GITHUB ACTION GCP服务帐户的秘密未正确解析
我创建了一个具有角色/storageadmin角色的GCP服务帐户。
我已经在本地测试了它:
$ gcloud auth activate-service-account --key-file=myfile.json
$ gcloud auth configure-docker
$ docker push gcr.io/my-project-id/echoserver:1.0.1
然后,我创建了一个名为gcr_secret的文件的repo级秘密,并运行以下 Action
- name: build and push to staging gcr
id: stg_img_build
uses: RafikFarhad/push-to-gcr-github-action@v4
with:
gcloud_service_key: ${{ secrets.GCR_SECRET }}
registry: gcr.io
project_id: $STAGING_GCR_PROJECT
image_name: ${{ github.event.inputs.image_name }}
image_tag: ${{ github.event.inputs.image_tag }}
这会失败如下:
Error response from daemon: Get "https://gcr.io/v2/": unknown: Unable to parse json key.
可能导致这一点?
I have created a GCP service account having the roles/storageAdmin role.
I have tested it locally as follows:
$ gcloud auth activate-service-account --key-file=myfile.json
$ gcloud auth configure-docker
$ docker push gcr.io/my-project-id/echoserver:1.0.1
I then create a repo-level secret with the contents of this file named GCR_SECRET and run the following action
- name: build and push to staging gcr
id: stg_img_build
uses: RafikFarhad/push-to-gcr-github-action@v4
with:
gcloud_service_key: ${{ secrets.GCR_SECRET }}
registry: gcr.io
project_id: $STAGING_GCR_PROJECT
image_name: ${{ github.event.inputs.image_name }}
image_tag: ${{ github.event.inputs.image_tag }}
This fails as follows:
Error response from daemon: Get "https://gcr.io/v2/": unknown: Unable to parse json key.
What could be causing this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我鼓励您考虑 work noreload Identity Identity Identity Federation 因为这将使您能够使用Google Service帐户联合验证,以进行GitHub操作。
参见。
如果您想使用 rafikfarhad/push-top-to-to-to-to-to-to-to-to-to-gcr-github-action ,请注意 base64之前编码键将其坚持到仓库。
I encourage you to consider Workload Identity Federation as this will enable you to federate auth using a Google Service Account to GitHub Actions.
See Enabling keyless auth from GitHub Actions.
If you want to use RafikFarhad/push-to-gcr-github-action, note the requirement to base64 encode the key before persisting it to the repo.