1. Overview
As the evolution of Container Registry, Artifact Registry is a single place for your organization to manage container images and language packages (such as Maven and npm). It is fully integrated with Google Cloud's tooling and runtimes and comes with support for language based dependency management for use with tools like npm and Maven. This makes it simple to integrate it with your CI/CD tooling to set up automated pipelines.
This lab will walk you through some features available in Artifact Registry.
What you will learn
What are the learning objectives of this lab?
- Create repositories for Containers and Language Packages
- Manage container images with Artifact Registry
- Integrate Artifact Registry with Cloud Code
- Configure Maven to use Artifact Registry for Java Dependencies
2. Setup and Requirements
Self-paced environment setup
- Sign-in to the Google Cloud Console and create a new project or reuse an existing one. If you don't already have a Gmail or Google Workspace account, you must create one.
- The Project name is the display name for this project's participants. It is a character string not used by Google APIs, and you can update it at any time.
- The Project ID must be unique across all Google Cloud projects and is immutable (cannot be changed after it has been set). The Cloud Console auto-generates a unique string; usually you don't care what it is. In most codelabs, you'll need to reference the Project ID (and it is typically identified as
PROJECT_ID), so if you don't like it, generate another random one, or, you can try your own and see if it's available. Then it's "frozen" after the project is created. - There is a third value, a Project Number which some APIs use. Learn more about all three of these values in the documentation.
- Next, you'll need to enable billing in the Cloud Console in order to use Cloud resources/APIs. Running through this codelab shouldn't cost much, if anything at all. To shut down resources so you don't incur billing beyond this tutorial, follow any "clean-up" instructions found at the end of the codelab. New users of Google Cloud are eligible for the $300 USD Free Trial program.
Set up gcloud
In Cloud Shell, set your project ID and project number. Save them as PROJECT_ID and PROJECT_NUMBER variables.
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')
Enable Google Services
gcloud services enable \
cloudresourcemanager.googleapis.com \
container.googleapis.com \
artifactregistry.googleapis.com \
containerregistry.googleapis.com \
containerscanning.googleapis.com
Get the source code
The source code for this lab is located in the GoogleCloudPlatform org on GitHub. Clone it with the command below then change into the directory.
git clone https://github.com/GoogleCloudPlatform/cloud-code-samples/
Provision the infrastructure used in this lab
In this lab you will deploy code to GKE. The setup script below prepares this infrastructure for you.
gcloud container clusters create container-dev-cluster --zone=us-central1-b
3. Working with container images
Create a Docker Repository on Artifact registry
Artifact Registry supports managing container images and language packages. Different artifact types require different specifications. For example the requests for Maven dependencies are different from requests for Node dependencies.
To support the different API specifications, Artifact Registry needs to know what format you want the API responses to follow. To do this you will create a repository and pass in the --repository-format flag indicating the type of repository desired
From Cloud Shell run the following command to create a repository for Docker images:
gcloud artifacts repositories create container-dev-repo --repository-format=docker \
--location=us-central1 --description="Docker repository for Container Dev Workshop"
Click Authorize if the Cloud Shell authorization prompt appears
Go to Google Cloud Console - Artifact Registry - Repositories and notice your newly created Docker repository named container-dev-repo, if you click on it you can see that it's empty at the moment
Configure Docker Authentication to Artifact Registry
When connecting to Artifact Registry credentials are required in order to provide access. Rather than set up separate credentials, Docker can be configured to use your gcloud credentials seamlessly.
From Cloud Shell run the following command to configure Docker to use the Google Cloud CLI to authenticate requests to Artifact Registry in the us-central1 region,
gcloud auth configure-docker us-central1-docker.pkg.dev
The command will prompt for a confirmation to change the Cloud Shell docker configuration, hit enter.
Explore the sample Application
A sample application is provided in the git repository you cloned in an earlier step. Change into the java directory and review the application code.
cd cloud-code-samples/java/java-hello-world
The folder contains an example Java application that renders a simple web page: in addition to various files not relevant for this specific lab, it contains the source code, under the src folder, and a Dockerfile we will use to build a container image locally.
Build the Container Image
Before you can store container images in Artifact Registry you will need to create one.
Run the following command to build the container image and tag it properly to push it to your repository in the next step:
docker build -t us-central1-docker.pkg.dev/$PROJECT_ID/container-dev-repo/java-hello-world:tag1 .
Push the Container Image to Artifact Registry
Run the following command to push the container image to the repository created previously:
docker push us-central1-docker.pkg.dev/$PROJECT_ID/container-dev-repo/java-hello-world:tag1
Review the image in Artifact Registry
Go to Google Cloud Console - Artifact Registry - Repositories. Click into container-dev-repo and check that the java-hello-world image is there. Click on the image and note the image tagged tag1. You can see that Vulnerability Scanning is running or already completed and the number of vulnerabilities detected is visible.
Click on the number of vulnerabilities and you will see the list of vulnerabilities detected in the image, with the CVE bulletin name and the severity, you can click VIEW on each listed vulnerability to get more details:
4. Integration with Cloud Code
In this section you will see how to use the Artifact Registry Docker image repository with Cloud Code.
Deploy the Application to GKE Cluster from Cloud Code
Run the following command, from the java-hello-world folder to open Cloud Shell Editor and add the application folder to his workspace:
cloudshell workspace .
The Cloud Shell editor will open with the explorer in the application folder.
If you get a pop-up asking to exclude Java project settings files from the workspace, click on Exclude in workspace
The following steps will require you to enter your Artifact Registry repository location. The format for the location is:
us-central1-docker.pkg.dev/<PROJECT_ID>/container-dev-repo
To find your PROJECT_ID run the following command in the terminal
gcloud config get project
Click on the Cloud Code status bar (in the lower left corner) and then select Run on Kubernetes
When prompted choose Yes to use current context in kubeconfig that points to the container-dev-cluster GKE cluster provisioned for the lab
In the prompt for the image registry put the address location you located before ensuring to substitute <PROJECT_ID> for your actual value
us-central1-docker.pkg.dev/<PROJECT_ID>/container-dev-repo
When you execute Run on Kubernetes for the first time Cloud Code prompts you for the target image repository location. Once provided, the repository url is stored in the file .vscode/launch.json which is created in the application folder.
In the output pane you see that the build starts for the application image java-hello-world, the image is uploaded to the Artifact Registry repository configured previously
Go to Cloud Console - Artifact Registry - Repositories Click into container-dev-repo and check that the java-hello-world image and note a new image tagged latest
Review the Deployed Application
Go back to Cloud Shell Editor: when deployment is complete Skaffold/Cloud Code will print the exposed url where the service have been forwarded, click on the link - Open Web Preview:
In the new browser window you will see the hello world app page
Update application code
Now update the application to see the change implemented immediately in the deployment on the cluster:
Open the HelloWorldController.java in src/main/java/cloudcode/helloworld/web folder in Cloud Shell Editor.
Change the text in row 20 from "It's running!" to ""It's updated!"", you should see the build and deployment process starting immediately.
At the end of the deploy click again on the forwarded url or refresh the browser window with the application to see your change deployed:
Again go to Cloud Console - Artifact Registry - Repositories Click into container-dev-repo and check that the java-hello-world image and note the new image
5. Working with language packages
In this section you will see how to set up an Artifact Registry Java repository and upload packages to it, leveraging them in different applications.
Create a Java package repository
From Cloud Shell run the following command to create a repository for Java artifacts:
gcloud artifacts repositories create container-dev-java-repo \
--repository-format=maven \
--location=us-central1 \
--description="Java package repository for Container Dev Workshop"
Click Authorize if the Cloud Shell authorization prompt appears
Go to Google Cloud Console - Artifact Registry - Repositories and notice your newly created Maven repository named container-dev-java-repo, if you click on it you can see that it's empty at the moment.
Set up authentication to Artifact Repository
Use the following command to update the well-known location for Application Default Credentials (ADC) with your user account credentials so that the Artifact Registry credential helper can authenticate using them when connecting with repositories:
gcloud auth login --update-adc
Configure Maven for Artifact Registry
Run the following command to print the repository configuration to add to your Java project:
gcloud artifacts print-settings mvn \
--repository=container-dev-java-repo \
--location=us-central1
Open the pom.xml in Cloud Shell Editor and add the returned settings to the appropriate sections in the file,
Update the distributionManagement section
<distributionManagement>
<snapshotRepository>
<id>artifact-registry</id>
<url>artifactregistry://us-central1-maven.pkg.dev/<PROJECT>/container-dev-java-repo</url>
</snapshotRepository>
<repository>
<id>artifact-registry</id>
<url>artifactregistry://us-central1-maven.pkg.dev/<PROJECT>/container-dev-java-repo</url>
</repository>
</distributionManagement>
Update the repositories section
<repositories>
<repository>
<id>artifact-registry</id>
<url>artifactregistry://us-central1-maven.pkg.dev/<PROJECT>/container-dev-java-repo</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
Update the extensions
<extensions>
<extension>
<groupId>com.google.cloud.artifactregistry</groupId>
<artifactId>artifactregistry-maven-wagon</artifactId>
<version>2.1.0</version>
</extension>
</extensions>
Here's an example of the complete file for your reference. Ensure to replace <PROJECT> with your project id.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>hello-world</artifactId>
<packaging>jar</packaging>
<name>Cloud Code Hello World</name>
<description>Getting started with Cloud Code</description>
<version>1.0.0</version>
<distributionManagement>
<snapshotRepository>
<id>artifact-registry</id>
<url>artifactregistry://us-central1-maven.pkg.dev/<PROJECT>/container-dev-java-repo</url>
</snapshotRepository>
<repository>
<id>artifact-registry</id>
<url>artifactregistry://us-central1-maven.pkg.dev/<PROJECT>/container-dev-java-repo</url>
</repository>
</distributionManagement>
<repositories>
<repository>
<id>artifact-registry</id>
<url>artifactregistry://us-central1-maven.pkg.dev/<PROJECT>/container-dev-java-repo</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.3</version>
</parent>
<properties>
<java.version>1.8</java.version>
<checkstyle.config.location>./checkstyle.xml</checkstyle.config.location>
</properties>
<build>
<plugins>
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<version>3.2.0</version>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.2</version>
</plugin>
</plugins>
<extensions>
<extension>
<groupId>com.google.cloud.artifactregistry</groupId>
<artifactId>artifactregistry-maven-wagon</artifactId>
<version>2.1.0</version>
</extension>
</extensions>
</build>
<!-- The Spring Cloud GCP BOM will manage spring-cloud-gcp version numbers for you. -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-gcp-dependencies</artifactId>
<version>1.2.8.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-logging</artifactId>
</dependency>
</dependencies>
</project>
Upload your Java package to Artifact Registry
With Artifact Registry configured in Maven, you can now use Artifact Registry to store Java Jars for use by other projects in your organization.
Run the following command to upload your Java package to Artifact Registry:
mvn deploy
Check the Java package in Artifact Registry
Go to Cloud Console - Artifact Registry - Repositories Click into container-dev-java-repo and check that the hello-world binary artifact is there:
6. Congratulations!
Congratulations, you finished the codelab!
What you've covered
- Created Repositories for Containers and Language Packages
- Managed container images with Artifact Registry
- Integrated Artifact Registry with Cloud Code
- Configured Maven to use Artifact Registry for Java Dependencies
Cleanup
Run the following command to delete the project
gcloud projects delete $PROJECT_ID