CI with Wercker, Google Container Registry and Kubernetes: Part 2

Pushing to a container registy

Google Container Registry is a private registry for docker images. We want to push our images there after building them in wercker so that we can easily pull them when we want to use them (i.e. when we are running them in Kubernetes).

We create a push pipeline using one of wercker’s internal steps, internal/docker-push.

Note: you need to create a service account on your google cloud project, so that wercker can use it to upload your images to the registry. Download the key you get after creating the service account, remove all newlines (the docker push step will fail with a weird error if there are newlines in the key) and then put it in an environment variable (GCR_JSON_KEY_FILE in the example)

push:
  steps:
    - internal/docker-push:
      registry: https://gcr.io
      username: _json_key
      password: $GCR_JSON_KEY_FILE
      repository: gcr.io/$GCR_PROJECT_NAME/$WERCKER_GIT_REPOSITORY

However, this alone will not work for our purposes because of the following reasons:

• The image being pushed is not tagged, it will be automatically tagged with ‘latest’ every time you push therefore pulling a specific version is going to be difficult. You can use the commit hash to pull images from gcr, but I prefer to tag master builds with my package.json’s version number
• There is no command specified for running the container, so it simply wont start up

We can fix the both problems by changing the pipeline to this:

push:
  steps:
    - script:
      name: export version to tag the image with
      code: |
        [ "$WERCKER_GIT_BRANCH" = "master" ] \
        && export PACKAGE_VERSION=$(node -p -e "require('./package.json').version") \
        || export PACKAGE_VERSION=development
    - internal/docker-push:
      registry: https://gcr.io
      username: _json_key
      password: $GCR_JSON_KEY_FILE
      repository: gcr.io/$GCR_PROJECT_NAME/$WERCKER_GIT_REPOSITORY
      tag: $PACKAGE_VERSION
      working-dir: $WERCKER_SOURCE_DIR
      cmd: npm start

The script step checks if the branch is master, and exports the package.json’s ‘version’ property as an environment variable.

The docker push step now has a tag, working-dir and cmd. The cmd property executes in the root folder / by default, so I had to add the working-dir property to the step to make it work (this property is not yet documented in worker’s docs but it works).

Now you can open wercker’s UI and add the pipeline after your build pipeline:

Same step, different evironment variables :D

Next we will add a pipeline to deploy our app to Kubernetes when build and push succeed, that will be part 3 of this series.