I would like to use google_cloudfunctions2_function just with container registry (point to specific image), but for some strange reason, it’s not possible and I should provide build_config with source.
My sources are placed in github and this is a nightmare to understand which permissions, to which SA and how should I provide to allow cloud builder to access github and, unfortunately, I failed to understand how to do that.
So the questions:
is it somehow possible to avoid providing source for build_config or avoid cloud_build and cause google_cloudfunctions2_function to use pre-build image from container registry ?
Any guide what is the right way to make bouild_config → source to work properly with github ?
This is a pretty common problem. Maybe someone’s got a better idea, but I’ve seen it approached a couple of different ways
Use a CI pipeline to deploy the function in an idempotent way, and don’t try to manage it in Terraform at all. This has some downsides… including that you’ll likely have to hard-code the function name or use data resources for related permissions, etc., and you’ll potentially need to hard code things like service account names in the CI configs. This is usually my preferred way to do it, though, all things being equal.
Deploy a placeholder / “sentinel” function (just a skeleton with some simple “hello world” code, or whatever) from a zip file or from GCS in the Terraform code, then update the function’s code from your deploy pipeline.
thank you for answer ! This is really appreciated. I found another solution - just to use google_cloud_run_v2_service instead of google_cloudfunctions2_function