我想通过Github操作使用CICD在Docker容器中部署我的DBT/Bigquery项目。我很难将GCP凭据放入容器中。我将凭据放入Github secret中,因为显然我无法将凭据文件放入Github中。我如何将Github secret作为参数传递给keyfile.json,以便将其复制到容器中?
我的停靠文件:
FROM fishtownanalytics/dbt:0.21.0
ARG RUN_TARGET=foo
RUN groupadd --gid 50000 docker && \
useradd --home-dir /home/docker --create-home --uid 50000 --gid 50000 --skel /dev/null docker
USER docker
RUN mkdir /home/docker/.dbt
# Ordering is least to most frequently touched folder/file
COPY profiles.yml /home/docker/.dbt/profiles.yml
COPY keyfile.json /home/docker/keyfile.json
COPY macros /home/docker/macros
COPY dbt_project.yml /home/docker/dbt_project.yml
COPY models /home/docker/models
WORKDIR /home/docker/
# Run dbt on container startup.
CMD ["run"]
我的github/workflows/main.yml文件看起来如下所示:
name: Build and Deploy to dbt project
on: push
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: dotenv-load
id: dotenv
uses: falti/dotenv-action@v0.2.7
- name: Set up Python 3.9
uses: actions/setup-python@v2
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Configure Docker
run: gcloud auth configure-docker -q
- name: Build and push Docker
uses: mr-smithers-excellent/docker-build-push@v5
with:
image: repo/image
tags: v1, latest
registry: eu.gcr.io
username: _json_key
password: ${{ secrets.GCP_SA_KEY }}
这会在生成时产生以下错误:
COPY failed: file not found in build context or excluded by .dockerignore: stat keyfile.json: file does not exist
我尝试过将github secret作为build-args传递,但没有成功。
或者,将凭据放在容器中确实是一种不好的做法,我应该用不同的方法来处理它吗?
3条答案
按热度按时间2hh7jdfx1#
后续的
gcloud
命令在下面的步骤之后对我有效。尝试在您的结帐步骤之后立即添加它。72qzrwbm2#
我最终使用宣誓方法进行身份验证:
wtlkbnrh3#
您也可以使用base64编码的JSON字符串,我认为这是将JSON对象传递到GithubActions的首选方法,然后在您的Dockerfile中解码该字符串。
在一篇博客文章here中解释了这一点。