Menu
I'm looking to setup a environment variables (they don't have to be encrypted) for Cloud Build.
env.sh
export GCP_PROJECT_ID=example
export GCP_KMS_KEYRING=example-secrets
export GCP_KMS_KEYNAME=example-identity
export GCP_KMS_ROLE=roles/cloudkms.cryptoKeyDecrypter
export GCP_KMS_KEY_ID=projects/$GCP_PROJECT_ID/locations/global/keyRings/$GCP_KMS_KEYRING/cryptoKeys/$GCP_KMS_KEYNAME
cloudbuild.yaml
steps:
# 1 Install Dependencies
- name: 'python'
id: Pip install
args: ['pip3', 'install', '-r', 'requirements.txt', '--user']
# 2 Set env variables for its execution
- name: 'ubuntu'
args: ['bash', 'scripts/env.sh']
# 3 Run Tests
- name: 'python'
args: ['python3', '-m', 'pytest', 'functions/test/']
Running step 2 does not set these properly. I get no errors when running the script, but later in my tests when I attempt to grab GCP_KMS_KEY_ID from os.env, I get an error. I understand I can set env: under the run tests step, but my project requires loading an env from a file.
What is the best practice to setting up environment variables?
932
You can set env variables and substitutions for the entire build as well instead of just build step. For your variables, I would suggest having a combo of substitutions and env variables.
steps:
- name: 'python'
entrypoint: 'bash'
args:
- '-c'
- |
# subs must being with _
echo $_NAME
echo $_GREETING
# env vars called with double $
echo $$MESSAGE
- name: 'ubuntu'
args: ['bash', '-c', 'echo $$MESSAGE']
substitutions:
_NAME: sam
_GREETING: hello
options:
env:
- MESSAGE=$_GREETING, $_NAME!
From your example, it could work to have
substitutions:
_GCP_PROJECT_ID: example
_GCP_KMS_KEYRING: example-secrets
_GCP_KMS_KEYNAME: example-identity
_GCP_KMS_ROLE: roles/cloudkms.cryptoKeyDecrypter
options:
env:
- GCP_KMS_KEY_ID=projects/$_GCP_PROJECT_ID/locations/global/keyRings/$_GCP_KMS_KEYRING/cryptoKeys/$_GCP_KMS_KEYNAME
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
