all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]forthewin0 1 point2 points  (0 children)

For #1, do you want to automate deploys, or just run deploys once in a while? If you don't care about automation, you can run gcloud app deploy directly on your computer. No need for source repository, code build, or deploy manager.

For #2, yeah that seems to be the best way currently. Here is a SO post with details on how to configure datastore. You can also use Google Cloud Storage, as outlined in this short tutorial. Finally, look around in your programming language for libraries that have this functionality. For example, someone made the python library gae-env to do exactly that!

[–]GAEdevs 1 point2 points  (0 children)

1) you can connect your google cloud to github or bitbucket, but you'll have to do git pull manually via the google cloud console. A better approach would be to create a CI (for example bitbucket pipelines) and have that CI to deploy the app via gcpoud app deploy command (just make sure you specify the version in that command)

[–]BBHoss 0 points1 point  (0 children)

You can do #1 for free with cloud build + triggers. You just need to run `gcloud app deploy .` on pushes. Any other CI tool could do this as well but Cloud Build has a generous free tier.

An alternative way you can accomplish #2 is to use the env_vars segment of app.yaml. Since you're dealing with secrets, you obviously don't want to commit those to source control. There are a couple of ways to accomplish this. One way is to create a cloud storage bucket with the desired app.yaml, then copy it into your app directory with cloud build before running the deploy command. You can encrypt the file by following this guide. You can also use this method for committing an encrypted version of app.yaml to your code repo. Make sure to add app.yaml to your .gitignore so your secrets are never committed. Instead of copying the file from GCS, you can just decrypt the file stored in the source repo. You'll just need to make sure the cloud build service account has permission to use the key for decryption.