Pushing Docker Images to Google Container Registry (GCR)#
Semaphore includes the gcloud
command for authenticating to the
various Google Container Registry endpoints. You'll need to create a
service account with access to Cloud Storage with an authentication key
to set this up. Download the service account's authentication key to
your computer. Assume it's in key.json
. The key.json
is used to
authenticate to the service account which is used to authenticate to
the registries.
Create the Secret#
Assuming that your Google Cloud credentials are stored on your computer in
/home/<username>/.secrets/gcp.json
use the following command to create a
secret on Semaphore:
sem create secret GCP \
-f /home/<username>/.secrets/gcp.json:.secrets/gcp.json
Now add the secret to your pipeline and authenticate.
Configure the Pipeline#
.semaphore/semaphore.yml
version: "v1.0"
name: First pipeline example
agent:
machine:
type: e1-standard-2
os_image: ubuntu1804
blocks:
- name: "Push Image"
task:
secrets:
- name: GCP
prologue:
commands:
# Authenticate using the file injected from the secret
- gcloud auth activate-service-account --key-file=.secrets/gcp.json
# Don't forget -q to silence confirmation prompts
- gcloud auth configure-docker -q
- checkout
jobs:
- name: Docker build
commands:
# Replace with your GCP Project ID
- docker build -t "asia.gcr.io/YOUR_GCP_PROJECT_ID/semaphore-example:${SEMAPHORE_GIT_SHA:0:7}" .
- docker push "asia.gcr.io/GCP_PROJECT_ID/semaphore-example:${SEMAPHORE_GIT_SHA:0:7}"