Google Cloud Build Docker build-arg from file

Wang Yang Published at

Wang Yang :

I have a problem when I use Google Cloud Build. I can't pass the key into docker by cloudbuild.yaml

Google buildfile.yaml:

- name: 'gcr.io/cloud-builders/gcloud'
  args:
  - kms
  - decrypt
  - --ciphertext-file=A.enc
  - --plaintext-file=/root/.ssh/id_rsa
  - --location=global
  - --keyring=keyringxxx
  - --key=keyxxx
  volumes:
  - name: 'ssh'
    path: /root/.ssh
- name: 'gcr.io/cloud-builders/docker'
  args: [
    'build', '.',
    '-t', 'gcr.io/$PROJECT_ID/xxx:latest',
    '--build-arg', 'READ_KEY=`cat /root/.ssh/id_rsa`'
  ]
  volumes:
  - name: 'ssh'

Dockerfile:

FROM golang:1.11 AS builder

ARG READ_KEY
RUN mkdir -p ~/.ssh &&  \
    echo "$READ_KEY" > ~/.ssh/id_rsa && \
    chmod 0600 ~/.ssh/id_rsa && \
    ssh-keyscan github.com >> /root/.ssh/known_hosts && \
    git config --global url.ssh://[email protected]/XXXX.insteadOf https://github.com/XXXX

......

The above code failed. cat does not work.

ryanhos :

The GCloud Docker Builder is using the Exec form of ENTRYPOINT. Your arguments from the cloudbuild.yaml are not being passed to a shell, thus your cat will not be executed.

Why not direct KMS to write the id_rsa directly to the /workspace and do away with the ssh volume altogether?

- name: 'gcr.io/cloud-builders/gcloud'
  args:
  - kms
  - decrypt
  - --ciphertext-file=A.enc
  - --plaintext-file=/workspace/id_rsa
  - --location=global
  - --keyring=keyringxxx
  - --key=keyxxx
- name: 'gcr.io/cloud-builders/docker'
  args: [
    'build', '.',
    '-t', 'gcr.io/$PROJECT_ID/xxx:latest'
  ]

And the Dockerfile becomes:

FROM golang:1.11 AS builder

RUN mkdir -p ~/.ssh
COPY id_rsa ~/.ssh/
RUN ssh-keyscan github.com >> ~/.ssh/known_hosts && \
    chmod -R 0600 ~/.ssh/ && \
    git config --global url.ssh://[email protected]:.insteadOf https://github.com

Don't forget to mount that .gitconfig into the additional build steps. I just make it part of my CI build script, rather than requiring the extra volume.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-09-10

Comments

0 comments

Docker - Build Arg in Source File

Google Cloud Build Docker build-arg from file

Google Cloud Build Docker build-arg from file

pump.io port in URL

How to import an asset in swift using Bundle.main.path() in a react-native native module

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

Inner Loop design for webscrapping

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)

Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)

ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

How to run blender on webserver?

Resetting Value of <input type="time"> in Firefox

Converting a class method to a property with a backing field

Ambiguous use of 'init' with CFStringTransform and Swift 3

Execute ./script.sh with a crontab

How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?

How to pass data to the ng2-bs3-modal?

Retrieve Element Tag Value XML Using Bash

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

SQL Server : need add a dot before two last character

Making Array From Page Elements in jQuery

Laravel's ORM sync with timestamps doesn't update timestamps

Do animations stop css changes after animation completion?