我正在尝试使用circleci将示例应用程序部署到使用Google cloudrun的gke。我在Google云端中创建了一个集群,并希望构建映像并将其部署到容器中。如果我手动进行,它会完美工作。但是我希望构建一个自动化的CI / CD管道,并因此使用CircleCI来完成它。
暂时跳过测试和代码覆盖部分,我想建立用于gke部署的管道
这里是circleci的config.yaml文件。我正在尝试使用已提供的认证球,因为从头开始创建一个需要更长的时间
version: 2.1
orbs:
gcp-gcr: circleci/[email protected]
cloudrun: circleci/[email protected]
executors:
node-executor:
docker:
- image: node:12.8.1-stretch
gcloud-executor:
docker:
- image: google/cloud-sdk
machine-executor:
machine: true
jobs:
build:
description: initial build
executor: machine-executor
steps:
- checkout
build_push_image_cloud_run_mangaged:
executor: node-executor
steps:
- checkout
- setup_remote_docker:
docker_layer_caching: false
- run:
name: Prepare env vars
command: |
echo 'export PATH=~$PATH:~/.local/bin' >> $BASH_ENV
echo 'export GOOGLE_PROJECT_ID=$GCLOUD_PROJECT' >> $BASH_ENV
echo 'export GOOGLE_COMPUTE_ZONE=us-east1-b' >> BASH_ENV
echo ${GCP_PROJECT_KEY} > ${HOME}/gcloud-service-key.json
echo 'export GOOGLE_CLOUD_KEYS=$(cat $HOME/gcloud-service-key.json)' >> $BASH_ENV
echo 'export TAG=${CIRCLE_SHA1}' >> $BASH_ENV
echo 'export IMAGE_NAME=$CIRCLE_PROJECT_REPONAME' >> $BASH_ENV && source $BASH_ENV
- gcp-gcr/gcr-auth:
gcloud-service-key: GOOGLE_CLOUD_KEYS # this is throwing error
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- gcp-gcr/build-image:
dockerfile: Dockerfile
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- gcp-gcr/push-image:
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- cloudrun/init:
gcloud-service-key: GCLOUD_SERVICE_KEY
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- cloudrun/deploy:
cluster: "new-cluster"
cluster-location: "us-east1-b"
platform: "gke"
image: "gcr.io/$GOOGLE_PROJECT_ID/$IMAGE_NAME"
service-name: "orb-gcp-cloud-run"
workflows:
build_gcloud_deploy:
jobs:
- build
- build_push_image_cloud_run_mangaged:
requires:
- build
我在项目设置中设置了环境变量,其中GCLOUD_SERVICE_KEY和GCP_PROJECT_KEY都具有我的服务帐户json文件的编码版本。我也分别设置了GOOGLE_PROJECT_ID和GOOGLE_COMPUTE_ZONE环境值。现在,当我触发构建进行检查(将Webhook配置为执行一次成功的签入-稍后将进行修改以成功合并)时,它总是在以下步骤中出错:Initialize gcloud
#!/bin/bash -eo pipefail
# Store service account
echo $GOOGLE_CLOUD_KEYS > ${HOME}/gcloud-service-key.json
# Initialize gcloud CLI
gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json
gcloud --quiet config set project $GOOGLE_PROJECT_ID
gcloud --quiet config set compute/zone $GOOGLE_COMPUTE_ZONE
ERROR: (gcloud.auth.activate-service-account) Could not read json file /root/gcloud-service-key.json: No JSON object could be decoded
Exited with code exit status 1
CircleCI received exit code 1
[我尝试使用我在circleci步骤中在gcloud-service-key.json变量中设置的GOOGLE_CLOUD_KEYS env变量,但这也会导致相同的错误。我还尝试指定一个具有json文件实际值(未解码)的env变量,但也会导致相同的错误。如您所见,我使用了orb:gcp-gcr:circleci/[email protected]。您能否让我知道导致错误的原因以及如何纠正它?
编辑:
正如Ahmet正确指出的那样,这是文件不包含数据的问题。我进行了更改,以便为项目创建一个环境变量GCLOUD_SERVICE_KEY并直接对其进行编码而不进行编码(这不是推荐的方法,因为最好对其进行编码然后存储密钥)。
正如@ AhmetB-Google指出的那样,问题在于服务密钥未正确加载到环境变量中。所以我做了这样的改变。始终建议对它进行编码并将其添加到环境变量中。因此,在项目设置中,我有一个名为-GCLOUD_SERVICE_KEY的密钥,这是我的circleci配置
version: 2.1
orbs:
gcp-gcr: circleci/[email protected]
cloudrun: circleci/[email protected]
gcp-gke: circleci/[email protected]
executors:
gcloud-executor:
docker:
- image: google/cloud-sdk
machine-executor:
machine: true
jobs:
build:
description: initial build - Can make use of test coverage and tests
executor: machine-executor
steps:
- checkout
- run:
name: Test the source
command: |
echo "test"
- run:
name: Coverage report
command: |
echo "npm coverage"
build_push_image_gcr:
description: Build docker image and push to gcr registry
executor: machine-executor
steps:
- checkout
- run:
name: Prepare env vars
command: |
echo $GCLOUD_SERVICE_KEY > base64 --decode --ignore-garbage > ${HOME}/gcloud-service-key.json
echo $GCP_PROJECT_KEY > ./gcloud-service-key.json
cat ./gcloud-service-key.json
cat ${HOME}/gcloud-service-key.json
export $GCP_SERVICE_KEY=cat(${HOME}/gcloud-service-key.json)
pwd
- gcp-gcr/gcr-auth:
gcloud-service-key: GCLOUD_SERVICE_KEY
google-project-id: GOOGLE_PROJECT_ID
google-compute-zone: GOOGLE_COMPUTE_ZONE
- gcp-gcr/build-image:
dockerfile: Dockerfile
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
- gcp-gcr/push-image:
google-project-id: GOOGLE_PROJECT_ID
image: $IMAGE_NAME
registry-url: "gcr.io"
tag: $CIRCLE_SHA1
gcp_cloudrun_deploy:
description: Deploy using cloud run
executor: machine-executor
steps:
- cloudrun/init
- cloudrun/deploy:
cluster: 'new-cluster'
cluster-location: us-east1-b
platform: 'gke'
image: 'gcr.io/$GOOGLE_PROJECT_ID/$IMAGE_NAME:$CIRCLE_SHA1'
service-name: 'feedback-ui-service'
workflows:
build_gcloud_deploy:
jobs:
- build
- build_push_image_gcr:
requires:
- build
- gcp_cloudrun_deploy:
requires:
- build_push_image_gcr