我正试图在Cloud Build步骤中使用exec-wrapper来运行Cloud SQL Proxy,并运行Node脚本来执行自定义数据库迁移。以下是我的云构建配置:
steps:
- name: gcr.io/cloud-builders/docker
args: ['build', '-t', 'gcr.io/$PROJECT_ID/api-stg', '.']
- name: gcr.io/cloud-builders/docker
args: ['push', 'gcr.io/$PROJECT_ID/api-stg']
- name: gcr.io/cloud-builders/gcloud
args: ['app', 'deploy', 'app-stg.yaml', '--image-url=gcr.io/$PROJECT_ID/api-stg']
- name: "gcr.io/google-appengine/exec-wrapper"
args: ["-i", "gcr.io/$PROJECT_ID/api-stg",
"-s", "$PROJECT_ID:us-central1:<Cloud SQL Instance Name>",
"--", "scripts/management/custom_migration"]
images: ['gcr.io/$PROJECT_ID/api-stg']
timeout: 1200s # 20 minutes
在我的custom_migration.js文件中,我有这样的东西:
const {Storage} = require('@google-cloud/storage');
const storage = new Storage();
const bucket = storage.bucket(BUCKET_NAME);
const file = await bucket.file(key);
const result = await new Promise(resolve => file.download((err, data) => {...}));
...
这导致google-auth-library出现以下错误:
Error: The file at /root/.google/credentials does not exist, or it is not a file.
Error: ENOENT: no such file or directory, lstat '/root/.google'
当部署在新版本中时,My App Engine Flexible环境能够运行此代码,但云构建步骤中的相同代码没有正确认证。如何允许exec包装器使用我的AppEngineFlexible环境的默认凭据?
此步骤适用于我的
steps:
- name: 'node:14-alpine'
entrypoint: 'sh'
args:
- -c
- |
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy
./cloud_sql_proxy -instances=my-project-id:us-central1:vertx=tcp:5432 &
npm install @google-cloud/storage pg
node index-test.js
因为我不知道你的自定义容器的内容,你可以尝试调整像这个这样的东西
steps:
- name: 'gcr.io/$PROJECT_ID/api-stg'
entrypoint: 'sh'
args:
- -c
- |
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy
./cloud_sql_proxy -instances=my-project-id:us-central1:vertx=tcp:5432 &
npm install @google-cloud/storage pg
node scripts/management/custom_migration
关于标准库的问题,我的假设是AppEngine环境和Cloud Build环境之间的冲突。
如果你查看了Google Auth库,你可以看到一个应用程序引擎凭据的案例,以及另一个计算凭据的案例。该计算在任何谷歌云服务(云运行、云功能、计算引擎、云构建…(上都是标准使用的,但应用程序引擎有其特殊性。