So, here is the thing, I have a microservice which I would like to use as a service in my pipeline. The integration step sends messages through an amqp queue to the optistore service who perform something, then it responds to the integration step using the same queue. Integration step performs the assertions.
My pipeline definition looks like this:
pipeline:
integration:
image: golang
environment:
RABBITCONN: amqp://integration_user:integration_password@rabbitmq:5672/integration
DATABASE_URL: 'host=postgres port=5432 user=random_username password=random_password dbname=test_db sslmode=disable'
DATABASE_TYPE: postgres
commands:
- ./scripts/setup.sh
publish-to-gcr:
image: plugins/gcr
repo: project/container
tags: ${DRONE_COMMIT}
json_key: a_long_key_comes_here
when:
branch: [ master ]
event: [ push, success ]
services:
optistore:
image: gcr.io/project/container:latest
auth_config:
username: _json_key
password: ${GOOGLE_KEY}
email: ${GOOGLE_GCR_EMAIL}
rabbitmq:
image: rabbitmq:3.7.3-management-alpine
environment:
RABBITMQ_DEFAULT_USER: integration_user
RABBITMQ_DEFAULT_PASS: integration_password
RABBITMQ_DEFAULT_VHOST: integration
Drone shows the following error:
Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
I’m quite concerned about GOOGLE_KEY and GOOGLE_GCR_EMAIL. I am afraid I don’t understand which data should I put here.
At GOOGLE_GCR_EMAIL: I have already tried creating the secret at the drone UI, and fill it with the data provided in the key client_email found in service_account.json generated in GCP.
And at GOOGLE_KEY: I tried copying and pasting the content of the service_account.json, also I tried using the same key I used in the publish-to-gcr (which is working).
Any help or tip would be appreciated.