Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tonglil/auth-gcloud

Activate the service account for gcloud using a GCP service account JSON credential
https://github.com/tonglil/auth-gcloud

drone drone-plugin gcloud gcloud-sdk gcp google-cloud google-cloud-platform

Last synced: 9 days ago
JSON representation

Activate the service account for gcloud using a GCP service account JSON credential

Host: GitHub
URL: https://github.com/tonglil/auth-gcloud
Owner: tonglil
Created: 2017-09-18T20:49:03.000Z (about 7 years ago)
Default Branch: main
Last Pushed: 2024-05-29T02:39:24.000Z (6 months ago)
Last Synced: 2024-05-29T16:07:41.323Z (6 months ago)
Topics: drone, drone-plugin, gcloud, gcloud-sdk, gcp, google-cloud, google-cloud-platform
Language: Shell
Homepage: https://hub.docker.com/r/tonglil/auth-gcloud/
Size: 42 KB
Stars: 4
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# auth-gcloud

Activate the service account for gcloud using a GCP service account JSON credential.

Also see https://github.com/tonglil/auth-gke/.

## Usage

```sh
docker run \
-e TOKEN="$(cat service-account.json)" \
tonglil/auth-gcloud
```

## Example

### Drone 1+

```yml
steps:
- name: gcp-actions
image: tonglil/auth-gcloud
environment:
TOKEN:
from_secret: google_credentials
commands:
- auth-gcloud
- gcloud ...
```

### Drone 0.5+

Expand

```yml
pipeline:
gcp-actions:
image: tonglil/auth-gcloud
commands:
- auth-gcloud
- gcloud ...
secrets: [google_credentials]
```

### Drone 0.4

Expand

```yml
build:
image: google/cloud-sdk
environment:
TOKEN_B64: $$GOOGLE_CREDENTIALS_B64
GOOGLE_APPLICATION_CREDENTIALS: /tmp/gcloud.json
commands:
# Pass base 64 encoded credential and decode for gcloud login
- echo $TOKEN_B64 | base64 -d > $GOOGLE_APPLICATION_CREDENTIALS
- gcloud auth activate-service-account --key-file "$GOOGLE_APPLICATION_CREDENTIALS"
- gcloud ...
```

## Releasing

Use the base image's `gcloud` version number as the tag:

```
make pull
make version
```

## Common uses

Cleanup GCR:

```yml
- name: gcr-cleanup
image: tonglil/auth-gcloud:alpine
environment:
REGISTRY: us.gcr.io
REPO: project/image
TOKEN:
from_secret: google_credentials
commands:
- auth-gcloud
# delete untagged images
- gcloud container images list-tags "$REGISTRY/$REPO" --filter='-tags:*' --format='get(digest)' --limit=unlimited | xargs -I {arg} gcloud container images delete "$REGISTRY/$REPO@{arg}" --quiet
# only keep most recent 50 images
- gcloud container images list-tags "$REGISTRY/$REPO" --format='get(digest)' --limit=unlimited | tail -n +51 | xargs -I {arg} gcloud container images delete "$REGISTRY/$REPO@{arg}" --quiet --force-delete-tags
```

Tag an existing GCR image on release:

```yml
- name: gcr-tag
image: tonglil/auth-gcloud:alpine
environment:
REGISTRY: us.gcr.io
REPO: project/image
TOKEN:
from_secret: google_credentials
commands:
- auth-gcloud
- gcloud container images add-tag "$REGISTRY/$REPO:${DRONE_COMMIT}" "$REGISTRY/$REPO:${DRONE_TAG}" "$REGISTRY/$REPO:stable" --quiet
when:
event: tag
```

Copy an existing GCR image on release:

```yml
- name: gcr-tag
image: tonglil/auth-gcloud:alpine
environment:
SRC_REGISTRY: us.gcr.io
SRC_REPO: project/image1
DST_REGISTRY: us.gcr.io
DST_REPO: project/image2
TOKEN:
from_secret: google_credentials
commands:
- auth-gcloud
# it is possible to tag/copy to multiple destinations
- gcloud container images add-tag "$SRC_REGISTRY/$SRC_REPO:${DRONE_COMMIT}" "$DST_REGISTRY/$DST_REPO:${DRONE_TAG}" --quiet
when:
event: tag
```