{"id":4384,"date":"2021-03-25T14:00:00","date_gmt":"2021-03-25T13:00:00","guid":{"rendered":"https:\/\/www.unicoda.com\/?p=4384"},"modified":"2021-03-12T23:35:29","modified_gmt":"2021-03-12T22:35:29","slug":"utiliser-buildah-dans-cloud-build","status":"publish","type":"post","link":"https:\/\/www.unicoda.com\/?p=4384","title":{"rendered":"Utiliser buildah dans Cloud Build"},"content":{"rendered":"\n<p>L&rsquo;astuce consiste en l&rsquo;utilisation d&rsquo;une image <code>buildah<\/code> officielle, disponible \u00e0 l&rsquo;adresse <code>quay.io\/buildah\/stable<\/code>. Je distingue trois \u00e9tapes dans mon build: la construction de l&rsquo;image, la r\u00e9cup\u00e9ration de la clef de chiffrement depuis le Secret Manager et enfin, le stockage dans le Container Registry. Ce qui nous donne donc la configuration ci-dessous.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Construction de l&rsquo;image<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><em># Build image with buildah\n<\/em>- id: 'build'\n  name: 'quay.io\/buildah\/stable'\n  args: ['buildah', 'bud', '-t', 'mon-image', '.']\n  volumes:\n    - name: varlibcontainers\n      path: '\/var\/lib\/containers'<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">R\u00e9cup\u00e9ration de la clef<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><em># Get public key from secret manager<\/em>\n- id: 'get public key'\n  name: gcr.io\/cloud-builders\/gcloud\n  entrypoint: 'bash'\n  args: [ '-c', \"gcloud secrets versions access latest --secret=pub-key --format='get(payload.data)' | tr '_-' '\/+' | base64 -d &gt; pub-key.pem\" ]\n<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Stockage de l&rsquo;image<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><em># Push image with buildah\n<\/em>- id: 'push'\n  name: 'quay.io\/buildah\/stable'\n  args: ['buildah', 'push', '--encryption-key', 'jwe:.\/pub-key.pem', 'mon-image', 'eu.gcr.io\/$PROJECT_ID\/mon-image']\n  volumes:\n    - name: varlibcontainers\n      path: '\/var\/lib\/containers'<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Note<\/h4>\n\n\n\n<p>Pr\u00e9cisons que ce Cloud Build est d\u00e9clench\u00e9 en cas de push sur une branche particuli\u00e8re d&rsquo;un d\u00e9p\u00f4t git, ici h\u00e9berg\u00e9 chez GitHub et connect\u00e9 \u00e0 la GCP. Ce d\u00e9p\u00f4t contient bien entendu un fichier <code>Dockerfile<\/code> \u00e0 sa racine.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>L&rsquo;astuce consiste en l&rsquo;utilisation d&rsquo;une image buildah officielle, disponible \u00e0 l&rsquo;adresse quay.io\/buildah\/stable. Je distingue trois \u00e9tapes dans mon build: la construction de l&rsquo;image, la r\u00e9cup\u00e9ration de la clef de chiffrement depuis le Secret Manager et enfin, le stockage dans le Container Registry. Ce qui nous donne donc la configuration ci-dessous. Construction de l&rsquo;image # Build &hellip; <a href=\"https:\/\/www.unicoda.com\/?p=4384\" class=\"more-link\">Continuer la lecture<span class=\"screen-reader-text\"> de &laquo;&nbsp;Utiliser buildah dans Cloud Build&nbsp;&raquo;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[562,564,565,563],"class_list":["post-4384","post","type-post","status-publish","format-standard","hentry","category-code","tag-buildah","tag-cloud-build","tag-container-registry","tag-gcp"],"_links":{"self":[{"href":"https:\/\/www.unicoda.com\/index.php?rest_route=\/wp\/v2\/posts\/4384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.unicoda.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.unicoda.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.unicoda.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.unicoda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4384"}],"version-history":[{"count":3,"href":"https:\/\/www.unicoda.com\/index.php?rest_route=\/wp\/v2\/posts\/4384\/revisions"}],"predecessor-version":[{"id":4480,"href":"https:\/\/www.unicoda.com\/index.php?rest_route=\/wp\/v2\/posts\/4384\/revisions\/4480"}],"wp:attachment":[{"href":"https:\/\/www.unicoda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.unicoda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.unicoda.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}