-
-
Save foklepoint/2f9087375830068ec032ef326d93f423 to your computer and use it in GitHub Desktop.
| image: docker:latest | |
| # When using dind, it's wise to use the overlayfs driver for | |
| # improved performance. | |
| variables: | |
| DOCKER_DRIVER: overlay | |
| GCP_PROJECT_ID: CHANGE-TO-GCP-PROJECT-ID | |
| IMAGE_NAME: image_id | |
| services: | |
| - docker:dind | |
| stages: | |
| - publish | |
| publish-image: | |
| stage: publish | |
| script: | |
| # Install CA certs, openssl to https downloads, python for gcloud sdk | |
| - apk add --update make ca-certificates openssl python | |
| - update-ca-certificates | |
| # Write our GCP service account private key into a file | |
| - echo $GCLOUD_SERVICE_KEY | base64 -d > ${HOME}/gcloud-service-key.json | |
| # Download and install Google Cloud SDK | |
| - wget https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz | |
| - tar zxvf google-cloud-sdk.tar.gz && ./google-cloud-sdk/install.sh --usage-reporting=false --path-update=true | |
| - google-cloud-sdk/bin/gcloud --quiet components update | |
| - google-cloud-sdk/bin/gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json | |
| # Create our image. Expected to create an image 'image_id' | |
| - make-my-image | |
| # Tag our image for container registry | |
| - docker tag $IMAGE_NAME gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME | |
| # Optionally tag the image with the commit short-sha | |
| - docker tag $IMAGE_NAME gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-8) | |
| - google-cloud-sdk/bin/gcloud docker -- push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:latest | |
| - google-cloud-sdk/bin/gcloud docker -- push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:$(echo $CI_COMMIT_SHA | cut -c1-8) | |
| # Only run builds for these refs | |
| only: | |
| - master |
Why not simply
- docker login -u _json_key -p "$GCLOUD_SERVICE_KEY" https://gcr.io
- docker push gcr.io/$GCP_PROJECT_ID/$IMAGE_NAME:latest
?
Docs: https://cloud.google.com/container-registry/docs/advanced-authentication#json_key_file
If you give proper role to your service account https://cloud.google.com/container-registry/docs/access-control#permissions_and_roles you can pull and push images
ps. take care of registry name, mine is eu.gcr.io, not gcr.io
I agree with @vladkras . This way is much simpler and works.
@vladkras's approach works really, really well. BTW, it's jamming in a whole JSON file, newlines and all, into the password field. 👌
$ apk add --update make ca-certificates openssl python
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
python (no such package):
required by: world[python]
Cleaning up file based variables
00:00
ERROR: Job failed: exit code 1
Thx too! =)