├── .circleci ├── config.yml └── test-deploy.yml ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── BUG.md │ ├── FEATURE_REQUEST.md │ └── config.yml └── PULL_REQUEST_TEMPLATE │ └── PULL_REQUEST.md ├── .gitignore ├── .yamllint ├── LICENSE ├── README.md ├── sample ├── Dockerfile └── src │ └── test.yml └── src ├── @orb.yml ├── commands ├── build-image.yml ├── gcr-auth.yml ├── push-image.yml └── tag-image.yml ├── examples ├── build-and-push-digest.yml ├── optimized-build-and-push.yml ├── simple-build-and-push-artifact-registry.yml ├── simple-build-and-push.yml └── tag-existing-image.yml ├── executors └── default.yml ├── jobs ├── add-image-tag.yml └── build-and-push-image.yml └── scripts ├── gcr-auth.sh ├── push-image.sh └── tag-image.sh /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | setup: true 3 | orbs: 4 | orb-tools: circleci/orb-tools@12.0 5 | shellcheck: circleci/shellcheck@3.1 6 | 7 | filters: &filters 8 | tags: 9 | only: /.*/ 10 | 11 | workflows: 12 | lint-pack: 13 | jobs: 14 | - orb-tools/lint: 15 | filters: *filters 16 | - orb-tools/pack: 17 | filters: *filters 18 | - orb-tools/review: 19 | exclude: RC010 20 | filters: *filters 21 | - shellcheck/check: 22 | filters: *filters 23 | # Triggers the next workflow in the Orb Development Kit. 24 | - orb-tools/continue: 25 | orb_name: gcp-gcr 26 | pipeline_number: << pipeline.number >> 27 | vcs_type: << pipeline.project.type >> 28 | requires: [orb-tools/lint, orb-tools/review, orb-tools/pack, shellcheck/check] 29 | filters: *filters 30 | -------------------------------------------------------------------------------- /.circleci/test-deploy.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | 3 | orbs: 4 | gcp-gcr: {} 5 | orb-tools: circleci/orb-tools@12 6 | 7 | filters: &filters 8 | tags: 9 | only: /.*/ 10 | 11 | release-filters: &release-filters 12 | branches: 13 | ignore: /.*/ 14 | tags: 15 | only: /^v[0-9]+\.[0-9]+\.[0-9]+$/ 16 | 17 | jobs: 18 | test-without-sudo: 19 | docker: 20 | - image: google/cloud-sdk:latest 21 | steps: 22 | - checkout 23 | - gcp-gcr/gcr-auth 24 | integration-test-without-oidc: 25 | executor: gcp-gcr/default 26 | steps: 27 | # test orb commands 28 | - checkout 29 | - gcp-gcr/gcr-auth: 30 | registry-url: us-east1-docker.pkg.dev 31 | - gcp-gcr/build-image: 32 | registry-url: us-east1-docker.pkg.dev 33 | repository: test-images 34 | image: sample-image 35 | tag: ${CIRCLE_SHA1:0:7}.$CIRCLE_BUILD_NUM 36 | path: ~/project/sample/ 37 | docker-context: ~/project/sample/ 38 | extra_build_args: "--build-arg CIRCLE_BRANCH=$CIRCLE_BRANCH \ 39 | --build-arg CIRCLE_USERNAME=$CIRCLE_USERNAME" 40 | - gcp-gcr/push-image: 41 | registry-url: us-east1-docker.pkg.dev 42 | repository: test-images 43 | image: sample-image 44 | tag: ${CIRCLE_SHA1:0:7}.$CIRCLE_BUILD_NUM 45 | - gcp-gcr/tag-image: 46 | registry-url: us-east1-docker.pkg.dev 47 | repository: test-images 48 | image: sample-image 49 | source-tag: ${CIRCLE_SHA1:0:7}.$CIRCLE_BUILD_NUM 50 | target-tag: tagged.$CIRCLE_BUILD_NUM 51 | integration-test-with-oidc: 52 | executor: gcp-gcr/default 53 | steps: 54 | # test orb commands 55 | - checkout 56 | - gcp-gcr/gcr-auth: 57 | use_oidc: true 58 | registry-url: us-east1-docker.pkg.dev 59 | - gcp-gcr/build-image: 60 | registry-url: us-east1-docker.pkg.dev 61 | repository: test-images 62 | image: sample-image 63 | tag: ${CIRCLE_SHA1:0:7}.$CIRCLE_BUILD_NUM.oidc 64 | path: ~/project/sample/ 65 | docker-context: ~/project/sample/ 66 | - gcp-gcr/push-image: 67 | registry-url: us-east1-docker.pkg.dev 68 | repository: test-images 69 | image: sample-image 70 | tag: ${CIRCLE_SHA1:0:7}.$CIRCLE_BUILD_NUM.oidc 71 | - gcp-gcr/tag-image: 72 | registry-url: us-east1-docker.pkg.dev 73 | repository: test-images 74 | image: sample-image 75 | source-tag: ${CIRCLE_SHA1:0:7}.$CIRCLE_BUILD_NUM.oidc 76 | target-tag: tagged.$CIRCLE_BUILD_NUM.oidc 77 | 78 | workflows: 79 | test-deploy: 80 | jobs: 81 | - test-without-sudo: 82 | context: cpe-gcp 83 | filters: *filters 84 | post-steps: 85 | - run: 86 | command: | 87 | gcloud version 88 | - integration-test-without-oidc: 89 | context: cpe-gcp 90 | filters: *filters 91 | - gcp-gcr/build-and-push-image: 92 | name: build-and-push-without-oidc 93 | registry-url: us-east1-docker.pkg.dev 94 | repository: test-images 95 | image: sample-image 96 | tag: ${CIRCLE_SHA1:0:7}.$CIRCLE_BUILD_NUM 97 | digest-path: /tmp/digest.txt 98 | path: ~/project/sample/ 99 | docker-context: ~/project/sample/ 100 | context: cpe-gcp 101 | filters: *filters 102 | requires: 103 | - integration-test-without-oidc 104 | post-steps: 105 | - run: 106 | command: | 107 | echo "Digest is: $(> 151 | pub_type: production 152 | enable_pr_comment: true 153 | github_token: GHI_TOKEN 154 | requires: 155 | - orb-tools/pack 156 | - integration-test-without-oidc 157 | - build-and-push-without-oidc 158 | - build-and-push-with-env-var 159 | - integration-test-with-oidc 160 | - build-and-push-with-oidc 161 | context: orb-publisher 162 | filters: *release-filters 163 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Ping these folks when changes are made to this repository 2 | * @CircleCI-Public/orb-publishers 3 | 4 | # We can also add orb-specifc codeowners at some point if desirable 5 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/BUG.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: "\U0001F41E Bug report" 3 | about: Report any bugs encountered while using this orb. 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | ## Orb version: 11 | 12 | 19 | 20 | ## What happened: 21 | 22 | 26 | 27 | ## Expected behavior: 28 | 29 | 30 | 31 | ## Additional Information: 32 | 33 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: "\U0001F680 Feature Request" 3 | about: Propose changes to the orb. 4 | title: '' 5 | labels: feature_request 6 | assignees: '' 7 | --- 8 | 9 | ## Describe Request: 10 | 11 | ## Examples: 12 | 13 | ## Supporting Documentation Links: 14 | 15 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE/PULL_REQUEST.md: -------------------------------------------------------------------------------- 1 | 2 | **SEMVER Update Type:** 3 | - [ ] Major 4 | - [ ] Minor 5 | - [ ] Patch 6 | 7 | ## Description: 8 | 9 | 13 | 14 | ## Motivation: 15 | 16 | 19 | 20 | **Closes Issues:** 21 | - ISSUE URL 22 | 23 | ## Checklist: 24 | 25 | 30 | 31 | - [ ] All new jobs, commands, executors, parameters have descriptions. 32 | - [ ] Usage Example version numbers have been updated. 33 | - [ ] Changelog has been updated. -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | orb.yml -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | extends: relaxed 2 | 3 | rules: 4 | line-length: 5 | max: 200 6 | allow-non-breakable-inline-mappings: true 7 | 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 CircleCI Public 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GCP GCR Orb ![CircleCI Status](https://circleci.com/gh/CircleCI-Public/gcp-gcr-orb.svg?style=shield "CircleCI Status") [![CircleCI Orb Version](https://img.shields.io/badge/endpoint.svg?url=https://badges.circleci.io/orb/circleci/gcp-gcr)](https://circleci.com/orbs/registry/orb/circleci/gcp-gcr) [![GitHub License](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/circleci-public/gcp-gcr-orb/master/LICENSE) [![CircleCI Community](https://img.shields.io/badge/community-CircleCI%20Discuss-343434.svg)](https://discuss.circleci.com/c/ecosystem/orbs) 2 | 3 | Orb for interacting with Google Container Registry on CircleCI. 4 | 5 | ## Usage 6 | 7 | _For full usage guidelines, see the [orb registry listing](http://circleci.com/orbs/registry/orb/circleci/gcp-gcr)._ 8 | 9 | ## Contributing 10 | 11 | We welcome [issues](https://github.com/CircleCI-Public/gcp-gcr-orb/issues) to and [pull requests](https://github.com/CircleCI-Public/gcp-gcr-orb/pulls) against this repository! 12 | 13 | For further questions/comments about this or other orbs, visit [CircleCI's orbs discussion forum](https://discuss.circleci.com/c/orbs). 14 | 15 | ### How To Contribute 16 | 17 | We welcome [issues](https://github.com/CircleCI-Public/serverless-framework-orb/issues) to and [pull requests](https://github.com/CircleCI-Public/serverless-framework-orb/pulls) against this repository! 18 | 19 | To publish a new production version: 20 | * Create a PR to the `Alpha` branch with your changes. This will act as a "staging" branch. 21 | * When ready to publish a new production version, create a PR from `Alpha` to `master`. The Git Subject should include `[semver:patch|minor|release|skip]` to indicate the type of release. 22 | * On merge, the release will be published to the orb registry automatically. 23 | 24 | For further questions/comments about this or other orbs, visit the Orb Category of [CircleCI Discuss](https://discuss.circleci.com/c/orbs). -------------------------------------------------------------------------------- /sample/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM readytalk/nodejs 2 | 3 | # Add our configuration files and scripts 4 | WORKDIR /app 5 | ADD . /app 6 | 7 | -------------------------------------------------------------------------------- /sample/src/test.yml: -------------------------------------------------------------------------------- 1 | hello: world 2 | -------------------------------------------------------------------------------- /src/@orb.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | 3 | description: > 4 | An orb for managing images with Google Container Registry (GCR). 5 | 6 | display: 7 | home_url: "https://cloud.google.com/container-registry" 8 | source_url: "https://github.com/CircleCI-Public/gcp-gcr-orb" 9 | 10 | orbs: 11 | docker: circleci/docker@2.7.1 12 | gcp-cli: circleci/gcp-cli@3.3 13 | -------------------------------------------------------------------------------- /src/commands/build-image.yml: -------------------------------------------------------------------------------- 1 | description: Build a Docker image 2 | 3 | parameters: 4 | registry-url: 5 | type: string 6 | default: gcr.io 7 | description: The GCR registry URL from ['', us, eu, asia].gcr.io 8 | 9 | repository: 10 | type: string 11 | default: "" 12 | description: > 13 | The Artifact Registry requires a HOST-NAME/PROJECT-ID/REPOSITORY/IMAGE format. 14 | If pushing to the Artifact Registry, the repository to push the image to 15 | 16 | google-project-id: 17 | type: env_var_name 18 | default: GOOGLE_PROJECT_ID 19 | description: The Google project ID to connect with via the gcloud CLI 20 | 21 | image: 22 | type: string 23 | description: A name for your Docker image 24 | 25 | tag: 26 | type: string 27 | default: latest 28 | description: A Docker image tag 29 | 30 | dockerfile: 31 | type: string 32 | default: Dockerfile 33 | description: Name of dockerfile to use, defaults to Dockerfile 34 | 35 | path: 36 | type: string 37 | default: . 38 | description: > 39 | Path to the directory containing your Dockerfile, 40 | defaults to . (working directory) 41 | 42 | extra_build_args: 43 | type: string 44 | default: "" 45 | description: > 46 | Extra flags to pass to docker build. For examples, see 47 | https://docs.docker.com/engine/reference/commandline/build 48 | 49 | attach-workspace: 50 | type: boolean 51 | default: false 52 | description: > 53 | Boolean for whether or not to attach to an existing workspace. Default 54 | is false. 55 | 56 | workspace-root: 57 | type: string 58 | default: "." 59 | description: > 60 | Workspace root path that is either an absolute path or a path relative 61 | to the working directory. Defaults to '.' (the working directory) 62 | 63 | docker-context: 64 | type: string 65 | default: . 66 | description: > 67 | Path to the directory containing your build context, defaults to . 68 | (working directory) 69 | 70 | no_output_timeout: 71 | type: string 72 | default: "10m" 73 | description: > 74 | Pass through a default timeout if your Docker build does not output 75 | anything for more than 10 minutes. 76 | 77 | steps: 78 | - when: 79 | condition: <> 80 | steps: 81 | - attach_workspace: 82 | at: <> 83 | - when: 84 | condition: 85 | equal: [ "", << parameters.repository >> ] 86 | steps: 87 | - docker/build: 88 | step-name: Build Docker image for GCR 89 | dockerfile: <> 90 | docker-context: <> 91 | path: <> 92 | registry: "<>/$<>" 93 | image: <> 94 | tag: <> 95 | extra_build_args: <> 96 | no_output_timeout: <> 97 | - when: 98 | condition: 99 | not: 100 | equal: [ "", << parameters.repository >> ] 101 | steps: 102 | - docker/build: 103 | step-name: Build Docker image for GCR 104 | dockerfile: <> 105 | docker-context: <> 106 | path: <> 107 | registry: "<>/$<>/<>" 108 | image: <> 109 | tag: <> 110 | extra_build_args: <> 111 | no_output_timeout: <> 112 | -------------------------------------------------------------------------------- /src/commands/gcr-auth.yml: -------------------------------------------------------------------------------- 1 | description: > 2 | Configure Docker to use gcloud as a credential helper. 3 | 4 | parameters: 5 | gcloud-service-key: 6 | type: env_var_name 7 | default: GCLOUD_SERVICE_KEY 8 | description: The gcloud service key 9 | 10 | google-project-id: 11 | type: env_var_name 12 | default: GOOGLE_PROJECT_ID 13 | description: > 14 | Environment variable name for the Google project ID to connect with 15 | via the gcloud CLI 16 | 17 | google-compute-zone: 18 | type: env_var_name 19 | default: GOOGLE_COMPUTE_ZONE 20 | description: > 21 | The Google compute zone to connect with via the gcloud CLI 22 | 23 | google-compute-region: 24 | type: env_var_name 25 | default: GOOGLE_COMPUTE_REGION 26 | description: > 27 | The Google compute region to connect with via the gcloud CLI 28 | 29 | registry-url: 30 | description: > 31 | The GCR registry URL from ['', us, eu, asia].gcr.io, 32 | or an artifact registry url from [GOOGLE_COMPUTE_REGION, us, eu, asia]-docker.pkg.dev 33 | type: string 34 | default: gcr.io 35 | 36 | version: 37 | default: latest 38 | description: > 39 | The version of the gcloud CLI to install. If left to "latest", the latest 40 | version will be installed. Otherwise, provide the full version number as 41 | it appears in the URL on this page: 42 | https://cloud.google.com/sdk/docs/downloads-versioned-archives 43 | type: string 44 | 45 | components: 46 | type: string 47 | default: "" 48 | description: > 49 | The list of gcloud components to install. Space separated. 50 | See https://cloud.google.com/sdk/docs/components for additional 51 | 52 | # OIDC parameters 53 | 54 | use_oidc: 55 | type: boolean 56 | default: false 57 | description: Set to true to enable OIDC 58 | 59 | google_project_number: 60 | type: env_var_name 61 | default: GOOGLE_PROJECT_NUMBER 62 | description: | 63 | Name of environment variable storing the Google project number 64 | used to configure OIDC. 65 | 66 | workload_identity_pool_id: 67 | type: env_var_name 68 | default: OIDC_WIP_ID 69 | description: | 70 | Environment variable containing OIDC configured workload identity pool is stored. 71 | 72 | workload_identity_pool_provider_id: 73 | type: env_var_name 74 | default: OIDC_WIP_PROVIDER_ID 75 | description: | 76 | Environment variable containing OIDC configured workload identity pool provider ID is stored. 77 | 78 | service_account_email: 79 | type: env_var_name 80 | default: OIDC_SERVICE_ACCOUNT_EMAIL 81 | description: Environment variable containing OIDC service account email. 82 | 83 | gcp_cred_config_file_path: 84 | type: string 85 | default: ~/gcp_cred_config.json 86 | description: Output location of OIDC credentials. 87 | 88 | steps: 89 | - gcp-cli/setup: 90 | version: << parameters.version >> 91 | components: << parameters.components >> 92 | google_project_id: <> 93 | google_compute_zone: <> 94 | google_compute_region: <> 95 | gcloud_service_key: <> 96 | use_oidc: << parameters.use_oidc >> 97 | google_project_number: << parameters.google_project_number >> 98 | workload_identity_pool_id: << parameters.workload_identity_pool_id >> 99 | workload_identity_pool_provider_id: << parameters.workload_identity_pool_provider_id >> 100 | service_account_email: << parameters.service_account_email >> 101 | gcp_cred_config_file_path: << parameters.gcp_cred_config_file_path >> 102 | 103 | - run: 104 | name: gcloud auth configure-docker 105 | environment: 106 | ORB_ENV_PROJECT_ID: << parameters.google-project-id >> 107 | ORB_VAL_REGISTRY_URL: << parameters.registry-url >> 108 | command: << include(scripts/gcr-auth.sh) >> 109 | -------------------------------------------------------------------------------- /src/commands/push-image.yml: -------------------------------------------------------------------------------- 1 | description: Push a container image to the GCR registry 2 | 3 | parameters: 4 | registry-url: 5 | description: The GCR registry URL from ['', us, eu, asia].gcr.io 6 | type: string 7 | default: gcr.io 8 | 9 | repository: 10 | type: string 11 | default: "" 12 | description: > 13 | The Artifact Registry requires a HOST-NAME/PROJECT-ID/REPOSITORY/IMAGE format. 14 | If pushing to the Artifact Registry, the repository to push the image to 15 | 16 | google-project-id: 17 | description: The Google project ID to connect with via the gcloud CLI 18 | type: env_var_name 19 | default: GOOGLE_PROJECT_ID 20 | 21 | image: 22 | description: A name for your docker image 23 | type: string 24 | 25 | tag: 26 | description: Comma-separated list of docker image tags. The contents of each will be evaluated. 27 | type: string 28 | default: "latest" 29 | 30 | digest-path: 31 | type: string 32 | description: (Optional) The path to save the RepoDigest of the pushed image 33 | default: "" 34 | 35 | steps: 36 | - run: 37 | name: Push image to GCR 38 | environment: 39 | ORB_ENV_PROJECT_ID: << parameters.google-project-id >> 40 | ORB_VAL_REGISTRY_URL: << parameters.registry-url >> 41 | ORB_VAL_REPOSITORY: << parameters.repository >> 42 | ORB_VAL_IMAGE: << parameters.image >> 43 | ORB_VAL_DIGEST_PATH: << parameters.digest-path >> 44 | ORB_EVAL_TAG: << parameters.tag >> 45 | command: << include(scripts/push-image.sh) >> 46 | -------------------------------------------------------------------------------- /src/commands/tag-image.yml: -------------------------------------------------------------------------------- 1 | description: Add a tag to an existing published image 2 | 3 | parameters: 4 | registry-url: 5 | description: "The GCR registry URL from ['', us, eu, asia].gcr.io" 6 | type: string 7 | default: gcr.io 8 | 9 | google-project-id: 10 | description: The Google project ID to connect with via the gcloud CLI 11 | type: env_var_name 12 | default: GOOGLE_PROJECT_ID 13 | 14 | repository: 15 | type: string 16 | default: "" 17 | description: > 18 | The Artifact Registry requires a HOST-NAME/PROJECT-ID/REPOSITORY/IMAGE format. 19 | If pushing to the Artifact Registry, the repository to push the image to 20 | 21 | image: 22 | type: string 23 | description: A Docker image name 24 | 25 | source-tag: 26 | type: string 27 | description: An existing Docker image tag. The contents will be evaluated. 28 | 29 | target-tag: 30 | type: string 31 | description: A new Docker image tag. The contents will be evaluated. 32 | 33 | steps: 34 | - run: 35 | name: Add <> tag to <>/$<>/<>:<> 36 | environment: 37 | ORB_VAL_REGISTRY_URL: << parameters.registry-url >> 38 | ORB_ENV_PROJECT_ID: << parameters.google-project-id >> 39 | ORB_VAL_REPOSITORY: << parameters.repository >> 40 | ORB_VAL_IMAGE: << parameters.image >> 41 | ORB_EVAL_SOURCE_TAG: << parameters.source-tag >> 42 | ORB_EVAL_TARGET_TAG: << parameters.target-tag >> 43 | command: << include(scripts/tag-image.sh) >> 44 | -------------------------------------------------------------------------------- /src/examples/build-and-push-digest.yml: -------------------------------------------------------------------------------- 1 | description: > 2 | Log into Google Cloud Plaform, build and push image to GCR, then echo the image digest 3 | 4 | usage: 5 | version: 2.1 6 | 7 | orbs: 8 | gcp-gcr: circleci/gcp-gcr@x.y.z 9 | 10 | jobs: 11 | build-and-push: 12 | executor: gcp-gcr/default 13 | steps: 14 | - checkout 15 | - gcp-gcr/gcr-auth 16 | - gcp-gcr/build-image: 17 | image: orb-test 18 | registry-url: eu.gcr.io 19 | no_output_timeout: 20m 20 | - gcp-gcr/push-image: 21 | image: orb-test 22 | registry-url: eu.gcr.io 23 | digest-path: /tmp/digest.txt 24 | - run: 25 | command: | 26 | echo "Digest is: $( 2 | Log into Google Cloud Plaform, then build and push image to GCR. Uses a custom executor to reduce the setup time. 3 | 4 | usage: 5 | version: 2.1 6 | 7 | orbs: 8 | gcp-gcr: circleci/gcp-gcr@x.y.z 9 | 10 | executors: 11 | my-executor: 12 | docker: 13 | # choose an image that contains the gcloud CLI to avoid installation during CI 14 | # you can extend CircleCI base images https://circleci.com/docs/2.0/circleci-images/#circleci-base-image 15 | - image: my-org/circleci-python:3.7 16 | 17 | workflows: 18 | build_and_push_image: 19 | jobs: 20 | - gcp-gcr/build-and-push-image: 21 | context: myContext # your context containing gcloud login variables 22 | registry-url: us.gcr.io # gcr.io, eu.gcr.io, asia.gcr.io 23 | image: my-image # your image name 24 | executor: my-executor # choose an image with gcloud already installed 25 | setup-remote-docker: true # mandatory for custom docker executor 26 | use-docker-layer-caching: true # optional, improved performance. 27 | -------------------------------------------------------------------------------- /src/examples/simple-build-and-push-artifact-registry.yml: -------------------------------------------------------------------------------- 1 | description: > 2 | Log into Google Cloud Plaform, then build and push image to Artifact Registry 3 | 4 | usage: 5 | version: 2.1 6 | 7 | orbs: 8 | gcp-gcr: circleci/gcp-gcr@x.y.z 9 | 10 | workflows: 11 | build_and_push_image: 12 | jobs: 13 | - gcp-gcr/build-and-push-image: 14 | context: myContext # your context containing gcloud login variables 15 | registry-url: us-central1-docker.pkg.dev # gcr.io, eu.gcr.io, asia.gcr.io 16 | repository: my-repo # your repository name 17 | image: my-image # your image name 18 | -------------------------------------------------------------------------------- /src/examples/simple-build-and-push.yml: -------------------------------------------------------------------------------- 1 | description: > 2 | Log into Google Cloud Plaform, then build and push image to GCR 3 | 4 | usage: 5 | version: 2.1 6 | 7 | orbs: 8 | gcp-gcr: circleci/gcp-gcr@x.y.z 9 | 10 | workflows: 11 | build_and_push_image: 12 | jobs: 13 | - gcp-gcr/build-and-push-image: 14 | context: myContext # your context containing gcloud login variables 15 | registry-url: us.gcr.io # gcr.io, eu.gcr.io, asia.gcr.io 16 | image: my-image # your image name 17 | -------------------------------------------------------------------------------- /src/examples/tag-existing-image.yml: -------------------------------------------------------------------------------- 1 | description: > 2 | Log into Google Cloud Plaform, then tag an existing image with "latest" 3 | 4 | usage: 5 | version: 2.1 6 | 7 | orbs: 8 | gcp-gcr: circleci/gcp-gcr@x.y.z 9 | 10 | workflows: 11 | build_and_push_image: 12 | jobs: 13 | - gcp-gcr/tag-image: 14 | context: myContext # your context containing gcloud login variables 15 | registry-url: us.gcr.io # gcr.io, eu.gcr.io, asia.gcr.io 16 | image: my-image # your image name 17 | source-tag: mytag1 # an existing tag 18 | target-tag: mytag2 # the new tag you want to add 19 | -------------------------------------------------------------------------------- /src/executors/default.yml: -------------------------------------------------------------------------------- 1 | description: A debian-based machine executor 2 | 3 | machine: 4 | image: default 5 | -------------------------------------------------------------------------------- /src/jobs/add-image-tag.yml: -------------------------------------------------------------------------------- 1 | description: > 2 | Install GCP CLI, if needed, and configure. Adds a tag to an existing image. 3 | 4 | executor: <> 5 | 6 | parameters: 7 | executor: 8 | default: default 9 | description: executor to use for this job 10 | type: executor 11 | 12 | gcloud-service-key: 13 | description: The gcloud service key 14 | type: env_var_name 15 | default: GCLOUD_SERVICE_KEY 16 | 17 | google-project-id: 18 | description: The Google project ID to connect with via the gcloud CLI 19 | type: env_var_name 20 | default: GOOGLE_PROJECT_ID 21 | 22 | google-compute-zone: 23 | description: The Google compute zone to connect with via the gcloud CLI 24 | type: env_var_name 25 | default: GOOGLE_COMPUTE_ZONE 26 | 27 | google-compute-region: 28 | description: The Google compute zone to connect with via the gcloud CLI 29 | type: env_var_name 30 | default: GOOGLE_COMPUTE_REGION 31 | 32 | registry-url: 33 | description: The GCR registry URL from ['', us, eu, asia].gcr.io 34 | type: string 35 | default: gcr.io 36 | 37 | image: 38 | description: A name for your Docker image 39 | type: string 40 | 41 | source-tag: 42 | type: string 43 | description: An existing Docker image tag 44 | 45 | target-tag: 46 | type: string 47 | description: A new Docker image tag 48 | 49 | gcloud_version: 50 | type: string 51 | default: latest 52 | description: | 53 | Version of gcloud CLI to install. 54 | 55 | gcloud_components: 56 | type: string 57 | default: "" 58 | description: > 59 | The list of gcloud components to install. Space separated. 60 | See https://cloud.google.com/sdk/docs/components for additional info. 61 | 62 | # OIDC parameters 63 | 64 | use_oidc: 65 | type: boolean 66 | default: false 67 | description: Set to true to enable OIDC 68 | 69 | google_project_number: 70 | type: env_var_name 71 | default: GOOGLE_PROJECT_NUMBER 72 | description: | 73 | Name of environment variable storing the Google project number 74 | used to configure OIDC. 75 | 76 | workload_identity_pool_id: 77 | type: env_var_name 78 | default: OIDC_WIP_ID 79 | description: | 80 | Environment variable containing OIDC configured workload identity pool is stored. 81 | 82 | workload_identity_pool_provider_id: 83 | type: env_var_name 84 | default: OIDC_WIP_PROVIDER_ID 85 | description: | 86 | Environment variable containing OIDC configured workload identity pool provider ID is stored. 87 | 88 | service_account_email: 89 | type: env_var_name 90 | default: OIDC_SERVICE_ACCOUNT_EMAIL 91 | description: Environment variable containing OIDC service account email. 92 | 93 | gcp_cred_config_file_path: 94 | type: string 95 | default: ~/gcp_cred_config.json 96 | description: Output location of OIDC credentials. 97 | 98 | steps: 99 | 100 | - gcr-auth: 101 | google-project-id: <> 102 | google-compute-zone: <> 103 | google-compute-region: <> 104 | gcloud-service-key: <> 105 | version: <> 106 | components: <> 107 | use_oidc: << parameters.use_oidc >> 108 | google_project_number: << parameters.google_project_number >> 109 | workload_identity_pool_id: << parameters.workload_identity_pool_id >> 110 | workload_identity_pool_provider_id: << parameters.workload_identity_pool_provider_id >> 111 | service_account_email: << parameters.service_account_email >> 112 | gcp_cred_config_file_path: << parameters.gcp_cred_config_file_path >> 113 | 114 | - tag-image: 115 | registry-url: <> 116 | google-project-id: <> 117 | image: <> 118 | source-tag: <> 119 | target-tag: <> 120 | -------------------------------------------------------------------------------- /src/jobs/build-and-push-image.yml: -------------------------------------------------------------------------------- 1 | description: > 2 | Install GCP CLI, if needed, and configure. Build and push image to repository. 3 | 4 | executor: <> 5 | 6 | parameters: 7 | executor: 8 | default: default 9 | description: executor to use for this job 10 | type: executor 11 | 12 | gcloud-service-key: 13 | description: The gcloud service key 14 | type: env_var_name 15 | default: GCLOUD_SERVICE_KEY 16 | 17 | google-project-id: 18 | description: The Google project ID to connect with via the gcloud CLI 19 | type: env_var_name 20 | default: GOOGLE_PROJECT_ID 21 | 22 | google-compute-zone: 23 | description: The Google compute zone to connect with via the gcloud CLI 24 | type: env_var_name 25 | default: GOOGLE_COMPUTE_ZONE 26 | 27 | google-compute-region: 28 | description: The Google compute zone to connect with via the gcloud CLI 29 | type: env_var_name 30 | default: GOOGLE_COMPUTE_REGION 31 | 32 | registry-url: 33 | description: > 34 | The GCR registry URL from ['', us, eu, asia].gcr.io, 35 | or an artifact registry url from [GOOGLE_COMPUTE_REGION, us, eu, asia]-docker.pkg.dev 36 | type: string 37 | default: gcr.io 38 | 39 | repository: 40 | type: string 41 | default: "" 42 | description: > 43 | The Artifact Registry requires a HOST-NAME/PROJECT-ID/REPOSITORY/IMAGE format. 44 | If pushing to the Artifact Registry, the repository to push the image to 45 | 46 | image: 47 | type: string 48 | description: A name for your Docker image 49 | 50 | tag: 51 | type: string 52 | default: latest 53 | description: A Docker image tag 54 | 55 | dockerfile: 56 | type: string 57 | default: Dockerfile 58 | description: Name of dockerfile to use, defaults to Dockerfile 59 | 60 | path: 61 | type: string 62 | default: . 63 | description: > 64 | Path to the directory containing your Dockerfile, 65 | defaults to . (working directory) 66 | 67 | extra_build_args: 68 | type: string 69 | default: "" 70 | description: > 71 | Extra flags to pass to docker build. For examples, see 72 | https://docs.docker.com/engine/reference/commandline/build 73 | 74 | digest-path: 75 | type: string 76 | description: (Optional) The path to save the RepoDigest of the pushed image 77 | default: "" 78 | 79 | attach-workspace: 80 | type: boolean 81 | default: false 82 | description: > 83 | Boolean for whether or not to attach to an existing workspace. Default 84 | is false. 85 | 86 | workspace-root: 87 | type: string 88 | default: "." 89 | description: > 90 | Workspace root path that is either an absolute path or a path relative 91 | to the working directory. Defaults to '.' (the working directory) 92 | 93 | docker-context: 94 | type: string 95 | default: . 96 | description: > 97 | Path to the directory containing your build context, defaults to . 98 | (working directory) 99 | setup-remote-docker: 100 | default: false 101 | description: | 102 | Setup and use CircleCI's remote Docker environment for Docker and docker-compose commands? Not required if using the default executor 103 | type: boolean 104 | use-docker-layer-caching: 105 | default: false 106 | description: | 107 | Setup docker layer caching for optimized build. Not available if using the default executor. 108 | type: boolean 109 | remote-docker-version: 110 | default: "docker24" 111 | description: | 112 | Specify the remote docker version. See: https://circleci.com/docs/2.0/building-docker-images/#docker-version 113 | type: string 114 | 115 | no_output_timeout: 116 | type: string 117 | default: "10m" 118 | description: > 119 | Pass through a default timeout if your Docker build does not output 120 | anything for more than 10 minutes. 121 | 122 | gcloud_version: 123 | type: string 124 | default: latest 125 | description: | 126 | Version of gcloud CLI to install. 127 | 128 | gcloud_components: 129 | type: string 130 | default: "" 131 | description: > 132 | The list of gcloud components to install. Space separated. 133 | See https://cloud.google.com/sdk/docs/components for additional info. 134 | 135 | # OIDC parameters 136 | 137 | use_oidc: 138 | type: boolean 139 | default: false 140 | description: Set to true to enable OIDC 141 | 142 | google_project_number: 143 | type: env_var_name 144 | default: GOOGLE_PROJECT_NUMBER 145 | description: | 146 | Name of environment variable storing the Google project number 147 | used to configure OIDC. 148 | 149 | workload_identity_pool_id: 150 | type: env_var_name 151 | default: OIDC_WIP_ID 152 | description: | 153 | Environment variable containing OIDC configured workload identity pool is stored. 154 | 155 | workload_identity_pool_provider_id: 156 | type: env_var_name 157 | default: OIDC_WIP_PROVIDER_ID 158 | description: | 159 | Environment variable containing OIDC configured workload identity pool provider ID is stored. 160 | 161 | service_account_email: 162 | type: env_var_name 163 | default: OIDC_SERVICE_ACCOUNT_EMAIL 164 | description: Environment variable containing OIDC service account email. 165 | 166 | gcp_cred_config_file_path: 167 | type: string 168 | default: ~/gcp_cred_config.json 169 | description: Output location of OIDC credentials. 170 | 171 | steps: 172 | - checkout 173 | 174 | - when: 175 | condition: <> 176 | steps: 177 | - setup_remote_docker: 178 | docker_layer_caching: <> 179 | version: <> 180 | 181 | - gcr-auth: 182 | google-project-id: <> 183 | google-compute-zone: <> 184 | google-compute-region: <> 185 | gcloud-service-key: <> 186 | registry-url: <> 187 | version: <> 188 | components: <> 189 | use_oidc: << parameters.use_oidc >> 190 | google_project_number: << parameters.google_project_number >> 191 | workload_identity_pool_id: << parameters.workload_identity_pool_id >> 192 | workload_identity_pool_provider_id: << parameters.workload_identity_pool_provider_id >> 193 | service_account_email: << parameters.service_account_email >> 194 | gcp_cred_config_file_path: << parameters.gcp_cred_config_file_path >> 195 | 196 | - build-image: 197 | registry-url: <> 198 | repository: <> 199 | google-project-id: <> 200 | image: <> 201 | tag: <> 202 | dockerfile: <> 203 | path: <> 204 | extra_build_args: <> 205 | attach-workspace: <> 206 | workspace-root: <> 207 | docker-context: <> 208 | no_output_timeout: <> 209 | 210 | - push-image: 211 | registry-url: <> 212 | repository: <> 213 | google-project-id: <> 214 | image: <> 215 | tag: <> 216 | digest-path: <> 217 | -------------------------------------------------------------------------------- /src/scripts/gcr-auth.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ORB_VAL_REGISTRY_URL="$(circleci env subst "$ORB_VAL_REGISTRY_URL")" 4 | 5 | unameOut="$(uname -s)" 6 | case "${unameOut}" in 7 | Linux*) platform=linux;; 8 | Darwin*) platform=mac;; 9 | CYGWIN*) platform=windows;; 10 | MINGW*) platform=windows;; 11 | MSYS_NT*) platform=windows;; 12 | *) platform="UNKNOWN:${unameOut}" 13 | esac 14 | 15 | # Set sudo to work whether logged in as root user or non-root user 16 | if [[ $EUID == 0 ]] || [[ "${platform}" == "windows" ]]; then 17 | export SUDO="" 18 | else 19 | export SUDO="sudo" 20 | fi 21 | 22 | # configure Docker to use gcloud as a credential helper 23 | mkdir -p "$HOME/.docker" 24 | 25 | if [[ "$ORB_VAL_REGISTRY_URL" == *"docker.pkg.dev" ]]; then 26 | gcloud auth configure-docker --quiet --project "${!ORB_ENV_PROJECT_ID}" "$ORB_VAL_REGISTRY_URL" 27 | else 28 | gcloud auth configure-docker --quiet --project "${!ORB_ENV_PROJECT_ID}" 29 | fi 30 | 31 | # if applicable, provide user access to the docker config file 32 | if [[ -d "$HOME/.docker" ]]; then 33 | $SUDO chown "$USER:$USER" "$HOME/.docker" -R 34 | fi 35 | if [[ -d "$HOME/.config" ]]; then 36 | $SUDO chown "$USER:$USER" "$HOME/.config" -R 37 | fi 38 | -------------------------------------------------------------------------------- /src/scripts/push-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ORB_VAL_REGISTRY_URL="$(circleci env subst "$ORB_VAL_REGISTRY_URL")" 4 | ORB_VAL_REPOSITORY="$(circleci env subst "$ORB_VAL_REPOSITORY")" 5 | ORB_VAL_IMAGE="$(circleci env subst "$ORB_VAL_IMAGE")" 6 | ORB_VAL_DIGEST_PATH="$(circleci env subst "$ORB_VAL_DIGEST_PATH")" 7 | 8 | IFS="," read -ra DOCKER_TAGS <<< "$ORB_EVAL_TAG" 9 | PROJECT_ID="${!ORB_ENV_PROJECT_ID}" 10 | 11 | DOCKER_PATH="$ORB_VAL_REGISTRY_URL/$PROJECT_ID/$ORB_VAL_IMAGE" 12 | if [ -n "${ORB_VAL_REPOSITORY}" ]; then 13 | DOCKER_PATH="$ORB_VAL_REGISTRY_URL/$PROJECT_ID/$ORB_VAL_REPOSITORY/$ORB_VAL_IMAGE" 14 | fi 15 | 16 | for tag_to_eval in "${DOCKER_TAGS[@]}"; do 17 | TAG=$(eval echo "$tag_to_eval") 18 | set -x 19 | docker push "${DOCKER_PATH}:${TAG}" 20 | set +x 21 | done 22 | 23 | if [ -n "$ORB_VAL_DIGEST_PATH" ]; then 24 | mkdir -p "$(dirname "$ORB_VAL_DIGEST_PATH")" 25 | SAMPLE_FIRST=$(eval echo "${DOCKER_TAGS[0]}") 26 | set -x 27 | docker image inspect --format="{{index .RepoDigests 0}}" "$DOCKER_PATH:$SAMPLE_FIRST" > "$ORB_VAL_DIGEST_PATH" 28 | set +x 29 | fi 30 | -------------------------------------------------------------------------------- /src/scripts/tag-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ORB_VAL_REGISTRY_URL="$(circleci env subst "$ORB_VAL_REGISTRY_URL")" 4 | ORB_VAL_REPOSITORY="$(circleci env subst "$ORB_VAL_REPOSITORY")" 5 | ORB_VAL_IMAGE="$(circleci env subst "$ORB_VAL_IMAGE")" 6 | 7 | SOURCE_TAG=$(eval echo "$ORB_EVAL_SOURCE_TAG") 8 | TARGET_TAG=$(eval echo "$ORB_EVAL_TARGET_TAG") 9 | 10 | IMAGE_ROOT="$ORB_VAL_REGISTRY_URL/${!ORB_ENV_PROJECT_ID}/$ORB_VAL_IMAGE" 11 | if [ -n "${ORB_VAL_REPOSITORY}" ]; then 12 | IMAGE_ROOT="$ORB_VAL_REGISTRY_URL/${!ORB_ENV_PROJECT_ID}/$ORB_VAL_REPOSITORY/$ORB_VAL_IMAGE" 13 | fi 14 | 15 | gcloud container images add-tag --quiet \ 16 | "$IMAGE_ROOT:$SOURCE_TAG" \ 17 | "$IMAGE_ROOT:$TARGET_TAG" 18 | --------------------------------------------------------------------------------