Build a docker image on gitlab ci and publish it to google container registry

Philip Heltweg

September 3, 2019

In previous blogposts I explained my concept of a personal cloud for my own projects (Kubernetes for Sideprojects) and how I set it up (Run a personal cloud with Traefik, Let’s encrypt and Zookeeper). I also showed how I packaged a PWA project with docker (Build a PWA in docker).

With all those ingredients ready to go the last hurdle to solve is building the docker image automatically as well as publishing it to a private container registry so I can deploy it to my cloud from there.

Overview

The goal of the setup is to:

Permissions

To enable gitlab to do these actions on our behalf we need to set up service accounts. We need

You can create these service accounts in the “IAM & admin” -> “Service accounts” section of google cloud. Make sure to download and save the generated json file.

We will also need to allow the personal cloud project to pull the docker image from the container registry that is in a different project. For that I followed this excellent blogpost by Alexey Timanovskiy (Using single Docker repository with multiple GKE projects).

Publish a docker image with gitlab ci

I am a freelancer and would love to help you!
EMAIL ME 👋

To allow gitlab ci to use your service account you need to save the content of the json files as a base64 encoded variable in the backend. You can find the setting under “Settings” -> “CI /CD” -> “Variables”. Be careful with this data since it is security relevant. The variables here will be available as environment variables during your jobs.

The service account variables

The service account variables

I use the following gitlab ci stage to build and publish a project. Note that it only runs manually and for master. In this case it uses the service account saved in GCLOUD_SERVICE_KEY:

publish:
  stage: publish
  image: docker:19.03.1
  services:
    - docker:dind
  variables:
    DOCKER_DRIVER: overlay
  script:
    - echo $GCLOUD_SERVICE_KEY | base64 -d > ${HOME}/gcloud-service-key.json
    - docker login -u _json_key --password-stdin https://eu.gcr.io < ${HOME}/gcloud-service-key.json
    - docker build -t eu.gcr.io/projectid/app:${CI_COMMIT_SHA} .
    - docker push "eu.gcr.io/projectid/app:${CI_COMMIT_SHA}"
  only:
    - master
  when: manual
The resulting tagged images in gcr

The resulting tagged images in gcr

About Me

I am a full stack developer and digital product enthusiast. I am available for freelance work and always looking for the next exciting project :).
You can reach me online either by email (pheltweg@gmail.com) or on twitter https://twitter.com/rhanarion.