I need to build go project using google Ko after checking out from git and then push the image to private artifactory which takes credentials. How to define the steps for the above in cloudbuild.yaml? Steps where it takes Source path and also where it takes private repository path. How to give the credentials of artifactory through script?
Asked
Active
Viewed 370 times
1
Harsh Manvar
- 27,020
- 6
- 48
- 102
Sneha
- 233
- 2
- 13
-
Right now, When I mention google ko image in my cloudbuild.yaml I get error: gcr.io/distroless/static:nonroot gives me error: "gcr.io/distroless/static:nonroot" failed: starting step container failed: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown Any help would be appreciated! – Sneha Sep 23 '22 at 09:53
1 Answers
1
Error you are getting is due the failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "bash"
By default, the ko command uses a secure and lean base image from the Distroless collection of images (the gcr.io/distroless/static:nonroot image), which doesn’t contain a shell or other executables in order to reduce the attack surface of the container.
You can first create the Ko docker image and we will use this docker image as the base iamge to Cloudbuild. We will push and save the Ko docker image to GCR
Github : https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/ko
There is cloudbuild.yaml to build image on cloudbuild or you also run docker build -t locally to build docker
Once docker image is built and pushed to the GCR we can write the cloudbuild.yaml to build the application
Try this Cloudbuild.yaml for example
steps:
- name: gcr.io/$PROJECT_ID/ko
entrypoint: /bin/sh
env:
- 'KO_DOCKER_REPO=gcr.io/$PROJECT_ID'
args:
- -c
- |
echo $(/ko publish --preserve-import-paths ./cmd/ko) > ./ko_container.txt || exit 1
Harsh Manvar
- 27,020
- 6
- 48
- 102
-
Thank you so much! I will try this, but I have to push my image to private artifactory, how do I pass the credential of the artifactory through script here. – Sneha Sep 26 '22 at 06:25
-
you can set it using the env or passing the argument exploring doc will answer your question clearly. Else you can simply write the command into arg it will also work – Harsh Manvar Sep 26 '22 at 06:31
-
why cant I run ko or go from the container, after performing docker exec I can ls and see ko and go is there but cannot execute. It says command not found. How can I run ko or go? – Sneha Oct 04 '22 at 06:18
-
not sure it's been long and out of context, you can add new question with details so even other could answer to it if possible and update the status of this question if answers or helpful. – Harsh Manvar Oct 04 '22 at 07:25
-
This issue is not resolved yet. My docker image is built and pushed to private repository but when i do /ko publish ./cmd/ko I get error:failed to publish images: importpath "ko://./cmd/ko" is not supported: cannot find package "./cmd/ko" in: – Sneha Oct 04 '22 at 09:06
-
i think question was about to build with ko and pushing to private repo, if image is not running there could be issue with the dockerfile or the way you are building the image. without the Docker or what packages you are using it would be hard to help blindly. – Harsh Manvar Oct 04 '22 at 09:31
-
My question had 2 parts, 1st is solved and the second part had how to use ko image in cloudbuild.yaml. The snippet you had provided gives me issue : failed to publish images: error building "ko://prov": Get "https://gcr.io/v2/": x509: certificate signed by unknown authority. Prov director has main.go.. Also Thank you for helping me in building Ko image. – Sneha Oct 04 '22 at 11:55