In this first vlog post in our Case for Firebase series, we walk through how to use Typescript effectively in Firebase, leaning on the excellent features in Google Antigravity and Google Cloud Build.

#firebase #antigravity #typescript #gcp #cloudbuild

Watch here: https://daywards.com/d/EIpFga

I am increasingly of the opinion that when writing CI scripts for platforms such as GitHub actions you shouldn't use that platform's features but just wrap a single largish bash script.

It is trivially runnable on your laptop, which is great for testing and debugging changes locally.

And you don't need to learn syntax and conventions that are only used by a single system.

I'd be interested to know why this approach is so unusual. Is it because actions from the marketplace don't mix well with this?

#GitHub #ci #cicd #cloudbuild

Cybersecurity experts have uncovered a significant vulnerability named ConfusedFunction in Google Cloud Platform's Cloud Functions service. This issue allows attackers to elevate their privileges, potentially accessing various services and sensitive data without authorization. When a Cloud Function is created or updated, a Cloud Build service account is automatically generated and linked to a Cloud Build instance. This service account possesses extensive permissions, which, if misused, can lead to unauthorized access to Cloud Storage, Artifact Registry, and Container Registry among others. Google has addressed this by changing the default behavior to use the Compute Engine default service account instead, though this does not retroactively apply to existing instances. Despite this fix, the deployment of a Cloud Function still necessitates assigning certain permissions to the Cloud Build service account, highlighting ongoing concerns about software complexity and inter-service communication in cloud environments.

https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions

#cybersecurity #google #googlecloud #vulnerability #privilege_escalation #confusedfunction #cloudfunction #cloudstorage #cloudbuild #cloud #tenable

Cloud Build has `script` and `automapSubstitutions` to make putting shell in the YAML easier.

https://dev.to/googlecloud/modernizing-cloudbuildyaml-for-container-builds-1je0

#til #googlecloud #cloudbuild #yaml #codegolf

Taking multiple steps to build, pack and publish a NuGet package manually is a distraction and error-prone. Use Google Cloud Build to handle the boring parts of the SDLC.

https://jochen.kirstaetter.name/automate-nuget-package-creation-google-build/

#gde #mvpbuzz #dotnet #gcloud #cloudbuild

Are you thinking about rolling your own software #build environment?

If so, recall the ghost of #SolarWinds: https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/

My tips:

- Don't: prefer using someone else's build environment (#GitHub actions, #CloudBuild)
- If you can't: build within an #ephemeral environment (cluster or nodes). Nuke the environment after each PR or daily.
- If you can't: make builds reproducible & build across two individually run environments (Cloud providers, local) - only accept matching outputs.

https://github.com/jeffbryner/gcp-cloudrun-pipeline <-- TFW you search around on the internet for something you created a year ago..

In this case a simple #gcp #cloudbuild managed #cloudrun container that builds itself