Google Cloud Build

The following sections describe the tasks you need to complete to set up a CI/CD process for a Python project with Google Cloud Build, the ActiveState Platform, and GitHub.

Gathering environment variable settings

Before you begin:

  • You need an ActiveState Platform account. If you do not currently have an account you can sign up for free at:
  • You need to have the State Tool installed on your computer, and authorized with the Platform using the state auth command, in order to run the command to retrieve the API key, and to access your private.key file if you are using secrets.

The State Tool will use the following environment variables if they are defined:

  • ACTIVESTATE_API_KEY: This API key is used to authenticate the State Tool with the ActiveState Platform, as required, to download language projects, update packages, etc. If you use ActiveState Platform secrets in your build process or scripts run by the build process, you must also configure the ACTIVESTATE_PRIVATE_KEY.
  • ACTIVESTATE_PRIVATE_KEY: Optional. The private key to use for decrypting secrets.

Obtaining your API Key

You can obtain an API key by opening a command prompt and running the following State Tool command:

state export new-api-key APIKeyForCI

Example response:

Note that this key is not stored by ActiveState. Please store the value for later use as you cannot retrieve it again.

In this example, you would copy the token value on the second line to use as the ACTIVESTATE_API_KEY environment variable in your CI/CD application.

Obtaining your Private Key

You can find the private key value at <configdir>/activestate/cli-release/private.key.

The configdir varies per platform, but in most cases will be at one of:

  • Windows: %HOME%\AppData\Roaming\activestate\cli-release\
  • Linux: ~/config/activestate/cli-release/
  • macOS: ~/Library/Application\ Support/activestate/cli-release/

The private key environment variable expects the contents of the private.key file, not the filepath.

Google Cloud account and project setup

You need to ensure that you have the required API services enabled for your Google Cloud account, add billing information for your account if it is currently a free account, and create or choose a Google Cloud project to use for your Google Cloud Build.

Secret Manager

You need to enable Secret Manager to store your ActiveState Platform API Key, and private key if you plan to use State Tool secrets.

  1. Log in to and choose the project you will use for Google Cloud Build.
  2. At the top center of the page, search for “Secret Manager”.
  3. If necessary, click Enable to enable the service for your account.
  4. Click Create Secret.
  5. In the Name text box, enter ACTIVESTATE_API_KEY.
  6. In the Secret Value text box, enter your ActiveState Platform API key.
  7. Click the link for the new secret in the main Secret Manager page to view the details page.
  8. Click Add Member in the Permissions tab on the right side of the screen. Click Show Info Panel if the Permissions tab is not displayed.
  9. Add the cloud build service account for your Google Cloud project in the format <project_id>, and add the Secret Manager Secret Accessor permission for the account. The required project ID is displayed on the secret details page.
  10. Optional. Repeat the process to add your ACTIVESTATE_PRIVATE_KEY. You can either click the Browse button and upload the file, or copy and paste the entire contents of the file into the Secret Value text box.

For information on the required values, see Obtaining your API key and, if applicable, Configuring your private key.

IMPORTANT: The ACTIVESTATE_API_KEY is used to authenticate the State Tool automatically whenever required by the CI/CD build steps.

Google Cloud Build Secrets

Google Cloud Build Secrets

Cloud Build API

You need to enable Cloud Build before you can start using it.

  1. Log in to and choose the project you will use for Google Cloud Build.
  2. At the top center of the page, search for “Cloud Build”.
  3. If necessary, click Enable to enable the Cloud Build API for your account. We will come back to this page when we create a build trigger

ActiveState Platform project setup

You can use either the Dashboard or the State Tool to create a new project and add the language, platforms, and packages your project requires. Set up your project by:

Configure activestate.yaml

After you create an ActiveState project, complete the following steps to activate your project and add the configuration file to your code repository, so that the CI/CD has access to it.

  1. Open your command prompt and navigate to the top level folder where you want to create your ActiveState Platform project.
  2. Enter state activate <owner/project_name>. For example: state activate acmetech/python-3-6-6.
  3. Copy the activestate.yaml configuration file to the root directory of your code repository.
  4. Edit the activestate.yaml to add any scripts, variables, or secrets you want CI/CD to run or have access to.
  5. Add activestate.yaml to the repository and check in your changes.

Google Cloud Build setup

Set up a Cloud Build trigger

  1. Log in to and choose the project you will use for Google Cloud Build.
  2. At the top center of the page, search for “Trigger”.
  3. On the Triggers page, click Connect Repository to connect your GitHub repository.
  4. In Select Your Source, select GitHub (Cloud Build GitHub App) and click Continue. When prompted, provide authorization for Google Cloud Build, and then follow the steps to complete the installation of the Google Cloud build app on GitHub. Once you’re done, you’ll be returned to the repository selection on Google Cloud.
  5. Select the GitHub repositories to connect to Google Cloud Build and click Connect Repository.
  6. Click Create Push Trigger. TIP: You can click the Run Trigger button on this page and select a branch to trigger builds manually.

Configure the State Cloud Builder

You need to deploy the State Cloud Builder in order to make it available to the project. It creates a Docker container configured with the State Tool that is used by Google Cloud Build.

  1. Log in to and choose the project you will use for Google Cloud Build.
  2. Click Activate Cloud Shell in the top right toolbar.
  3. Enter the following command in Cloud Shell to clone the cloud-builders-community repository: git clone
  4. Navigate to the state subdirectory in the cloned repository: cd cloud-builders-community/state
  5. Run the following command to submit the builder into your Google Cloud project: gcloud builds submit . --config=cloudbuild.yaml

Configure a build pipeline

  1. Create a file named cloudbuild.yaml in the root directory of your GitHub repository. This file lists the commands for the build steps to run each time the Cloud Build trigger runs.
  2. Add the build steps to your cloudbuild.yaml file and then add cloudbuild.yaml to your repository and push your changes to GitHub.

For example, this configuration file authenticates the State Tool, deploys the State Tool, and runs the pytest tests defined for the project. The first step identifies the ActiveState Platform project to deploy for use by Google Cloud Build. The third and subsequent steps will be specific to your project.

  - name:$PROJECT_ID/state
    args: ['state', 'deploy', 'ActiveState/ActivePython-3.6', '--path', '/workspace/.state']
  - name:$PROJECT_ID/state
    args: ['pytest']

If you have successfully configured your ActiveState Platform project, GitHub repository, and Google Cloud Build, you will see a job start and complete successfully each time new code changes are pushed to the repository.