Skip to content

Instantly share code, notes, and snippets.

@foklepoint
Created July 8, 2017 20:25
Show Gist options
  • Save foklepoint/2f9087375830068ec032ef326d93f423 to your computer and use it in GitHub Desktop.
Save foklepoint/2f9087375830068ec032ef326d93f423 to your computer and use it in GitHub Desktop.
Build and Push images to GCP Container Registry with Gitlab CI
image: docker:latest
# When using dind, it's wise to use the overlayfs driver for
# improved performance.
variables:
DOCKER_DRIVER: overlay
GCP_PROJECT_ID: CHANGE-TO-GCP-PROJECT-ID
IMAGE_NAME: image_id
services:
- docker:dind
stages:
- publish
publish-image:
stage: publish
script:
# Install CA certs, openssl to https downloads, python for gcloud sdk
- apk add --update make ca-certificates openssl python
- update-ca-certificates
# Write our GCP service account private key into a file
- echo $GCLOUD_SERVICE_KEY | base64 -d > ${HOME}/gcloud-service-key.json
# Download and install Google Cloud SDK
- wget https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz
- tar zxvf google-cloud-sdk.tar.gz && ./google-cloud-sdk/install.sh --usage-reporting=false --path-update=true
- google-cloud-sdk/bin/gcloud --quiet components update
- google-cloud-sdk/bin/gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json
# Create our image. Expected to create an image 'image_id'
- make-my-image
# Tag our image for container registry
- docker tag $IMAGE_NAME gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME
# Optionally tag the image with the commit short-sha
- docker tag $IMAGE_NAME gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-8)
- google-cloud-sdk/bin/gcloud docker -- push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:latest
- google-cloud-sdk/bin/gcloud docker -- push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-8)
# Only run builds for these refs
only:
- master
@RedShift1
Copy link

Thx.

@alissonperez
Copy link

Thx too! =)

@vladkras
Copy link

vladkras commented Jun 25, 2018

Why not simply

 - docker login -u _json_key -p "$GCLOUD_SERVICE_KEY" https://gcr.io
 - docker push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:latest

?

Docs: https://cloud.google.com/container-registry/docs/advanced-authentication#json_key_file
If you give proper role to your service account https://cloud.google.com/container-registry/docs/access-control#permissions_and_roles you can pull and push images

ps. take care of registry name, mine is eu.gcr.io, not gcr.io

@Selvatico
Copy link

I agree with @vladkras . This way is much simpler and works.

@nelsonjchen
Copy link

@vladkras's approach works really, really well. BTW, it's jamming in a whole JSON file, newlines and all, into the password field. 👌

@girishaiocdawacs
Copy link

$ apk add --update make ca-certificates openssl python
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
python (no such package):
required by: world[python]
Cleaning up file based variables
00:00
ERROR: Job failed: exit code 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment