How to download Docker image after a failed Cloud Build step

1
votes

I have a Cloud Build configuration with the following steps:

  1. Build a Docker image.
  2. Run some test on that image.
  3. Push the image to Container Registry.
  4. Do some more stuff.

The problem is that the build failed at the push step (number 3).
Is there any way to download the created docker image or to change the command (args) for step 3 so that push won't fail and so I can retry the build from the step 3?

steps:
- name: 'gcr.io/cloud-builders/docker'
  args: [
          'build',
          '--build-arg', 'base_image=${_DOCKER_BASE_IMAGE}',
          '--build-arg', 'cuda=${_CUDA}',
          '--build-arg', 'python_version=${_PYTHON_VERSION}',
          '--build-arg', 'cloud_build=true',
          '--build-arg', 'release_version=${_RELEASE_VERSION}',
          '-t', 'gcr.io/aluminiumponey/xla:${_IMAGE_NAME}',
          '-f', 'docker/Dockerfile', '.'
        ]
  timeout: 14400s
- name: 'gcr.io/cloud-builders/docker'
  entrypoint: bash
  args: ['-c', 'docker tag gcr.io/aluminiumponey/xla:${_IMAGE_NAME} gcr.io/repsmate/xla:${_IMAGE_NAME}_$(date -u +%Y%m%d)']
- name: 'gcr.io/cloud-builders/docker'
  args: ['push', 'gcr.io/aluminiumponey/xla']
  timeout: 1800s
- name: 'gcr.io/aluminiumponey/xla:${_IMAGE_NAME}'
  entrypoint: 'bash'
  args: ['-c', 'source /pytorch/xla/docker/common.sh && collect_wheels ${_RELEASE_VERSION}']

The push failed because I didn't had permissions to push to gcr.io.

2
google-cloud-platformgoogle-cloud-buildgoogle-container-registry
Please provide more details. 1) Show the relevant parts of your Cloud Build config. 2) Why did the push failed? Show some error logs. I'm not sure how you tagged the image.Dondi
See updated answear.Tarida George

2 Answers

1
votes

Cloud Build is a serverless environment and it is ephemeral. At the end of the build, the environment in cleaned up. So, NO, you can't get the container after the Cloud Build crash

However, you can imagine adding a new step between the step 1 and 2 (name it 1.5) to push the image to Google Container Registry (or the newest one Google Artifact Registry)

1
votes

I agree with @Guillaume with regards on how Cloud Build behaves and treat images after build time. As an addition, if the Cloud Build push fails on Container Registry due to permissions, then you are doing one of the following:

  • You are using a service account in one project to access Container Registry in a different project
  • You are using a default service account with read-only access to storage, but you want to both pull and push images
  • You are using a custom service account to interact with Container Registry

If that's the case, make sure that the service account you're using for Cloud Build has a Storage Admin role on the project where the Container Registry is located.

Reference:

https://cloud.google.com/container-registry/docs/access-control#general