我有以下用于circleci构建的config.yml,它运行良好 它使用 aws-ecr 和 aws-ecs orbs。
version: 2.1
orbs:
aws-ecr: circleci/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="69081e1a440c0a1b29594759475b" rel="noreferrer noopener nofollow">[email protected]</a>
aws-ecs: circleci/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="caabbdb9e7afa9b98afae4fae4f9" rel="noreferrer noopener nofollow">[email protected]</a>
workflows:
build-deploy:
jobs:
- aws-ecr/build_and_push_image:
account-url: "myaccount.amazonaws.com"
repo: "my/repo"
region: us-east-1
tag: "${CIRCLE_BRANCH}"
filters:
branches:
only: mybranch
问题是此存储库包含一个 .gitmodules 文件,该文件拉入私有(private)子模块。 我似乎无法弄清楚如何覆盖/扩展 orb 来额外运行与
等效的circlecigit 子模块更新 --init
我尝试将其添加到 dockerfile 中,但后来我得到了
Permission denied (publickey).
fatal: Could not read from remote repository.
注意:dockerfile 在本地构建良好,因为本地 docker 自动注入(inject)我的 git key
我也尝试将 orb 作业重新配置为步骤,即
version: 2.1
orbs:
aws-ecr: circleci/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="89e8fefaa4eceafbc9b9a7b9a7bb" rel="noreferrer noopener nofollow">[email protected]</a>
aws-ecs: circleci/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fb9a8c88d69e9888bbcbd5cbd5c8" rel="noreferrer noopener nofollow">[email protected]</a>
workflows:
build-deploy:
jobs:
- lb_build_and_push_image:
steps:
- add_ssh_keys:
fingerprints:
- "my:fin:ger:print"
- aws-ecr/build_and_push_image:
account-url: "account.amazonaws.com"
repo: "my/repo-backend"
region: us-east-1
tag: "${CIRCLE_BRANCH}"
filters:
branches:
only: mybranch
...其中指纹来自 ssh 结帐 key 中的“用户 key ”。 我尝试过各种作业/步骤配置。
架构总是失败,并显示以下常见消息:
Error: ERROR IN CONFIG FILE:
[#/workflows/build-deploy/jobs/0] 0 subschemas matched instead of one
1. [#/workflows/build-deploy/jobs/0] expected type: String, found: Mapping
有没有人可以指导如何继续,正确的配置可能是什么,或者只是如何进行故障排除的一般指导? 非常感谢任何见解。
最佳答案
这是最终的解决方案。新版本的 aws-ecr orb 提供了步骤命令
version: 2.1
orbs:
aws-ecr: circleci/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="600117134d05031220544e504e51" rel="noreferrer noopener nofollow">[email protected]</a>
aws-ecs: circleci/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b3d2c4c09ed6d0c0f3839d839d80" rel="noreferrer noopener nofollow">[email protected]</a>
aws-cli: circleci/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="721305015f111e1b32425c435c43" rel="noreferrer noopener nofollow">[email protected]</a>
jobs:
build_and_push_image:
docker:
- image: circleci/python:3.7.1
steps:
- checkout
- run:
name: "Pull Submodules"
command: |
git submodule init
git submodule update --remote
- setup_remote_docker
- aws-ecr/build-image:
repo: "my/repo"
tag: "${CIRCLE_BRANCH}"
- aws-cli/install
- aws-ecr/ecr-login
- aws-ecr/push-image:
repo: "my/repo"
tag: "${CIRCLE_BRANCH}"
但是,这确实依赖于 aws orb 的更新,如果有其他方法可以解决此问题,我会很感兴趣,假设这些步骤没有作为命令公开
关于git-submodules - Circleci:带有 AWS ECR orb 的私有(private) git 子模块,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55956832/