如何在bitbucket管道中将变量传递给凭据.json? [英] How to pass variables to credentials.json in bitbucket-pipelines?

问题描述

我正在使用bbrun模拟本地运行的管道.本质上，我需要的(不是问题)是在GCP上自动化terragrunt部署基础架构.因此，每次使用标签进行推送时，它都会部署特定的环境.

I am using bbrun to simulate the pipeline run locally. Essentially what I need (not the issue) is to automate terragrunt deployment of an infrastructure on GCP. So every time it's pushed with a tag it deploys a certain environment.

这是我的bitbucket-pipelines.yml(对bbrun进行了简化):

This is my bitbucket-pipelines.yml (simplified for bbrun):

image: alpine/terragrunt:latest

definitions:
  steps:
    - step: &terragrunt
        name: run terragrunt
        script:
            - cd ./env/dev
            - terragrunt validate-all


pipelines:
  default:
    - step: *terragrunt

当我有一个具有硬编码秘密的credentials.json文件(位于/env/dev中)时，当我使用bbrun运行此程序时，一切正常.那么，如何才能将变量添加到credits.json文件中，以使管道知道该文件中存在变量?

And everything works when I run this with bbrun when I have a credentials.json file (which is in /env/dev) that has a hardcoded secretes in it. So how can I add variables to the credentials.json file so that pipelines knows that there is a variable in that file?

例如，如果我在bitbucket-piplines控制台PRIVATE_KEY中添加一个secret变量我想让特拉格朗特读这行

For instance if I add a secrete variable in bitbucket-piplines console PRIVATE_KEY I want terragrunt to read this line

"private_key": "-----BEGIN PRIVATE KEY-----\${env:PRIVATE_KEY}\n-----END PRIVATE KEY-----\n",
#I also tried $PRIVATE_KEY and ${PRIVATE_KEY} when running bbrun with -e PRIVATE_KEY=***

在凭据.json中作为变量的值.

in credentials.json as a value of the variable.

我不确定bbrun是否在这里错误，并且bitbucket管道实际上会传递变量值，但是在使用变量运行时出现此错误:

I am not sure if bbrun is just wrong here and bitbucket pipelines would actually pass the variables value but I get this error when running with variables:

Error: Error in function call

---

Call to function "jsondecode" failed: invalid character '$' in string escape
code.

我也很累:

            variables:
              PRIVATE_KEY_ID: $PRIVATE_KEY_ID
              PRIVATE_KEY: $PRIVATE_KEY

没有用.

我还尝试使用envsubst命令编辑step脚本文件，该命令有效，但这似乎有点笨拙.

I also tried editing the file the the step script with envsubst command which works but this seems kinda dumb to use.

推荐答案

基本上您想运行

cat credentials.json | base64

，然后将命令的输出作为名为 CREDS 的变量的秘密值放入管道的存储库中，因此在管道的第一步中设置命令

and then put the output of the command as a secrete value of the variable named CREDS in the pipeline's repo so in the first step of the pipeline set the command

echo $CREDS | base64 -d > ./wherever/it/is/credentials.json 

别忘了使用工件，以便在需要时将文件保存用于下一步.

Don't forget to use artifacts so that the files is saved for the next step if needed.

这篇关于如何在bitbucket管道中将变量传递给凭据.json?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！