-
-
Save foklepoint/2f9087375830068ec032ef326d93f423 to your computer and use it in GitHub Desktop.
image: docker:latest | |
# When using dind, it's wise to use the overlayfs driver for | |
# improved performance. | |
variables: | |
DOCKER_DRIVER: overlay | |
GCP_PROJECT_ID: CHANGE-TO-GCP-PROJECT-ID | |
IMAGE_NAME: image_id | |
services: | |
- docker:dind | |
stages: | |
- publish | |
publish-image: | |
stage: publish | |
script: | |
# Install CA certs, openssl to https downloads, python for gcloud sdk | |
- apk add --update make ca-certificates openssl python | |
- update-ca-certificates | |
# Write our GCP service account private key into a file | |
- echo $GCLOUD_SERVICE_KEY | base64 -d > ${HOME}/gcloud-service-key.json | |
# Download and install Google Cloud SDK | |
- wget https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz | |
- tar zxvf google-cloud-sdk.tar.gz && ./google-cloud-sdk/install.sh --usage-reporting=false --path-update=true | |
- google-cloud-sdk/bin/gcloud --quiet components update | |
- google-cloud-sdk/bin/gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json | |
# Create our image. Expected to create an image 'image_id' | |
- make-my-image | |
# Tag our image for container registry | |
- docker tag $IMAGE_NAME gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME | |
# Optionally tag the image with the commit short-sha | |
- docker tag $IMAGE_NAME gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-8) | |
- google-cloud-sdk/bin/gcloud docker -- push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:latest | |
- google-cloud-sdk/bin/gcloud docker -- push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-8) | |
# Only run builds for these refs | |
only: | |
- master |
Thx too! =)
Why not simply
- docker login -u _json_key -p "$GCLOUD_SERVICE_KEY" https://gcr.io
- docker push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:latest
?
Docs: https://cloud.google.com/container-registry/docs/advanced-authentication#json_key_file
If you give proper role to your service account https://cloud.google.com/container-registry/docs/access-control#permissions_and_roles you can pull and push images
ps. take care of registry name, mine is eu.gcr.io, not gcr.io
I agree with @vladkras . This way is much simpler and works.
@vladkras's approach works really, really well. BTW, it's jamming in a whole JSON file, newlines and all, into the password field. 👌
$ apk add --update make ca-certificates openssl python
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
python (no such package):
required by: world[python]
Cleaning up file based variables
00:00
ERROR: Job failed: exit code 1
Thx.