Set up Developer Connect insights

This document describes how to set up Developer Connect insights, to make insights Developer Connect insights available to Gemini Cloud Assist investigations, and in Cloud Logging.

Learn more about Developer Connect insights.

Before you begin

If you don't already have one, sign up for a new account.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Developer Connect API.

Enable the API

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Developer Connect API.

Enable the API

Enabling Developer Connect also enables the Secret Manager API.

Create the Developer Connect service agent:
```
gcloud beta services identity create \
--service=developerconnect.googleapis.com \
--project=PROJECT_NUM
```
The role `roles/developerconnect.serviceAgent` is automatically added to this service agent.
Install the Google Cloud CLI.
If you've installed it previously, make sure you have the latest version installed by running gcloud components update
.

Required roles

If you're using an App Hub application management folder:

Developer Connect Insights Admin (roles/developerconnect.insightsAdmin) and App Hub Viewer (roles/apphub.viewer) on your user account at the folder level for app-enabled folders.
Developer Connect Service Agent role (roles/developerconnect.serviceAgent) and the Developer Connect Insights Agent role (roles/developerconnect.insightsAgent) to the Developer Connect service agent on the application management folder
- If you're using existing resources (for example from Cloud Build or Artifact Registry) that aren't in the same folder, grant the Developer Connect Insights Agent role to your Developer Connect service agent in those projects

If you're using an App Hub application in a host project:

Developer Connect Insights Admin (roles/developerconnect.insightsAdmin) and App Hub Viewer (roles/apphub.viewer) on the host project
Developer Connect Service Agent role (roles/developerconnect.serviceAgent) and the Developer Connect Insights Agent role (roles/developerconnect.insightsAgent) to the Developer Connect service agent for the host project
Developer Connect Insights Agent (roles/developerconnect.insightsAgent) on all service projects
- If you're using existing resources (for example from Cloud Build or Artifact Registry) that aren't in the same folder, grant the Developer Connect Insights Agent role to your Developer Connect service agent in those projects

Individual tools might require additional Google Cloud or non-Google roles and permissions to use, or for specific use cases. If you encounter permissions errors, check with your administrator to make sure you have the correct roles and permissions.

Besides these roles and permissions, when you configure a new insights config using the interactive workflow, you must have permission to access all the resources you specify.

Additional prerequisites

You need an App Hub application.

You can use Developer Connect insights with App Hub applications that are set up using either management folders (recommended) or host projects.
You must use Cloud Build and a supported source code management system (GitHub, GitLab, or Bitbucket).
Your build must generate provenance in order to include provenance information in the logs.

Builds that are launched using Cloud Build triggers can generate provenance, but builds run from the command line don't include provenance. You can still use Developer Connect insights without provenance, but the insights are less useful
The images generated from your build process must be stored in Artifact Registry.
Gemini Cloud Assist

Developer Connect insights enhances the Gemini Cloud Assist experience by adding application deployment events to the investigation context. You can enable Gemini Cloud Assist to use Developer Connect insights with Gemini Cloud Assist investigations.
Your App Hub applications and the insights config you create must be in the same project.

Having your other applicable resources (for example, Developer Connect insights, Google Kubernetes Engine clusters, Cloud Build, Artifact Registry repositories) in the same location is recommended but not required.

Create your application in App Hub

Set up App Hub.
Create an App Hub application.

Create the application for App Hub-enabled folders or for a host project.
Register your deployments and services to the application, for folders or for host projects.

Configure Developer Connect insights for your application

Create a Developer Connect insights insight using the following command:

gcloud developer-connect insights-configs create DCI_CONFIG_NAME \
       --project PROJECT_ID \
       --app-hub-application APP_HUB_APPLICATION_NAME \
       --location LOCATION

Where:

DCI_CONFIG_NAME is a name for the insight configuration that will be generated.
PROJECT_ID is the ID of the project in which you're creating the Developer Connect insights configuration.
APP_HUB_APPLICATION_NAME is the fully-qualified name of the App Hub application you created previously.
LOCATION is the region in which you want to create this insight configuration.

This command triggers an auto-discovery process, which finds all the App Hub workloads in your project. This process also confirms whether you have the necessary permissions.

This command also returns an OPERATION_ID, which you can use to check the status of the configuration:

You can check the status of your Developer Connect insights configuration:

gcloud developer-connect operations describe OPERATION_ID

Where OPERATION_ID is the fully-specified operation ID that was returned from the gcloud developer-connect insights-configs create command.

After the auto-discovery process has finished, you can check the status of this Developer Connect insights by running following command:

gcloud developer-connect insights-configs describe DCI_CONFIG_NAME \
       --location=REGION