Skip to content

CLI Setup Instructions for Docker CI/CD

This guide shows how to use the automated setup script to configure all secrets using gcloud, gh, and kubectl CLI tools.

Quick Start

Run the automated setup script:

./setup-docker-ci-secrets.sh

The script will guide you through the entire setup process interactively.

Prerequisites

Before running the script, ensure you have these CLI tools installed:

1. Google Cloud SDK (gcloud)

# macOS
brew install --cask google-cloud-sdk

# Linux
curl https://sdk.cloud.google.com | bash
exec -l $SHELL

# Verify installation
gcloud --version

2. GitHub CLI (gh)

# macOS
brew install gh

# Linux/Windows
# Download from: https://cli.github.com/

# Verify installation
gh --version

3. kubectl

# macOS
brew install kubectl

# Linux
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

# Verify installation
kubectl version --client

What the Script Does

The setup-docker-ci-secrets.sh script will:

  1. Check CLI tools - Verifies all required tools are installed
  2. Authenticate with Google Cloud - Sets up gcloud authentication
  3. Create service account - Creates github-actions-docker@kame-457417.iam.gserviceaccount.com
  4. Grant permissions - Adds Artifact Registry writer role
  5. Create service account key - Generates JSON key file
  6. Setup Artifact Registry - Creates kame-house-images repository if needed
  7. Authenticate with GitHub - Sets up gh CLI authentication
  8. Set GitHub secrets - Creates GCP_SERVICE_ACCOUNT_KEY secret
  9. Optional: Set DATABASE_URL - Prompts for database connection string
  10. Optional: Create Kubernetes secrets - Sets up Docker registry secret for deployments
  11. Cleanup - Securely removes local key files
  12. Verify setup - Tests all connections

Interactive Prompts

The script will ask you:

  • Do you need to authenticate with gcloud? (if not already authenticated)
  • Do you want to set a DATABASE_URL secret? (optional for build-time database access)
  • Do you want to create Kubernetes secrets for deployment? (optional, for pull secret)
  • Which kubectl context to use? (if setting up K8s secrets)
  • What namespace to use? (default: portfolio)
  • Delete local key file? (recommended for security)

Manual Commands (Alternative)

If you prefer to run commands manually instead of using the script:

Click to expand manual commands ### 1. Create Service Account 
gcloud iam service-accounts create github-actions-docker \
  --display-name="GitHub Actions Docker CI" \
  --description="Service account for GitHub Actions to push Docker images"
### 2. Grant Permissions 
gcloud projects add-iam-policy-binding kame-457417 \
  --member="serviceAccount:github-actions-docker@kame-457417.iam.gserviceaccount.com" \
  --role="roles/artifactregistry.writer"
### 3. Create Key 
gcloud iam service-accounts keys create github-actions-key.json \
  --iam-account=github-actions-docker@kame-457417.iam.gserviceaccount.com
### 4. Set GitHub Secret 
cat github-actions-key.json | gh secret set GCP_SERVICE_ACCOUNT_KEY \
  --repo="ianlintner/portfolio"
### 5. Clean Up 
rm github-actions-key.json

Verification

After running the script, verify the setup:

GitHub Secrets

gh secret list --repo="ianlintner/portfolio"

Google Cloud

gcloud iam service-accounts list --filter="github-actions-docker"
gcloud artifacts repositories list --location=us-central1

Test Docker Push (Local)

gcloud auth configure-docker us-central1-docker.pkg.dev
docker tag your-image:latest us-central1-docker.pkg.dev/kame-457417/kame-house-images/portfolio:test
docker push us-central1-docker.pkg.dev/kame-457417/kame-house-images/portfolio:test

Troubleshooting

Common Issues

gcloud not authenticated

gcloud auth login
gcloud config set project kame-457417

GitHub CLI not authenticated

gh auth login

Permission denied

# Ensure you have the necessary IAM permissions in the GCP project
# You need at least:
# - Service Account Admin
# - IAM Admin
# - Artifact Registry Admin

Script permission error

chmod +x setup-docker-ci-secrets.sh

Security Notes

  • The script creates minimal-privilege service accounts
  • Service account keys are automatically cleaned up
  • All secrets are stored securely in GitHub
  • The script follows Google Cloud security best practices

Next Steps

After running the setup script:

  1. Push code to main, develop, or staging branch
  2. Monitor the GitHub Actions workflow at: https://github.com/ianlintner/portfolio/actions
  3. Images will be available at: us-central1-docker.pkg.dev/kame-457417/kame-house-images/portfolio:tagname

The CI/CD pipeline is now fully configured and ready to build and push Docker images automatically!