Pushing Docker Images to Google Container Registry (GCR)#

Pushing images to your GCR is straightforward.

Semaphore includes the gcloud command for authenticating to the various Google Container Registry endpoints. You'll need to create a service account with access to Cloud Storage and an authentication key to set this up. Download the service account's authentication key to your computer. You can find it in key.json. key.json is used to authenticate to the service account, which is used to authenticate the registries.

Creating a Secret#

Assuming that your Google Cloud credentials are stored on your computer in /home/<username>/.secrets/gcp.json, you can use the following command to create a secret on Semaphore:

sem create secret GCP \
  -f /home/<username>/.secrets/gcp.json:.secrets/gcp.json

Now add the secret to your pipeline and authenticate.

Configuring the Pipeline#

.semaphore/semaphore.yml
version: "v1.0"
name: First pipeline example
agent:
  machine:
    type: e1-standard-2
    os_image: ubuntu2004

blocks:
  - name: "Push Image"
    task:
      secrets:
        - name: GCP
      prologue:
        commands:
          # Authenticate using the file injected from the secret
          - gcloud auth activate-service-account --key-file=.secrets/gcp.json
          # Don't forget -q to silence confirmation prompts
          - gcloud auth configure-docker -q
          - checkout
      jobs:
        - name: Docker build
          commands:
            # Replace with your GCP Project ID
            - docker build -t "asia.gcr.io/YOUR_GCP_PROJECT_ID/semaphore-example:${SEMAPHORE_GIT_SHA:0:7}" .
            - docker push "asia.gcr.io/GCP_PROJECT_ID/semaphore-example:${SEMAPHORE_GIT_SHA:0:7}"