package.json中带有私有git repo的Google App Engine部署
我对package.json中的私有Bitbucket存储库有依赖性
{
"my-dependency": "git+ssh://[email protected]/something/my-dependency.git"
}
我按照[1]和[2]中的说明进行了操作,并创建了一个用kms加密的SSH密钥。
我创建了一个自定义cloudbuild.yaml
,如下所示:
# Decrypt the file containing the key
steps:
- name: 'gcr.io/cloud-builders/gcloud'
args:
- kms
- decrypt
- --ciphertext-file=bitbucket_rsa.enc
- --plaintext-file=/root/.ssh/id_rsa
- --location=global
- --keyring=default
- --key=bitbucket-key
volumes:
- name: 'ssh'
path: /root/.ssh
# Set up git with key and domain
- name: 'gcr.io/cloud-builders/git'
entrypoint: 'bash'
args:
- '-c'
- |
chmod 600 /root/.ssh/id_rsa
cat <<EOF >/root/.ssh/config
Hostname bitbucket
IdentityFile /root/.ssh/id_rsa
EOF
mv known_hosts /root/.ssh/known_hosts
volumes:
- name: 'ssh'
path: /root/.ssh
# Install
- name: 'gcr.io/cloud-builders/yarn'
args: ['install']
volumes:
- name: 'ssh'
path: /root/.ssh
# Build
- name: "gcr.io/cloud-builders/yarn"
args: ["build"]
volumes:
- name: 'ssh'
path: /root/.ssh
# Deploy
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy", "my-service.yaml"]
volumes:
- name: 'ssh'
path: /root/.ssh
[当我通过gcloud builds submit --config=cloudbuild.yaml
运行它时,步骤#0至#3运行正常,但是步骤#4失败,因为app deploy
触发了另一个yarn install
,该用户无法访问步骤#0和#中定义的SSH密钥1:
Step #4: INFO rm_node_modules took 0 seconds
Step #4: INFO starting: yarn_install
Step #4: INFO yarn_install yarn install
Step #4: INFO `yarn_install` stdout:
Step #4: yarn install v1.9.4
Step #4: [1/5] Validating package.json...
Step #4: [2/5] Resolving packages...
Step #4: [3/5] Fetching packages...
Step #4: info Visit for documentation about this command.
Step #4:
Step #4: INFO `yarn_install` had stderr output:
Step #4: error Command failed.
Step #4: Exit code: 128
Step #4: Command: git
Step #4: Arguments: ls-remote --tags --heads ssh://[email protected]/something/my-dependency.git
Step #4: Directory: /workspace
Step #4: Output:
Step #4: Host key verification failed.
Step #4: fatal: Could not read from remote repository.
Step #4:
Step #4: Please make sure you have the correct access rights
Step #4: and the repository exists.
Step #4:
Step #4: ERROR error: `yarn_install` returned code: 1
Step #4: INFO yarn_install took 11 seconds
Step #4: INFO build process for FTL image took 11 seconds
Step #4: INFO full build took 11 seconds
Step #4: ERROR `yarn_install` had stderr output:
Step #4: error Command failed.
谢谢您的帮助!
参考文献:
[1]
[2] Link private repository in packages.json in app deployed to gcloud
回答如下:[每当出现Host Key verification failed
错误时,它很可能与您的known_hosts
文件有关,这意味着bitbucket
的主机密钥不在您的known_hosts文件中,因此客户端无法验证它。尝试先运行ssh-keyscan -t rsa bitbucket > known_hosts
,然后再运行cat known_hosts
,然后查看bitbucket主机密钥是否存在。
如果答案为否,并且输出为空,则可能是网络问题干扰了该过程。请遵循此thread中接受的答案进行故障排除。
如果答案是肯定的,那么完美的只有一个步骤,那就是将您的SSH密钥配置到Bitbucket中。转到“ Bitbucket设置”下的bitbucket,然后在选项之一中单击“ SSH密钥”。添加一个密钥(将其标记为您决定的名称),然后将通过运行cat〜/ .ssh / id_rsa.pub获得的输出粘贴到密钥部分。
基本上,在您linked的一个线程中,我正在将私有存储库克隆到与应用程序根目录相同的文件夹中。这样,在package.json中,我可以简单地添加此行dependencies: {“circular-structure-stringify”: “./circular-structure-stringify”}
,这将使我可以像任何npm软件包一样将其require()
。
我意识到我应该保持Github链接的打开状态,但尽管如此,我正在研究另一个示例,我将在稍后的评论部分中发布该示例。同时,让我知道结果。
package.json中带有私有git repo的Google App Engine部署
我对package.json中的私有Bitbucket存储库有依赖性
{
"my-dependency": "git+ssh://[email protected]/something/my-dependency.git"
}
我按照[1]和[2]中的说明进行了操作,并创建了一个用kms加密的SSH密钥。
我创建了一个自定义cloudbuild.yaml
,如下所示:
# Decrypt the file containing the key
steps:
- name: 'gcr.io/cloud-builders/gcloud'
args:
- kms
- decrypt
- --ciphertext-file=bitbucket_rsa.enc
- --plaintext-file=/root/.ssh/id_rsa
- --location=global
- --keyring=default
- --key=bitbucket-key
volumes:
- name: 'ssh'
path: /root/.ssh
# Set up git with key and domain
- name: 'gcr.io/cloud-builders/git'
entrypoint: 'bash'
args:
- '-c'
- |
chmod 600 /root/.ssh/id_rsa
cat <<EOF >/root/.ssh/config
Hostname bitbucket
IdentityFile /root/.ssh/id_rsa
EOF
mv known_hosts /root/.ssh/known_hosts
volumes:
- name: 'ssh'
path: /root/.ssh
# Install
- name: 'gcr.io/cloud-builders/yarn'
args: ['install']
volumes:
- name: 'ssh'
path: /root/.ssh
# Build
- name: "gcr.io/cloud-builders/yarn"
args: ["build"]
volumes:
- name: 'ssh'
path: /root/.ssh
# Deploy
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy", "my-service.yaml"]
volumes:
- name: 'ssh'
path: /root/.ssh
[当我通过gcloud builds submit --config=cloudbuild.yaml
运行它时,步骤#0至#3运行正常,但是步骤#4失败,因为app deploy
触发了另一个yarn install
,该用户无法访问步骤#0和#中定义的SSH密钥1:
Step #4: INFO rm_node_modules took 0 seconds
Step #4: INFO starting: yarn_install
Step #4: INFO yarn_install yarn install
Step #4: INFO `yarn_install` stdout:
Step #4: yarn install v1.9.4
Step #4: [1/5] Validating package.json...
Step #4: [2/5] Resolving packages...
Step #4: [3/5] Fetching packages...
Step #4: info Visit for documentation about this command.
Step #4:
Step #4: INFO `yarn_install` had stderr output:
Step #4: error Command failed.
Step #4: Exit code: 128
Step #4: Command: git
Step #4: Arguments: ls-remote --tags --heads ssh://[email protected]/something/my-dependency.git
Step #4: Directory: /workspace
Step #4: Output:
Step #4: Host key verification failed.
Step #4: fatal: Could not read from remote repository.
Step #4:
Step #4: Please make sure you have the correct access rights
Step #4: and the repository exists.
Step #4:
Step #4: ERROR error: `yarn_install` returned code: 1
Step #4: INFO yarn_install took 11 seconds
Step #4: INFO build process for FTL image took 11 seconds
Step #4: INFO full build took 11 seconds
Step #4: ERROR `yarn_install` had stderr output:
Step #4: error Command failed.
谢谢您的帮助!
参考文献:
[1]
[2] Link private repository in packages.json in app deployed to gcloud
回答如下:[每当出现Host Key verification failed
错误时,它很可能与您的known_hosts
文件有关,这意味着bitbucket
的主机密钥不在您的known_hosts文件中,因此客户端无法验证它。尝试先运行ssh-keyscan -t rsa bitbucket > known_hosts
,然后再运行cat known_hosts
,然后查看bitbucket主机密钥是否存在。
如果答案为否,并且输出为空,则可能是网络问题干扰了该过程。请遵循此thread中接受的答案进行故障排除。
如果答案是肯定的,那么完美的只有一个步骤,那就是将您的SSH密钥配置到Bitbucket中。转到“ Bitbucket设置”下的bitbucket,然后在选项之一中单击“ SSH密钥”。添加一个密钥(将其标记为您决定的名称),然后将通过运行cat〜/ .ssh / id_rsa.pub获得的输出粘贴到密钥部分。
基本上,在您linked的一个线程中,我正在将私有存储库克隆到与应用程序根目录相同的文件夹中。这样,在package.json中,我可以简单地添加此行dependencies: {“circular-structure-stringify”: “./circular-structure-stringify”}
,这将使我可以像任何npm软件包一样将其require()
。
我意识到我应该保持Github链接的打开状态,但尽管如此,我正在研究另一个示例,我将在稍后的评论部分中发布该示例。同时,让我知道结果。