deploy-cloudrun icon indicating copy to clipboard operation
deploy-cloudrun copied to clipboard

Published 20 hours ago verified publisher icon google-github-actions

Cloud run secrets via fails to mount two versions in the same directory

Open swantzter opened this issue 3 years ago • 0 comments

  • TL;DR

I tried mounting both version 1 and 2 of a secret into /secret/1.txt=secretname:1,/secret/2.txt=secretname:2, but only 2 got mounted

Expected behavior I expected the follwoing resulting yaml being deployed:

spec:
  template:
    spec:
      containers:
      - image: gcr.io/...
        volumeMounts:
        - name: secretname-gic-tar-haq
          readOnly: true
          mountPath: /secret
      volumes:
      - name:  secretname-gic-tar-haq
        secret:
          secretName: secretname
          items:
          - key: '1'
            path: 1.txt
          - key: '1'
            path: 2.txt

Observed behavior

Container failed to start and the following error was logged:

Could not open file at path /secret/1.txt. The path is in a mounted secrets volume, but the exact path does not correspond to any secret specified in the mount configuration.

Reproduction

Action YAML

name: Build and Deploy to Cloud Run

on:
  push:
    branches:
      - main

env:
  PROJECT_ID: ${{ secrets.GCP_PROJECT }}
  SERVICE: ropescore-api
  REGION: europe-west1

jobs:
  setup-build-publish-deploy:
    name: Setup, Build, Publish, and Deploy
    runs-on: ubuntu-latest
    environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v2

    # Setup gcloud CLI
    - uses: google-github-actions/[email protected]
      with:
        service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT }}
        project_id: ${{ secrets.GCP_PROJECT }}
        export_default_credentials: true

    # Configure Docker to use the gcloud command-line tool as a credential
    # helper for authentication
    - name: Authorize Docker push
      run: gcloud auth configure-docker

    # Build the Docker image
    - name: Build
      run: |-
        docker build \
          --tag "gcr.io/$PROJECT_ID/$SERVICE:$GITHUB_SHA" \
          --build-arg GITHUB_SHA="$GITHUB_SHA" \
          --build-arg GITHUB_REF="$GITHUB_REF" \
          .

    # Push the Docker image to Google Container Registry
    - name: Publish
      run: |-
        docker push "gcr.io/$PROJECT_ID/$SERVICE:$GITHUB_SHA"

    - name: Deploy to Cloud Run
      id: deploy
      uses: google-github-actions/[email protected]
      with:
        service: ${{ env.SERVICE }}
        image: gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}
        region: ${{ env.REGION }}
        env_vars: SENTRY_DSN=${{ secrets.SENTRY_DSN }},GCP_PROJECT=${{ secrets.GCP_PROJECT }},JWT_ALG=ES256,JWT_PRIVKEY_PATH=${{ secrets.JWT_PRIVKEY_PATH }},JWT_PUBKEY_PATH=${{ secrets.JWT_PUBKEY_PATH }}
        secrets: ${{ secrets.JWT_PRIVKEY_PATH }}=${{ secrets.JWT_PRIVKEY_SECRET }},${{ secrets.JWT_PUBKEY_PATH }}=${{ secrets.JWT_PUBKEY_SECRET }}
        flags: --max-instances=1

    - name: Show Output
      run: echo ${{ steps.deploy.outputs.url }}

Repository https://github.com/RopeScore/api.ropescore.app/blob/main/.github/workflows/cloud-run.yml

swantzter avatar Jun 14 '21 22:06 swantzter