0

I am trying to build a Cloud Run job with a trigger from Cloud Build and secrets from Secret Manager. I managed to get the trigger that I use to build my Dockerfile to run, but the build itself fails with the following error:

BUILD
Starting Step #0 - "build image"
Step #0 - "build image": Already have image (with digest): gcr.io/cloud-builders/docker
Step #0 - "build image": "docker build" requires exactly 1 argument.
Step #0 - "build image": See 'docker build --help'.
Step #0 - "build image": 
Step #0 - "build image": Usage:  docker build [OPTIONS] PATH | URL | -
Step #0 - "build image": 
Step #0 - "build image": Build an image from a Dockerfile
Finished Step #0 - "build image"
ERROR
ERROR: build step 0 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1

What I have already tried:

  1. Verified that there is a build directory in the command;
  2. Rearranged the order of build arguments just in case;
  3. I also tried breakout syntax (with '|' as one of the arguments), but it did not work out - the image was not built at all.
  4. UPDATED: I tried running the build without --build-args and it started actually building! Looks like a bug. Here is my cloudbuild.yaml:
steps:
  - id: "build image"
    name: "gcr.io/cloud-builders/docker"
    entrypoint: 'bash'
    args:
      ['-c', 'docker build --build-arg CONTAINER_PRIVATE_KEY=$$PRIVATE_KEY --build-arg CONTAINER_PUBLIC_KEY=$$PUBLIC_KEY -t gcr.io/${PROJECT_ID}/${_JOB_NAME} .']
    secretEnv: [ 'PRIVATE_KEY', 'PUBLIC_KEY' ]
  - id: "push image"
    name: "gcr.io/cloud-builders/docker"
    args: [ "push", "gcr.io/${PROJECT_ID}/${_JOB_NAME}" ]

  - id: "deploy to cloud run"
    name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
            [
              'beta', 'run', '${_JOB_NAME}',
              '--image', 'gcr.io/${PROJECT_ID}/${_JOB_NAME}',
              '--region', '${_REGION}',
              '--set-env-vars', "BUCKET=${_BUCKET}",
              '--set-env-vars', "MNT_DIR=${_MNT_DIR}"
            ]
images:
    - "gcr.io/${PROJECT_ID}/${_JOB_NAME}"
availableSecrets:
  secretManager:
    - versionName: "projects/${_PROJECT_ID_NUMBER}/secrets/${_CONTAINER_PRIVATE_KEY_SECRET_NAME}/versions/latest"
      env: "PRIVATE_KEY"
    - versionName: "projects/${_PROJECT_ID_NUMBER}/secrets/${_CONTAINER_PUBLIC_KEY_SECRET_NAME}/versions/latest"
      env: "PUBLIC_KEY"
Improve this question
11
  • Can you try with double quote " instead of simple '? Commented Dec 30, 2022 at 13:24
  • @guillaumeblaquiere tried changing quotes both in entrypoint and in args, didn't help, sadly. Same error Commented Dec 30, 2022 at 13:32
  • Hmmm, I think I already got this error. Can you try to display your secret content? I'm pretty sure you have a line return at the end. How did you create the secret? with the gcloud CLI? Commented Dec 30, 2022 at 13:36
  • I will try and check that now, but I created my secrets from gcloud CLI Commented Dec 30, 2022 at 13:38
  • @guillaumeblaquiere I have just echoed the contents of both secrets from secret manager (with gcloud secrets access etc) to my terminal and no, there seems to be no newline at the end of either one Commented Dec 30, 2022 at 13:40

1 Answer 1

Reset to default
2

So, after extensive testing and trying out various options I have managed to figure out what was causing the issue, below is the correct argument string (it goes in the args):

["-c", "docker build --build-arg 'CONTAINER_PRIVATE_KEY=$$PRIVATE_KEY' --build-arg 'CONTAINER_PUBLIC_KEY=$$PUBLIC_KEY' -t gcr.io/${PROJECT_ID}/${_JOB_NAME} ."]

The problem was lack of single quotes around build-args' values. Basically, in this context a build-arg value is a single string, not a key-value pair

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.