[Proposal] - Allow passing custom GCB build config (KMS, secrets, steps, config)

[ss-vdav-debug]

While trying to review the possibility to implement the development workflows with Skaffold,
I found that currently there is no secure way to pass encrypted credentials.

For many companies it is required to be able to follow KMS based key decryption
https://cloud.google.com/cloud-build/docs/access-private-github-repos

Expected behavior

Actual behavior

Information

• Skaffold version: 0.18.0
• Operating system: All
• Contents of typical build configuration within GCB:

timeout: 1200s
images: ['${_IMAGE}']
steps:
- name: 'gcr.io/cloud-builders/docker'
  entrypoint: 'bash'
  args: ['-c', 'docker build --build-arg GITHUB_PRIVATE_KEY="$$GITHUB_PRIVATE_KEY" -t ${_IMAGE} .']
  secretEnv: ['GITHUB_PRIVATE_KEY']
options:
 logging: GCS_ONLY
secrets:
- kmsKeyName: <<<KEY>>>
  secretEnv:
    GITHUB_PRIVATE_KEY: <<<PRIVATE_KEY>>>

Steps to reproduce the behavior

Try to follow KMS build workflow.

[roychowdhuryrohit-dev]

I would like skaffold to use the local cloudbuild.yaml instead of it's own stanza as Google Cloud Build supports additional options and tags.

[Place1]

This sounds related to #543

[priyawadhwa]

@roychowdhuryrohit-dev we just added support for custom builders with skaffold, which should solve your use case.

Here's an example using a custom build script and associated docs. If you end up trying it out, please open an issue if you run into any trouble, and let us know if it works for you!

[tstromberg]

Thank you for the idea! I

I'm closing this issue as it's been open a while, and no one has yet stated an interest in addressing it. If you feels strongly about this issue, feel free to comment here or re-raise an issue referencing this one.