Example for usage in pipeline
Opened this issue · 9 comments
Can you please provide example or some documentation on how to use it declarative or scripted pipeline? I used as below,
#!groovy
node("master") {
stage ("List GCP Projects"){
withCredentials([[$class: 'FileBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_APPLICATION_CREDENTIALS']]) {
sh "gcloud projects list --sort-by=projectId --limit=5"
}
}
}
But it giving error like,
ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected
I also tried using as given in file https://github.com/jenkinsci/google-oauth-plugin/blob/develop/Jenkinsfile.google
withCredentials([[$class: 'StringBinding', credentialsId: 'my-project-id', variable: 'GOOGLE_CREDENTIALS']]) {
sh "gcloud projects list --sort-by=projectId --limit=5"
}
But above gave me error like,
ERROR: Credentials 'my-project-id' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.StringCredentials' was expected
Seconded, is there instructions anywhere on how to run gcloud commands with these credentials?
i am also facing the same issue
withCredentials([file(credentialsId: 'gcpgcr', variable: 'GC_KEY')]){
sh "cat '$GC_KEY' | docker login -u _json_key --password-stdin https://us.gcr.io"
sh "gcloud auth activate-service-account --key-file='$GC_KEY'"
sh "gcloud auth configure-docker"
GLOUD_AUTH = sh (
script: 'gcloud auth print-access-token',
returnStdout: true
).trim()
echo "Pushing image To GCR"
sh "docker push $REMOTE_GCR/gemalto/$name:$version"
}
error: Credentials 'gcpgcr' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected
Finished: FAILURE
any resolution will help us
@rkamisetti792 we're using the helper function from this gist:
https://gist.github.com/spmason/a53b646ab6219c788b8d04ad959ca940
with slight modifications (because the way credentials are stored might have changed since the time the gist was written):
import hudson.util.Secret
import com.cloudbees.plugins.credentials.CredentialsProvider
import com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials
import com.google.jenkins.plugins.credentials.oauth.GoogleOAuth2ScopeRequirement
@NonCPS
private def getCredentials(credentialsId) {
def build = currentBuild.rawBuild
CredentialsProvider.findCredentialById(
credentialsId,
GoogleRobotPrivateKeyCredentials.class,
build,
new GoogleOAuth2ScopeRequirement() {
@Override
public Collection<String> getScopes() {
return null;
}
}
);
}
private def writeKeyFile(jsonKey) {
def json
try {
json = Secret.decrypt(new String(jsonKey.getPlainData())).getPlainText()
} catch(Exception e) {
json = new String(jsonKey.getPlainData())
}
writeFile encoding: 'UTF-8', file: '.auth/gcloud.json', text: json
return pwd() + "/.auth/gcloud.json"
}
def call(projectId, credentialsId = null, body) {
if (!credentialsId) {
credentialsId = projectId
}
def serviceAccount = getCredentials(credentialsId).getServiceAccountConfig()
def keyFile = writeKeyFile(serviceAccount.getSecretJsonKey())
withEnv(["CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${keyFile}"]) {
try {
body()
} finally {
sh "rm ${keyFile}"
}
}
}
then use it:
withGCloudCredentials(PROJECT_ID) {
sh 'echo stuff'
}
If you don't want to use a shared library I made it working with:
withCredentials([[$class: 'FileBinding', credentialsId: 'XXXXXXXXX', variable: 'JSON_KEY']]) {
sh 'gcloud auth activate-service-account --key-file $JSON_KEY'
sh 'make yourstuff'
}
But I agree, I don't understand why such a plugin does not show how to simply use it :/ or I probably missed something but I mainly saw questions about usage.
FTR not able to make it work using @sneko approach +1 to provide instructions here
+1 on providing instructions about consuming the credentials-id in the jenking pipeline.
Adding notes that I also can't make @sneko solution works.
I got the following error message:
Credentials 'xxxx' is of type 'Google Service Account from private key' where 'org.jenkinsci.plugins.plaincredentials.FileCredentials' was expected
Changing $class: 'FileBinding'
to $class: 'FileCredentials'
also doesn't work.
You need to upload the JSON as a 'Secret file', not a 'Google Service Account from private key' File