【发布时间】:2022-02-14 22:57:40
【问题描述】:
感谢您的所有回复,我仍然面临这个问题,只是为了更加清楚,我已经提供了 cloudbuild.yaml 和 build.gradle 的所有详细信息以及关键属性详细信息,请让我知道配置是否正确,并让我知道如何解决 JKS 问题。
我正在使用 GCP 将 CI\CD 管道集成到一个颤振项目中,我试图将其存储在 google secret manager 中并从代码内部调用它,但它给出了一个错误,说 secret env变量不能是非 UTF-8 格式。
所以我尝试了几件事,
-
我尝试将 .JKS 文件转换为可查看的 txt 文件 - 之后它给了我一个错误,说秘密 env 变量不能有空值。
-
我尝试将 JKS 文件存储在云存储中 - 但即使我提供了链接和所有必要的云构建权限,代码也无法获取 JKS 的内容。
请在 GCP 中建议一些修复或替代存储区域。
为了更清楚,我添加了代码。 -------------------------------------------------- ------------------------------------
方法 1:尝试从 SECRET MANAGER 访问 JKS 文件
Secret Manager KEY VALUE structure
key value
KEYSTORE_PASSWORD xxxxxxxxxxxx
KEY_PASSWORD xxxxxxxxxxxx
KEY_ALIAS upload
JKS fe ed fe ed 00 00 00.....
build.sh
cd /workspace/$1
VERSION_NAME=$(git describe)
VERSION_CODE=$(git rev-list --count master)
flutter build apk --build-name=$VERSION_NAME --build-number=$VERSION_CODE
cloudbuild.yaml:
# Flutter CD configuration file with Cloud build
steps:
# clone the latest source codes
- name: 'gcr.io/cloud-builders/git'
args: ['clone', 'https://XXXXX:ACCOUNT_PASSWORD@bitbucket.org/XXXXXXXX/XX.git']
dir: '/workspace'
# using flutter builder Docker image we have built previously to compile the repo
- name: 'gcr.io/$PROJECT_ID/flutter'
entrypoint: 'bash'
args: [ 'build.sh']
secretEnv: ['KEYSTORE_PASSWORD','KEY_PASSWORD', 'KEY_ALIAS', 'JKS']
# Push the APK Output to your GCS Bucket with Short Commit SHA.
- name: 'gcr.io/cloud-builders/gsutil'
args: [ 'cp', 'build/app/outputs/flutter-apk/app-release.apk', 'gs://BUCKET_NAME' ]
availableSecrets:
secretManager:
- versionName: projects/xxxxxx/secrets/KEYSTORE_PASSWORD/versions/1
env: 'KEYSTORE_PASSWORD'
- versionName: projects/xxxxxxx/secrets/KEY_PASSWORD/versions/1
env: 'KEY_PASSWORD'
- versionName: projects/xxxxxx/secrets/KEY_ALIAS/versions/1
env: 'KEY_ALIAS'
- versionName: projects/xxxxxxx/secrets/upload-keystore-jks/versions/1
env: 'JKS'
build.gradle:
def localProperties = new Properties()
def localPropertiesFile = rootProject.file('local.properties')
if (localPropertiesFile.exists()) {
localPropertiesFile.withReader('UTF-8') { reader ->
localProperties.load(reader)
}
}
def flutterRoot = localProperties.getProperty('flutter.sdk')
if (flutterRoot == null) {
throw new GradleException("Flutter SDK not found. Define location with flutter.sdk in the local.properties file.")
}
def flutterVersionCode = localProperties.getProperty('flutter.versionCode')
if (flutterVersionCode == null) {
flutterVersionCode = '1'
}
def flutterVersionName = localProperties.getProperty('flutter.versionName')
if (flutterVersionName == null) {
flutterVersionName = '1.0'
}
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
android {
compileSdkVersion flutter.compileSdkVersion
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = '1.8'
}
sourceSets {
main.java.srcDirs += 'src/main/kotlin'
}
defaultConfig {
// TODO: Specify your own unique Application ID (https://developer.android.com/studio/build/application-id.html).
applicationId "com.XXX.XXX"
minSdkVersion flutter.minSdkVersion
targetSdkVersion flutter.targetSdkVersion
versionCode flutterVersionCode.toInteger()
versionName flutterVersionName
}
signingConfigs {
release {
keyAlias System.getenv("KEY_ALIAS")
keyPassword System.getenv("KEY_PASSWORD")
storePassword System.getenv("KEYSTORE_PASSWORD")
storeFile System.getenv("JKS")
}
}
buildTypes {
release {
signingConfig signingConfigs.release
}
}
}
flutter {
source '../..'
}
dependencies {
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
}
ERROR
==============================================================================================================
build step 1 "gcr.io/buildtrial-1/flutter" failed: secret projects/xxxxxxx/secrets/upload-keystore-jks/versions/1 value is not valid UTF-8
==============================================================================================================
NOTE:
1.build.gradle file is same for both the approches, as the JKS variable name is conssistent in both the approches
2. I've verified that, 'KEYSTORE_PASSWORD','KEY_PASSWORD', 'KEY_ALIAS' is working properly, only problem is with accessing JKS file in both the approches.
----------------------------------- ----------------------------------------------------------------------------- -------------------------------------------------- -------------------------------------------------- -----
方法 2:尝试从云存储访问 JKS 文件。
cloudbuild.yaml:
# Flutter CD configuration file with Cloud build
steps:
# clone the latest source codes
- name: 'gcr.io/cloud-builders/git'
args: ['clone', 'https://XXXXX:ACCOUNT_PASSWORD@bitbucket.org/XXXXXXXX/XX.git']
dir: '/workspace'
#accessing the JKS file stored in cloud storage through environment variable
- name: 'gcr.io/cloud-builders/gsutil'
env:
- 'JKS=gs://BUCKET_NAME/KEYSTORE.jks'
# using flutter builder Docker image we have built previously to compile the repo
- name: 'gcr.io/$PROJECT_ID/flutter'
entrypoint: 'bash'
args: [ 'build.sh']
secretEnv: ['KEYSTORE_PASSWORD','KEY_PASSWORD', 'KEY_ALIAS']
# Push the APK Output to your GCS Bucket with Short Commit SHA.
- name: 'gcr.io/cloud-builders/gsutil'
args: [ 'cp', 'build/app/outputs/flutter-apk/app-release.apk', 'gs://BUCKET_NAME' ]
availableSecrets:
secretManager:
- versionName: projects/xxxxxx/secrets/KEYSTORE_PASSWORD/versions/1
env: 'KEYSTORE_PASSWORD'
- versionName: projects/xxxxxxx/secrets/KEY_PASSWORD/versions/1
env: 'KEY_PASSWORD'
- versionName: projects/xxxxxx/secrets/KEY_ALIAS/versions/1
env: 'KEY_ALIAS'
================================================ =============================== 错误
Step #2: Execution failed for task ':app:validateSigningRelease'.
Step #2: > Keystore file not set for signing config release
================================================ ===============================
【问题讨论】:
-
看来JKS是二进制格式,所以必须以二进制形式存储。感觉就像您必须将 JKS 提取到可以使用它的“本地文件”中。您能否详细说明您如何从源代码构建您的应用程序以及 JKS 文件应该在哪里找到?
-
感谢您的回复。我已附上详细信息,请查看并提出修复建议。
-
你的build.sh文件中的JKS相关部分也可以分享吗?第一种方法可行,第二种不行(我将在稍后更新我的答案中解释)
-
上面我已经添加了build.sh,但是我没有为build.sh中的JKS文件写任何东西。我应该添加一些东西吗?如有请注明。
标签: flutter google-cloud-platform google-cloud-storage jks google-secret-manager