Back to Details

gcp-pipeline-resource-provisioning

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

How to use this skill

如何使用该技能

Create or update existing 
deployment.yaml
file and deploy resources. All configuration files MUST be maintained together in the repository root.
创建或更新现有
deployment.yaml
文件并部署资源。所有配置文件必须统一维护在仓库根目录下。

Mandatory labels

必填标签

[!IMPORTANT] Whenever you generate resource definitions in 
deployment.yaml
, you MUST directly populate the 
datacloud
label under 
definition.labels
for every resource to track the source of creation. Determine the value based on your current IDE environment:
  • For Antigravity, set 
    datacloud: "antigravity"
  • For VS Code, set 
    datacloud: "vscode"
  • For any other environment, set 
    datacloud: "other"
Do not use a variable substitution for this label; hardcode the appropriate string value directly into each resource definition (e.g., replacing 
__REQUIRED_LABEL__
placeholders).
Special rule for BigQuery DTS Ingestion: Whenever you generate a 
bigquerydatatransfer.transferConfig
in 
deployment.yaml
, you MUST also explicitly define its target destination 
bigquery.dataset
in the same file and apply the 
datacloud
label to it. You must do this even if the dataset already exists, to ensure the destination dataset's labels are patched and updated.
[!IMPORTANT] 当你在
deployment.yaml
中生成资源定义时,必须为每个资源直接填充
definition.labels
下的
datacloud
标签,以跟踪创建来源。根据当前IDE环境确定标签值:
  • 若使用Antigravity,设置
    datacloud: "antigravity"
  • 若使用VS Code,设置
    datacloud: "vscode"
  • 其他环境,设置
    datacloud: "other"
请勿对该标签使用变量替换;需将合适的字符串值直接硬编码到每个资源定义中(例如替换
__REQUIRED_LABEL__
占位符)。
BigQuery DTS 导入的特殊规则:当你在
deployment.yaml
中生成
bigquerydatatransfer.transferConfig
时,必须在同一文件中显式定义其目标
bigquery.dataset
并为其添加
datacloud
标签。即使该数据集已存在,也必须执行此操作,以确保目标数据集的标签被修补和更新。

Step 1: Supported Resource Types

步骤1:支持的资源类型

The framework supports deploying various GCP resources. To see the comprehensive list of supported resource types, run the following command:
gcloud beta orchestration-pipelines resource-types list
Refer to: references/gcp-pipeline-resource-provisioning_spec.md to understand the template for 
deployment.yaml
.
该框架支持部署各类GCP资源。要查看完整的支持资源类型列表,请运行以下命令:
gcloud beta orchestration-pipelines resource-types list
请参考:references/gcp-pipeline-resource-provisioning_spec.md以了解
deployment.yaml
的模板格式。

Step 2: Discover Environment Parameters

步骤2:发现环境参数

Before generating configurations, discover the actual values for the target project, region, environment, and commit SHA.
[!TIP] If 
deployment.yaml
already exists in the repository root, prioritize extracting 
project
and 
region
from the target environment configuration (e.g., 
dev
).
  1. Project ID:
    bash
    gcloud config get project
  2. Project Number:
    bash
    gcloud projects describe $(gcloud config get project) --format="value(projectNumber)"
  3. Region:
    bash
    gcloud config get-value compute/region
  4. Commit SHA:
    bash
    git rev-parse HEAD
  5. Environment Name: If initialization is needed, you MUST ask the user for the environment name. If the user does not provide it, use dev as the default.
[!TIP]
Use these commands to replace placeholders like 
YOUR_PROJECT_ID
with actual values. Always remove associated comments that start with TODO once replaced.
生成配置前,请获取目标项目、区域、环境和提交SHA的实际值。
[!TIP] 若仓库根目录已存在
deployment.yaml
,优先从目标环境配置(如
dev
)中提取
project
region
的值。
  1. 项目ID
    bash
    gcloud config get project
  2. 项目编号
    bash
    gcloud projects describe $(gcloud config get project) --format="value(projectNumber)"
  3. 区域
    bash
    gcloud config get-value compute/region
  4. 提交SHA
    bash
    git rev-parse HEAD
  5. 环境名称:若需要初始化,必须向用户询问环境名称。若用户未提供,默认使用dev
[!TIP]
使用这些命令将占位符(如
YOUR_PROJECT_ID
)替换为实际值。替换完成后,请务必删除所有以TODO开头的相关注释。

Step 3: Generate or update deployment.yaml

步骤3:生成或更新deployment.yaml

Create or update 
deployment.yaml
in the repository root. This file maps supported environments (dev, stage, prod) to their specific configurations and resources.
[!TIP]
Use the Reference Spec: The agent can use the 
references/gcp_pipeline_resource_provisioning_spec.md
 file as a template. It includes sample definitions for select supported resource types. Copy and adapt the required resource blocks into the 
deployment.yaml
. Use 
gcloud beta orchestration-pipelines resource-types list
when needed.
[!IMPORTANT]
Handling Secrets & Privacy (CRITICAL): NEVER hardcode plain-text secrets in 
deployment.yaml
.
  • Sensitive Data (Secrets): Sensitive information such as passwords, API keys, and other sensitive information MUST be stored in Secret Manager and declared in the 
    secrets:
    block of 
    deployment.yaml
    .
  • Non-Sensitive Data (Variables): General configuration (e.g., dataset names, table IDs, regions) could be declared in the 
    variables:
    block.
  • Substitution via 
    {{ VAR }}
    :     Both 
    variables:
    and 
    secrets:
    MUST be used as 
    {{ VARIABLE_NAME }}
    substitutions in resource definitions.
  • No Creation: The agent MUST NOT use the framework to create new secrets. If 
    gcloud
    indicates the secret does not exist, the agent MUST ask the user to create it manually and then re-verify.
  • Reference Only Policy: The agent's role is strictly limited to referencing existing secrets. The agent MUST NEVER read, print, or inspect the values of secrets.
  • Safe Deployment: The actual value injection happens during deployment execution. The agent only provides the reference.
  • Manual Secret Management: Advise the user to manage secret payloads and versions manually.
在仓库根目录创建或更新
deployment.yaml
。该文件将受支持的环境(devstageprod)映射到其特定配置和资源。
[!TIP]
参考规范文档:Agent可使用**
references/gcp_pipeline_resource_provisioning_spec.md
**文件作为模板。其中包含部分受支持资源类型的示例定义。将所需的资源块复制并调整到
deployment.yaml
中。必要时可使用
gcloud beta orchestration-pipelines resource-types list
命令。
[!IMPORTANT]
机密与隐私处理(关键):切勿在
deployment.yaml
中硬编码明文机密。
  • 敏感数据(机密):密码、API密钥等敏感信息必须存储在Secret Manager中,并在
    deployment.yaml
    secrets:
    块中声明。
  • 非敏感数据(变量):通用配置(如数据集名称、表ID、区域)可在
    variables:
    块中声明。
  • 通过
    {{ VAR }}
    替换
    variables:
    secrets:
    中的内容必须以
    {{ VARIABLE_NAME }}
    的形式在资源定义中进行替换。
  • 禁止创建机密:Agent不得使用该框架创建新的机密。若
    gcloud
    提示机密不存在,Agent必须要求用户手动创建,然后重新验证。
  • 仅引用策略:Agent的角色严格限制为引用现有机密。Agent不得读取、打印或检查机密的值。
  • 安全部署:实际值注入在部署执行期间进行。Agent仅提供引用。
  • 手动机密管理:建议用户手动管理机密内容和版本。

Step 4: Validation

步骤4:验证

The agent MUST validate the 
deployment.yaml
before generating the deployment script. This ensures the configuration is syntactically correct and all variables are resolvable.
gcloud beta orchestration-pipelines validate --environment=<ENV_NAME>
在生成部署脚本前,Agent必须验证
deployment.yaml
。这确保配置语法正确且所有变量均可解析。
gcloud beta orchestration-pipelines validate --environment=<ENV_NAME>

Step 5: Deployment

步骤5:部署

Run the following command to deploy the resources to the target environment.
gcloud beta orchestration-pipelines deploy --environment=<ENV_NAME> --local
[!NOTE] If a new transfer is being created, make sure to NOT remove the DTS transfer resource from 
deployment.yaml
after it completes the run.
运行以下命令将资源部署到目标环境。
gcloud beta orchestration-pipelines deploy --environment=<ENV_NAME> --local
[!NOTE] 若正在创建新的传输任务,完成运行后请勿从
deployment.yaml
中移除DTS传输资源。

Definition of Done

完成标准

  • deployment.yaml
    exists in the repository root with actual discovered values (no placeholders) and correct resource definitions.
  • The agent runs the deployment command to perform the deployment, and it executes successfully (exit code 0).
  • deployment.yaml
    存在于仓库根目录,包含已获取的实际值(无占位符)和正确的资源定义。
  • Agent运行部署命令执行部署,且命令执行成功(退出码为0)。