From 9f4fd5a660d749913f9314b28f8b570d27835311 Mon Sep 17 00:00:00 2001 From: Marcin Kozlowski Date: Sun, 7 Jul 2024 16:12:13 +0200 Subject: [PATCH] Update cloudbuild.yaml Signed-off-by: Marcin Kozlowski --- cloudbuild.yaml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index b8f13a0f..436f78ce 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -1,11 +1,22 @@ steps: + + - name: 'gcr.io/cloud-builders/gcloud' + entrypoint: 'bash' + args: + - '-c' + - | + PROJECT_ID=$(gcloud config get-value project) + SERVICE_ACCOUNT_EMAIL="betterscan-service@${PROJECT_ID}.iam.gserviceaccount.com" + + gcloud iam service-accounts keys create /key.json \ + --iam-account=$SERVICE_ACCOUNT_EMAIL # Step 1: Access the service account key from Secret Manager - name: 'gcr.io/cloud-builders/gcloud' entrypoint: 'bash' args: - '-c' - | - gcloud secrets versions access latest --secret=${_SECRET_NAME} > /key.json + gcloud secrets versions access latest --secret=key > /key.json # Step 2: Authenticate Docker with your PAT - name: 'gcr.io/cloud-builders/docker' @@ -26,16 +37,7 @@ steps: args: ['buildx', 'inspect', '--bootstrap'] # Step 4: Create a key for the service account - - name: 'gcr.io/cloud-builders/gcloud' - entrypoint: 'bash' - args: - - '-c' - - | - PROJECT_ID=$(gcloud config get-value project) - SERVICE_ACCOUNT_EMAIL="betterscan-service@${PROJECT_ID}.iam.gserviceaccount.com" - - gcloud iam service-accounts keys create /key.json \ - --iam-account=$SERVICE_ACCOUNT_EMAIL + # Step 5: Save the key to a specified location (like a Cloud Storage bucket) - name: 'gcr.io/cloud-builders/gcloud' @@ -87,5 +89,6 @@ substitutions: _DOCKER_USERNAME: '' _IMAGE_NAME: 'betterscan-ce-worker-cli' _TAG: 'latest' +