Google Cloud Run CI/CD on Cloudbuild / Handling domain mapping

Question

Following this guide , it stops at the deployment step itself.

I'd be looking to apply one last step, which would be an automatic domain mapping setup, that couldbuild would run :

gcloud beta run domain-mapping create --service xxx --domain example.com

The custom domain that we'd be looking to map (above, the example.com placeholder) is handled by google dns, verified on google via the webmaster tools, etc... things works perfectly when don manually via the UI.

However, the cloudbuild service account (the 'user' that will run the domain mapping command) is not the one that have verified the domain. So this last steps can just fail

Is there a role to add to the cloudbuild service account to pass the verification check ? What other process should be used ?

Answer 1

When a user verifies a domain, that domain is only verified to that user's account. However, if you are that user you can enable other users (or service accounts) to add mappings that use that domain by adding them as verified owners.

To do so:

1. Navigate to the Webmaster Central page: https://www.google.com/webmasters/verification/home
2. Under Properties, click the domain for which you want to add a user or service account.
3. Scroll down to the Verified owners list, click Add an owner, and then enter your Cloud Build service account ID

Once this is done you should be able to run the gcloud beta run domain-mapping create command from Cloud Build successfully.