Search code examples
google-app-enginebitbucket-pipelines

Bitbucket cannot load google cloud key file

Bitbucket doesn't read my base64 encoded json file with Google cloud service key. I have successfully encoded and then decoded the same file myself, that Bitbucket tries to decode. But Bitbucket fails to do it with base64: invalid input error. Here is the full error message:

Status: Downloaded newer image for bitbucketpipelines/google-app-engine-deploy:0.6.1
INFO: Setting up environment.
echo "${KEY_FILE}" | base64 -d >> /tmp/key-file.json
base64: invalid input
gcloud auth activate-service-account --key-file /tmp/key-file.json --quiet --verbosity=warning
ERROR: (gcloud.auth.activate-service-account) Could not read json file /tmp/key-file.json: Unterminated string starting at: line 3 column 17 (char 49)
gcloud config set project wowzers --quiet --verbosity=warning
Updated property [core/project].
INFO: Starting deployment to GCP app engine...
gcloud app --quiet deploy app.yaml --version=14 --promote --stop-previous-version --verbosity=debug --quiet --verbosity=warning
ERROR: (gcloud.app.deploy) You do not currently have an active account selected.

As I understand it fails here, on "project_id": ". Decoded file looks like this:

{
  "type": "service_account",
  "project_id": "project-318",
  "private_key_id": "...",
  ...
}

I have tried to feed my base64 encoded key file firstly through environment variable and then through file. But with the same error. When it cannot extract JSON bitbucket writes this error: ERROR: (gcloud.auth.activate-service-account) Could not read json file /tmp/key-file.json: No JSON object could be decoded

Solution

  • Turns out that the key file from google cloud contains newline symbols: \n. So result base64 encoded file also looked like this:

    HhsUUrAkupWJ6vdesSRHwNhnPpgxByYT7z7HVBEPsrUpjLWdX6TQm4pHNJydsC34F
RvVYyBAedgLhWPPGPvU6UBJww3aNxQnJS95ZvKDBuNr5CNTtAgh6EgsattRrZtawH
fjphVs82UWZZFq3JUeGwGdTs88XWu6ejaPYZknnD94W7pU6Ds8vJHGhAnBw9FtkrA
gjp4UFZN2Yg9KJFSrTfFA6dUsp2dPVN6VzVfpqJzGrxbFBjWQAp4zK5TXhJaN4zDr
.....

    But in order to pass it to Bitbucket you need to have it all in one line:

    HhsUUrAkupWJ6vdesSRHwNhnPpgxByYT7z7HVBEPsrUpjLWdX6TQm4pHNJydsC34FRvVYyBAedgLhWPPGPvU6UBJww3aNxQnJS95ZvKDBuNr5CNTtAgh6EgsattRrZtawHfjphVs82UWZZFq3JUeGwGdTs88XWu6ejaPYZknnD94W7pU6Ds8vJHGhAnBw9FtkrAgjp4UFZN2Yg9KJFSrTfFA6dUsp2dPVN6VzVfpqJzGrxbFBjWQAp4zK5TXhJaN4zDr....

    After I manually removed new line symbols it gave success message: Activated service account credentials for: [project]