I am trying to push a Docker image to Google Cloud Registry via the GitLab ci pipeline.
The image builds but when its time to push to registry i get the following error.
denied: Token exchange failed for project 'xxx-dev01-xxxxx'. Org Policy Violated: 'eu' violates constraint 'constraints/gcp.resourceLocations'
.gitlab.yaml
deploy:dev:
allow_failure: true
extends:
- .prod
stage: Deploy
image: google/cloud-sdk
services:
- docker:dind
variables:
IMAGE_TAG: "eu.gcr.io/$PROJECT_ID/testapp"
before_script:
- echo $GCLOUD_SERVICE_KEY > ${HOME}/gcloud-service-key.json
- gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json
- gcloud config set project $DEV_PROJECT_ID
- gcloud auth configure-docker
- gcloud services enable containerregistry.googleapis.com
- docker login -u _json_key --password-stdin https://eu.gcr.io < ${HOME}/gcloud-service-key.json
script:
- docker build . -t "$IMAGE_TAG"
- docker push $IMAGE_TAG:latest
when: manual
It seems to violate one of your Organisation Policy, the "resource location" one.
According to the documentation, it looks like your company is preventing you to store data into this location (region).
https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations
You might want to try to change the eu.gcr.io with another one from this list.
https://cloud.google.com/container-registry/docs/pushing-and-pulling#add-registry