问题描述
我在package.json中有一个私有Bitbucket存储库的依赖项
I have a dependency to a private Bitbucket repo in my package.json
{
"my-dependency": "git+ssh://[email protected]/something/my-dependency.git"
}
我按照[1]和[2]中的说明进行操作,并创建了一个用kms加密的SSH密钥.
I followed the instructions given in [1] and [2] and created an SSH key that I encrypted with kms.
我已经创建了一个自定义cloudbuild.yaml,如下所示:
I've created a custom cloudbuild.yaml as follows:
# Decrypt the file containing the key
steps:
- name: 'gcr.io/cloud-builders/gcloud'
args:
- kms
- decrypt
- --ciphertext-file=bitbucket_rsa.enc
- --plaintext-file=/root/.ssh/id_rsa
- --location=global
- --keyring=default
- --key=bitbucket-key
volumes:
- name: 'ssh'
path: /root/.ssh
# Set up git with key and domain
- name: 'gcr.io/cloud-builders/git'
entrypoint: 'bash'
args:
- '-c'
- |
chmod 600 /root/.ssh/id_rsa
cat <<EOF >/root/.ssh/config
Hostname bitbucket.org
IdentityFile /root/.ssh/id_rsa
EOF
mv known_hosts /root/.ssh/known_hosts
volumes:
- name: 'ssh'
path: /root/.ssh
# Install
- name: 'gcr.io/cloud-builders/yarn'
args: ['install']
volumes:
- name: 'ssh'
path: /root/.ssh
# Build
- name: "gcr.io/cloud-builders/yarn"
args: ["build"]
volumes:
- name: 'ssh'
path: /root/.ssh
# Deploy
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy", "my-service.yaml"]
volumes:
- name: 'ssh'
path: /root/.ssh
当我通过gcloud builds submit --config=cloudbuild.yaml步骤#0到#3正常运行时,但步骤#4失败了,因为app deploy触发了另一个yarn install,该yarn install无法访问步骤#0和#1:
When I run it via gcloud builds submit --config=cloudbuild.yaml steps #0 to #3 run through fine, but step #4 fails because app deploy triggers another yarn install which does not have access to the SSH key defined in steps #0 and #1:
Step #4: INFO rm_node_modules took 0 seconds
Step #4: INFO starting: yarn_install
Step #4: INFO yarn_install yarn install
Step #4: INFO `yarn_install` stdout:
Step #4: yarn install v1.9.4
Step #4: [1/5] Validating package.json...
Step #4: [2/5] Resolving packages...
Step #4: [3/5] Fetching packages...
Step #4: info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
Step #4:
Step #4: INFO `yarn_install` had stderr output:
Step #4: error Command failed.
Step #4: Exit code: 128
Step #4: Command: git
Step #4: Arguments: ls-remote --tags --heads ssh://[email protected]/something/my-dependency.git
Step #4: Directory: /workspace
Step #4: Output:
Step #4: Host key verification failed.
Step #4: fatal: Could not read from remote repository.
Step #4:
Step #4: Please make sure you have the correct access rights
Step #4: and the repository exists.
Step #4:
Step #4: ERROR error: `yarn_install` returned code: 1
Step #4: INFO yarn_install took 11 seconds
Step #4: INFO build process for FTL image took 11 seconds
Step #4: INFO full build took 11 seconds
Step #4: ERROR `yarn_install` had stderr output:
Step #4: error Command failed.
谢谢您的帮助!
参考:
[1] https://cloud.google. com/cloud-build/docs/access-private-github-repos
[2] 在以下位置链接私有存储库将应用程序中的packages.json部署到gcloud
推荐答案
显然,不可能为gcloud app deploy步骤提供SSH密钥.因此使用
So apparently it is not possible to provide an SSH key for the gcloud app deploy step. Thus using
{
"my-dependency": "git+ssh://[email protected]/something/my-dependency.git"
}
不起作用!
解决方法(如@JKleinne在链接的线程中提到的)是克隆存储库并从本地文件夹安装它:
The workaround (as mentioned by @JKleinne in the linked thread) is to clone the repo and install it from a local folder:
{
"my-dependency": "lib/my-dependency"
}
我写了一个小的bash脚本,检查是否可以访问该存储库,并克隆/拉取是否可以:
I wrote a small bash script that checks if the repo can be accessed and clones/pulls if it can:
GIT_PROJECT=$1
GIT_REPO=$2
NAME=${GIT_REPO}
REMOTE="[email protected]:${GIT_PROJECT}/${GIT_REPO}.git"
if [[ ! -d ./lib ]]
then
mkdir -p ./lib
fi
## Test if git repo is accessible
if ! git ls-remote --exit-code -h ${REMOTE}; then
echo "Unable to access git repo, skipping"
exit 0
fi
## Clone or pull
if [[ ! -d ./lib/${NAME} ]]
then
git clone ${REMOTE} ./lib/${NAME}
else
git -C ./lib/${NAME} pull
fi
然后我在预安装脚本中使用它:
I then use it in the preinstall script:
"preinstall": "./get-internal-package.sh something my-dependency",
这篇关于在package.json中使用私有git repo进行Google App Engine部署的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!