Google CloudBuild
How to integrate Google CloudBuild with Cloudsmith

Cloudsmith can be used as a target for all the assets created using Google CloudBuild. This guide shows you how to use the Cloudsmith CLI to upload/push a Python package to your Cloudsmith repo.
All formats are supported.
Getting Started
Integrating Cloudsmith as part of your Google CloudBuild project is as simple as installing the Cloudsmith CLI during your build and then using the cloudsmith push command to upload the artifacts from your build process to your Cloudsmith repository.
Adding your API Key to Google Cloud
In order to use the Cloudsmith CLI with Google CloudBuild, we recommend that you create a Cloudsmith service account and use its API key instead of a personal API key. This is more secure, easier to audit, and better suited for CI/CD environments like Google CloudBuild.
You can create and manage service accounts in Cloudsmith by following this guide:
Once you’ve created a service account and generated its API key, we recommend that you add the key as an environment variable using Google Secret Manager.
Authentication best practices
We do not recommend adding the API-Key itself directly into the
cloudbuild.yaml
file for your Google CloudBuild project, as it will then be revealed in any resulting logs from the build.
Step 1: Store the API key in Google Secret Manager
- Go to the Secret Manager page in the Google Cloud Console.
- Click + CREATE SECRET.
- In the Name field, enter CLOUDSMITH_API_KEY.
- In the Secret value field, paste your Cloudsmith service account API key.
- Leave other settings as default or configure as needed.
- Click CREATE SECRET.
Step 2: Grant Cloud Build access to the secret
Your Cloud Build service account (usually [PROJECT_NUMBER]@cloudbuild.gserviceaccount.com) needs permission to access the secret.
- Go to the Secret Manager page.
- Click on the CLOUDSMITH_API_KEY secret.
- Go to the PERMISSIONS tab.
- Click + GRANT ACCESS.
- In New principals, enter your Cloud Build service account.
- Under Select a role, choose Secret Manager Secret Accessor.
- Click SAVE.
Step 3: Reference the secret in cloudbuild.yaml
To reference a secret stored in Google Secrets Manager in your Google CloudBuild cloudbuild.yaml
file you would use the following syntax:
steps:
- name: 'python'
secretEnv: ['CLOUDSMITH_API_KEY']
For further details on obtaining your Cloudsmith API Key, see:
For further details on using Google Secrets Manager with Google CloudBuild see:
Adding the Cloudsmith CLI to your CloudBuild Project
To add the Cloudsmith CLI to your Google CloudBuild Project, add the following command to the cloudbuild.yaml
file:
- pip install cloudsmith-cli
Uploading a built artifact to Cloudsmith
To upload an artifact from a build to a Cloudsmith repository, add the cloudsmith push
command in cloudbuild.yaml
file:
- cloudsmith push FORMAT OWNER/REPOSITORY FILENAME
Please see the Cloudsmith CLI documentation for more details of the syntax of the cloudsmith push
command and the Supported Formats page for examples of the cloudsmith push
command for each supported format.
Example cloudbuild.yaml
Here’s a complete working example that builds a Python package and uploads it to a Cloudsmith repository:
steps:
- name: 'python'
entrypoint: bash
secretEnv: ['CLOUDSMITH_API_KEY']
args:
- '-c'
- |
echo "Setting up virtualenv and installing Cloudsmith CLI..."
python3 -m venv venv
source venv/bin/activate
pip install --upgrade pip setuptools wheel cloudsmith-cli
echo "Building package..."
python setup.py sdist bdist_wheel
echo "Authenticating with Cloudsmith..."
cloudsmith whoami
echo "Pushing package to Cloudsmith..."
cloudsmith push python ORG_NAME/REPO_NAME dist/*.whl
availableSecrets:
secretManager:
- versionName: projects/your-gcp-project-id/secrets/CLOUDSMITH_API_KEY/versions/latest
env: CLOUDSMITH_API_KEY
- Replace
your-org/your-repo
with your actual Cloudsmith organization/repository name.- Also update
your-gcp-project-id
with your actual Google Cloud project ID.
Support
As always, if you have any questions about integration or would like some general advice, please contact support.
Updated about 6 hours ago