我正在使用bbrun模拟本地运行的管道.本质上,我需要的(不是问题)是在GCP上自动化terragrunt部署基础架构.因此,每次使用标签进行推送时,它都会部署特定的环境.
I am using bbrun to simulate the pipeline run locally. Essentially what I need (not the issue) is to automate terragrunt deployment of an infrastructure on GCP. So every time it's pushed with a tag it deploys a certain environment.
这是我的bitbucket-pipelines.yml(对bbrun进行了简化):
This is my bitbucket-pipelines.yml (simplified for bbrun):
image: alpine/terragrunt:latest definitions: steps: - step: &terragrunt name: run terragrunt script: - cd ./env/dev - terragrunt validate-all pipelines: default: - step: *terragrunt当我有一个具有硬编码秘密的credentials.json文件(位于/env/dev中)时,当我使用bbrun运行此程序时,一切正常.那么,如何才能将变量添加到credits.json文件中,以使管道知道该文件中存在变量?
And everything works when I run this with bbrun when I have a credentials.json file (which is in /env/dev) that has a hardcoded secretes in it. So how can I add variables to the credentials.json file so that pipelines knows that there is a variable in that file?
例如,如果我在bitbucket-piplines控制台PRIVATE_KEY中添加一个secret变量我想让特拉格朗特读这行
For instance if I add a secrete variable in bitbucket-piplines console PRIVATE_KEY I want terragrunt to read this line
"private_key": "-----BEGIN PRIVATE KEY-----\${env:PRIVATE_KEY}\n-----END PRIVATE KEY-----\n", #I also tried $PRIVATE_KEY and ${PRIVATE_KEY} when running bbrun with -e PRIVATE_KEY=***在凭据.json中作为变量的值.
in credentials.json as a value of the variable.
我不确定bbrun是否在这里错误,并且bitbucket管道实际上会传递变量值,但是在使用变量运行时出现此错误:
I am not sure if bbrun is just wrong here and bitbucket pipelines would actually pass the variables value but I get this error when running with variables:
Error: Error in function call --- Call to function "jsondecode" failed: invalid character '$' in string escape code.我也很累:
variables: PRIVATE_KEY_ID: $PRIVATE_KEY_ID PRIVATE_KEY: $PRIVATE_KEY没有用.
我还尝试使用envsubst命令编辑step脚本文件,该命令有效,但这似乎有点笨拙.
I also tried editing the file the the step script with envsubst command which works but this seems kinda dumb to use.
推荐答案基本上您想运行
cat credentials.json | base64,然后将命令的输出作为名为 CREDS 的变量的秘密值放入管道的存储库中,因此在管道的第一步中设置命令
and then put the output of the command as a secrete value of the variable named CREDS in the pipeline's repo so in the first step of the pipeline set the command
echo $CREDS | base64 -d > ./wherever/it/is/credentials.json别忘了使用工件,以便在需要时将文件保存用于下一步.
Don't forget to use artifacts so that the files is saved for the next step if needed.
更多推荐
如何在bitbucket管道中将变量传递给凭据.json?
发布评论