[英]Google Cloud Build - Summary status shows FAILURE, all steps succeded
I've setup a Google Cloud Build pipeline that'll build a docker image from a Dockerfile, test the image and push the image into Google Container Registry.我已经设置了一个 Google Cloud Build 管道,它将从 Dockerfile 构建 docker 映像,测试映像并将映像推送到 Google Container Registry。
Upon running the pipeline I noticed that all defined steps passed with SUCCESS
status but the build summary itself returned with FAILURE
status even though I can see the image being produced into Google Container Registry.在运行管道时,我注意到所有定义的步骤都以SUCCESS
状态通过,但构建摘要本身返回FAILURE
状态,即使我可以看到正在生成到 Google Container Registry 中的图像。
I used following command to build the image我使用以下命令来构建图像
gcloud builds submit --config cloudbuild.yml --gcs-log-dir 'gs://<bucket>' .
and below is the error message returned:以下是返回的错误消息:
ERROR: (gcloud.builds.submit) build www-xxxx-yyyy-zzzz completed with status "FAILURE"
🚨 Error: The command exited with status 1
Is there any reason for the gcloud builds submit
command to exit with code 1
as above if all the steps were marked as SUCCESS
?如果所有步骤都标记为SUCCESS
, gcloud builds submit
命令是否有任何理由以上述代码1
退出?
Below is some filtered log data taken from gcloud builds describe
command for that specific build.下面是从gcloud builds describe
命令获取的一些过滤日志数据,用于该特定构建。
steps:
- args:
- build
- -t
- <host>/<project/<image>:<tag>
- .
name: gcr.io/cloud-builders/docker
status: SUCCESS
- args:
- test
- --image
- <host>/<project/<image>:<tag>
- --config
- test_config.yml
- -o
- json
name: gcr.io/gcp-runtimes/container-structure-test
status: SUCCESS
Below is Google Cloud Build setup:以下是 Google Cloud Build 设置:
# cloudbuild.yml
steps:
# Build the image
- name: 'gcr.io/cloud-builders/docker'
args: [ 'build', '-t', '<host>/<project/<image>:<tag>', '.' ]
# Test the image
- name: 'gcr.io/gcp-runtimes/container-structure-test'
args: [
'test',
'--image',
'<host>/<project/<image>:<tag>',
'--config',
'test_config.yml',
'-o',
'json'
]
# Push the image
images: [ '<host>/<project/<image>:<tag>' ]
I've finally resolved this issue with the assistance of Google Cloud support team.在 Google Cloud 支持团队的帮助下,我终于解决了这个问题。
They found out a 403 Permission Denied
error as the Cloud Build container trying to access Google Cloud Storage to delete a certain log object stored in the bucket, this error message is found at the back system of Cloud Build where users/clients have no access to.他们发现403 Permission Denied
错误,因为 Cloud Build 容器试图访问 Google Cloud Storage 以删除存储在存储桶中的某个日志 object,此错误消息在 Cloud Build 的后端系统中找到,用户/客户无权访问. The 403 Permission Denied
error is the result of the object retention policy applied to the bucket. 403 Permission Denied
错误是应用到存储桶的 object 保留策略的结果。
In my case, I've replaced retention policy with lifecycle policy to resolve this issue and it worked.就我而言,我已将保留策略替换为生命周期策略来解决此问题,并且效果很好。 We do this as we consider keeping Cloud Build log size under control is our primary objective and, to prevent any accidental deletion/modification to the log file, we ended up with setting read-only access to the resources in the log bucket except for the service account used by Cloud Build.我们这样做是因为我们认为控制 Cloud Build 日志大小是我们的主要目标,并且为了防止对日志文件的任何意外删除/修改,我们最终设置了对日志存储桶中资源的只读访问权限,除了Cloud Build 使用的服务帐号。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.