4

On my cloudbuild.yaml definition, I used to have a secrets section to get environment values from Google KMS. The secretEnv fields had keys mapping to 'encrypted + base64-encoded' values:

...

secrets:
- kmsKeyName: <API_PATH>
  secretEnv:
    <KEY>: <ENCRYPTED+BASE64>

I've tried to put this value on a substitution instead, which is replaced when a build trigger is used:

...

secrets:
- kmsKeyName: <API_PATH>
  secretEnv:
    <KEY>: ${_VALUE}

With that I intend to keep the file generic.

However, the build process keeps failing with a message failed unmarshalling build config cloudbuild.yaml: illegal base64 data at input byte 0. I've checked several times and the base64 value was not copied wrong into the substitution on the trigger.

Thank you in advance.

Márcio Jales
  • 205
  • 1
  • 8

2 Answers2

3

https://cloud.google.com/cloud-build/docs/configuring-builds/substitute-variable-values

After reading Using user-defined substitutions section carefully, I've seen that

The length of a parameter key is limited to 100 bytes and the length of a parameter value is limited to 4000 bytes.

Mine was a 253-character long string.

intotecho
  • 4,925
  • 3
  • 39
  • 54
Márcio Jales
  • 205
  • 1
  • 8
0

I managed to reproduce a similar error to yours (exactly this one: "Failed to trigger build: failed unmarshalling build config cloudbuild.yaml: json: cannot unmarshal string into Go value of type map[string]json.RawMessage, it is because using"). But this was only when my variable was something like "name:content" instead of "name: content". Notice the white space, so important.

Then, going back to your point... user-defined substitutions are limited to 255 characters (yes, docs are currently wrong and this has been reported). But, for example, if you use something like:

substitutions:
    variable_name: cool_really_long_content_but_still_no_255_chars

And then you do this:

steps:
- name: "gcr.io/cloud-builders/docker"
  args: ["build", "-t", "gcr.io/$PROJECT_ID/$cool_really_long_content_but_still_no_255_chars", "."]

It still will fail if "gcr.io/$PROJECT_ID/$cool_really_long_content_but_still_no_255_chars" is, in fact, more than 255 chars even if your really long content is still not 255 chars. And this error will appear in Build details>Logs instead of being a popup that you see when you click "run trigger" in "build triggers" section on Google Cloud Build which is where the kind of the reported error appears since logs in that case are showing disabled in Build details section.

Temu
  • 859
  • 4
  • 11