0

im trying to use Drone ci for automaticaly deploy my app on Google cloud Compute Engine. Im tried in a lot of ways, but i cant deploy anything.

I have the test and publish stages running fine, i can push autimaticaly my code to my google container registry, drone build the image and push it.

I auth to my compute engine instance, i'm stuck trying to get the machine connected to the google container registry, but I can not manage to run the built images. This is the last step that I lack, and I can not do it.

This is my .drone-ci.yml file with the steps:

kind: pipeline
name: my-app

steps:
  - name: test
    image: node:11-alpine
    commands:
      - npm install
      - npm run test

  - name: publish
    image: plugins/gcr
    settings:
      repo: project-id/my-app
      dockerfile: Dockerfile
      tags: latest
      json_key:
        from_secret: google_credentials

  - name: deploy
    image: google/cloud-sdk:alpine
    environment:
      google_credentials:
        from_secret: google_credentials
    commands:
      - echo $google_credentials > /tmp/$CI_PIPELINE_ID.json
      - gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
      - gcloud compute ssh my-instance --zone my-zone --command "cat $google_credentials | sudo docker login -u _json_key --password-stdin https://gcr.io"
      - gcloud compute ssh my-instance --zone us-east1-b --command "sudo docker run -d -p 80:3000 --restart always --env-file ./env.list gcr.io/project-id/my-app:latest"

it throw this error (is the last error):

cat: '{': No such file or directory
bash: line 1: type:: command not found
bash: line 2: project_id:: command not found
bash: line 3: private_key_id:: command not found
bash: line 4: private_key:: command not found
bash: line 5: client_email:: command not found
bash: line 6: client_id:: command not found
bash: line 7: auth_uri:: command not found
bash: line 8: token_uri:: command not found
bash: line 9: auth_provider_x509_cert_url:: command not found
bash: line 10: client_x509_cert_url:: command not found
bash: -c: line 11: syntax error near unexpected token `}'
bash: -c: line 11: `} | sudo docker login -u _json_key --password-stdin 
https://gcr.io'

i tried in other ways, but i never auth successfully to google container registry. How can i do auth the docker deamon from the instance?

kmilo93sd
  • 791
  • 1
  • 15
  • 35

1 Answers1

0

The faulty command here is :

cat $google_credentials | sudo docker login -u _json_key --password-stdin https://gcr.io

Your variable $google_credentials holds the contents of the JSON key : it does not hold the path to a file, so cat $google_credentials has no sense. Since the file /tmp/$CI_PIPELINE_ID.json contains your JSON key, you should have written :

cat /tmp/$CI_PIPELINE_ID.json | \
    sudo docker login -u _json_key --password-stdin https://gcr.io

Or (not tested so use it carefully) :

echo $google_credentials | \
    sudo docker login -u _json_key --password-stdin https://gcr.io

A third solution (I am sure this works because I have already used it to authenticate) is :

docker login -u _json_key -p "$(cat /tmp/$CI_PIPELINE_ID.json)" https://gcr.io
norbjd
  • 10,166
  • 4
  • 45
  • 80
  • hi, thanks for the answer, im trying with the third solution. How can i use these command into the --command quotes? gcloud cli use --command "your command here" for execute commands through ssh. This looks like: --command "sudo docker login -u _json_key -p "$(cat /tmp/$CI_PIPELINE_ID.json)" https://gcr.io" – kmilo93sd Jul 07 '19 at 16:32
  • Since `/tmp/$CI_PIPELINE_ID.json` does not exist on the remote instance, I think you should go for the 2nd solution. Could you try : `gcloud compute ssh my-instance --zone my-zone --command "echo \"$(echo $google_credentials)\" | sudo docker login -u _json_key --password-stdin https://gcr.io"`? `$(echo $google_credentials)` should be interpreted on the host, not on the remote machine, so it should work. If it works, I'll update the answer. – norbjd Jul 08 '19 at 13:31