Automating pushing parts of a git repo to google c

2019-05-18 08:23发布

站内问答 / 前沿技术
922 1 4

In setting this up, my thinking was that I'd work on my repo and have it privately stored with Gitlab. I'd then create a .gitlab-ci.yml file which on every push it would trigger a push to a Google Source Repo which triggers actions to update the project's bucket.

I went through the Generating Static Credentials guide which seems to link to a very antiquated page to which instructs you to create a .gitcookies file which will store your static credentials. I don't understand what it's giving me or how I can put those as a secret into Gitlab to use to trigger a push to a remote git repo.

This approach seems simpler given I didn't have to create credentials since everything in the GCR has appropriate access to that gcloud project but I may be totally off base here. But on the flip side, creating static credentials that I'd store in Gitlab which could then sync to the gcloud storage bucket didn't seem entirely possible to me from the documentation.

  1. Is what I'm trying to do possible?
  2. Is it actually easier to just create custom push-only credentials and have a Gitlab runner handle the bucket syncing?

Thank you!

1条回答
小情绪 Triste *
2楼-- · 2019-05-18 09:08

If you have access to your own GitLab server, you could instead make sure git is using a credential helper, which will cache your credentials on the server side.
Or make the same operation on the GitLab build agent machine.

on Linux or MacOS X):

git config credential.helper gcloud.sh

Or on Windows:

git config credential.helper gcloud.cmd

If not (meaning gitlab.com, no control/access to GitLab server/agent), you would need to include a script that will generate that gitcookie file in the sources of your repo, encrypted.
See for instance mholt/caddy/dist/gitcookie.sh.enc, which is used by mholt/caddy/.travis.yml#L17 in TravisCI (but can be adapted to GitLab CI)

  #Decrypts a script that installs an authenticated cookie
  # for git to use when cloning from googlesource.com.
  # Bypasses "bandwidth limit exceeded" errors.
  # See github.com/golang/go/issues/12933
 - if [ "$TRAVIS_PULL_REQUEST" = "false" ]; 
     then openssl aes-256-cbc -K $encrypted_3df18f9af81d_key \
      -iv $encrypted_3df18f9af81d_iv \
      -in dist/gitcookie.sh.enc -out dist/gitcookie.sh -d; fi

The $encrypted_3df18f9af81d_key and $encrypted_3df18f9af81d_iv would be passed to the build at runtime.
That is because TravisCI supports passing encrypted variables.
Similarly, GitLab-CI offers protected variables.

Example of a gitcookie.sh:

#!/bin/sh

touch ~/.gitcookies
chmod 0600 ~/.gitcookies
git config --global http.cookiefile ~/.gitcookies

tr , \\t <<\__END__ >>~/.gitcookies
go.googlesource.com,FALSE,/,TRUE,1234...(customid),o,git-shenli.pingcap.com=1/afgrd....(secret)
go-review.googlesource.com,FALSE,/,TRUE,1234...(customid),o,git-shenli.pingcap.com=1/afgrd....(secret)
__END__
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)