3

I am working on a project in which we maintain a Gitlab Repository for all updates in code.
And I have created a Cloud Build Trigger to connect to Gitlab Repository using Webhook URL by referencing the source- https://cloud.google.com/build/docs/automating-builds/build-repos-from-gitlab#console.

Generated an SSH Key & added the public key to Gitlab Account.
Stored SSH Key in Secret Manager & then created a Cloud Build Trigger using Webhook URL.

steps:
# first, setup SSH:

# 1- save the SSH key from Secret Manager to a file
# 2- add the host key to the known_hosts file
- name: gcr.io/cloud-builders/git
  args:
    - '-c'
    - |
      echo "$$SSHKEY" > /root/.ssh/id_rsa
      chmod 400 /root/.ssh/id_rsa
      ssh-keyscan gitlab.com > /root/.ssh/known_hosts
  entrypoint: bash
  secretEnv:
    - SSHKEY
  volumes:
    - name: ssh
      path: /root/.ssh
# second, clone the repository
- name: gcr.io/cloud-builders/git
  args:
    - clone
    - '-n'
    - 'git@gitlab.com/GITLAB_REPO'
    - .
  volumes:
    - name: ssh
      path: /root/.ssh
# third, checkout the specific commit that invoked this build
- name: gcr.io/cloud-builders/git
  args:
    - checkout
    - $_TO_SHA
availableSecrets:
  secretManager:
  - versionName: PATH_TO_SECRET_VERSION
    env: SSHKEY

This is the sample code for the YAML Config file for Cloud Build Trigger, I have added another step to create a Docker Image in Container Registry using the Dockerfile available on Gitlab Repo. But the Trigger is unable to build.
I have noticed another point in my Google Cloud Console that there is no id_rsa file under the .ssh directory. After generating the ssh key also there is no id_rsa file. But the above sample code which I got from a source shared above defines the id_rsa file for saving it to a file.
I tried to change that path to my ssh key private file stored in the .ssh directory. But that too didn't help. I am in a dilemma on connecting to Gitlab Repo using this source documentation. I have provided the required Gitlab Repository Path & the Path to Secret Managers Secret which stores the ssh key to connect to Gitlab Repo.

Any Suggestions will be helpful.
Thank you

Shubham Singh Rana
  • 31
  • 1
  • The link describes generating an ssh keypair specifically for the purpose of allowing GCP Cloud Build to connect to Gitlab. You can generate the keypair locally and upload the public to Gitlab and store the private in GCP secrets manager. You shouldn't need a Google Cloud Console machine for that bit. Just try and get the provided three step YAML config working before adding your Docker stuff - if the webhook is working, the three steps will successfully clone your gitlab repo and checkout the right SHA. Can you supply your actual YAML config so we can see what's missing? – zeroid Jun 24 '22 at 09:05

0 Answers0