis.com \
  --project=$PROJECT
done

gecho "apps create"
gcloud app create \
--region=${REGION} \
--project=${PROJECT}

gecho "app deploy [${VERSION}]"
gcloud app deploy . --no-promote --version=${VERSION} --project=${PROJECT} --quiet

master.sh

export ORG=[[ORG]]
export PROJECT=[[MASTER]]
export BILLING=[BILLING]]
export SERVICES="iam cloudresourcemanager"
export ZONE="us-west1-c"

export ROBOT="deployer-$(shuf -i 1000-9999 -n 1)"
export INSTANCE="instance-$(shuf -i 1000-9999 -n 1)"

gecho() {
    local GREEN="\033[0;32m"
    local BLACK="\033[0m"
    echo -e "$(date +%s.%N): ${GREEN}${1}${BLACK}"
}

ACCOUNT=$(gcloud config get-value account)
echo "Authenticated account: ${ACCOUNT}"
echo ""

gecho "projects create"
#gcloud projects create ${PROJECT}

gecho "billing link"
gcloud beta billing projects link $PROJECT --billing-account=$BILLING

gecho "enable services [${SERVICES}]"
for SERVICE in ${SERVICES}
do
  gcloud services enable ${SERVICE}.googleapis.com \
  --project=$PROJECT
done

gecho "create robot [${ROBOT}@]"
gcloud iam service-accounts create ${ROBOT} \
--display-name=${ROBOT} \
--project=$PROJECT

gecho "organization add-iam-policy"
gcloud organizations add-iam-policy-binding ${ORG} \
--member=serviceAccount:${ROBOT}@${PROJECT}.iam.gserviceaccount.com \
--role=roles/resourcemanager.projectCreator

gecho "create instance [${INSTANCE}]"
gcloud beta compute instances create ${INSTANCE} \
--machine-type=custom-2-8192 \
--preemptible \
--image=ubuntu-1604-xenial-v20180126 \
--image-project=ubuntu-os-cloud \
--boot-disk-size=25 \
--project=$PROJECT \
--zone=$ZONE \
--service-account=${ROBOT}@${PROJECT}.iam.gserviceaccount.com \
--scopes https://www.googleapis.com/auth/cloud-platform

gecho "copy deployment script and app files"

gcloud compute scp deploy.sh ${INSTANCE}:. \
--project=${PROJECT} \
--zone=${ZONE}

for FILE in main.py app.yaml requirements.txt
do
  gcloud compute scp \
  python/${FILE} \
  ${INSTANCE}:. \
  --project=${PROJECT} \
  --zone=${ZONE}
done

gecho "run deployment script on the VM as the robot"
gcloud compute ssh $INSTANCE --project=$PROJECT --zone=$ZONE -- "./deploy.sh"

# Unwind
read -p "Press any key to delete the current robot and its key" -n1 -s

gecho "delete instance"
gcloud compute instances delete ${INSTANCE} \
--project=${PROJECT} \
--zone=${ZONE} \
--quiet

gecho "organization remove-iam-policy-binding"
gcloud organizations remove-iam-policy-binding ${ORG} \
--member=serviceAccount:${ROBOT}@${PROJECT}.iam.gserviceaccount.com \
--role=roles/resourcemanager.projectCreator

gecho "delete robot [${ROBOT}@]"
gcloud iam service-accounts delete ${ROBOT}@${PROJECT}.iam.gserviceaccount.com \
--project=$PROJECT \
--quiet