diff --git a/products/cloudbuild/api.yaml b/products/cloudbuild/api.yaml index ecd96549f0bd..2b7fcff8541d 100644 --- a/products/cloudbuild/api.yaml +++ b/products/cloudbuild/api.yaml @@ -58,6 +58,11 @@ objects: name: 'description' description: | Human-readable description of the trigger. + - !ruby/object:Api::Type::Array + name: 'tags' + item_type: Api::Type::String + description: | + Tags for annotation of a BuildTrigger - !ruby/object:Api::Type::Boolean name: 'disabled' description: | @@ -241,6 +246,77 @@ objects: description: | Contents of the build template. Either a filename or build template must be provided. properties: + - !ruby/object:Api::Type::NestedObject + name: 'source' + description: | + The location of the source files to build. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'storageSource' + description: | + Location of the source in an archive file in Google Cloud Storage. + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + required: true + description: | + Google Cloud Storage bucket containing the source. + - !ruby/object:Api::Type::String + name: 'object' + required: true + description: | + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + - !ruby/object:Api::Type::String + name: 'generation' + description: | + Google Cloud Storage generation for the object. + If the generation is omitted, the latest generation will be used + - !ruby/object:Api::Type::NestedObject + name: 'repoSource' + description: | + Location of the source in a Google Cloud Source Repository. + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + description: | + ID of the project that owns the Cloud Source Repository. + If omitted, the project ID requesting the build is assumed. + - !ruby/object:Api::Type::String + name: 'repoName' + required: true + description: | + Name of the Cloud Source Repository. + - !ruby/object:Api::Type::String + name: 'dir' + description: | + Directory, relative to the source root, in which to run the build. + This must be a relative path. If a step's dir is specified and is an absolute path, + this value is ignored for that step's execution. + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + Only trigger a build if the revision regex does NOT match the revision regex. + - !ruby/object:Api::Type::KeyValuePairs + name: 'substitutions' + description: | + Substitutions to use in a triggered build. Should only be used with triggers.run + - !ruby/object:Api::Type::String + name: 'branchName' + description: | + Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax + - !ruby/object:Api::Type::String + name: 'tagName' + description: | + Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax + - !ruby/object:Api::Type::String + name: 'commitSha' + description: | + Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided. - !ruby/object:Api::Type::Array name: 'tags' item_type: Api::Type::String @@ -254,6 +330,22 @@ objects: The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build status is marked FAILURE. + - !ruby/object:Api::Type::KeyValuePairs + name: 'substitutions' + description: | + Substitutions data for Build resource. + - !ruby/object:Api::Type::String + name: 'queueTtl' + description: | + TTL in queue for this build. If provided and the build is enqueued longer than this value, + the build will expire and the build status will be EXPIRED. + The TTL starts ticking from createTime. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::String + name: 'logsBucket' + description: | + Google Cloud Storage bucket where logs should be written. + Logs file names will be of the format ${logsBucket}/log-${build_id}.txt. - !ruby/object:Api::Type::String name: 'timeout' description: | @@ -263,6 +355,24 @@ objects: The expected format is the number of seconds followed by s. Default time is ten minutes (600s). default_value: '600s' + - !ruby/object:Api::Type::Array + name: 'secrets' + description: | + Secrets to decrypt using Cloud Key Management Service. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + required: true + description: | + Cloud KMS key name to use to decrypt these envs. + - !ruby/object:Api::Type::KeyValuePairs + name: 'secretEnv' + description: | + Map of environment variable name to its encrypted value. + Secret environment variables must be unique across all of a build's secrets, + and must be used by at least one build step. Values can be at most 64 KB in size. + There can be at most 100 secret values across all of a build's secrets. - !ruby/object:Api::Type::Array name: 'steps' required: true diff --git a/products/cloudbuild/terraform.yaml b/products/cloudbuild/terraform.yaml index c7449ecff0eb..c272ad3e8e32 100644 --- a/products/cloudbuild/terraform.yaml +++ b/products/cloudbuild/terraform.yaml @@ -23,6 +23,9 @@ overrides: !ruby/object:Overrides::ResourceOverrides - !ruby/object:Provider::Terraform::Examples name: "cloudbuild_trigger_filename" primary_resource_id: "filename-trigger" + - !ruby/object:Provider::Terraform::Examples + name: "cloudbuild_trigger_build" + primary_resource_id: "build-trigger" properties: id: !ruby/object:Overrides::Terraform::PropertyOverride name: 'trigger_id' @@ -30,6 +33,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides default_from_api: true build.steps: !ruby/object:Overrides::Terraform::PropertyOverride name: 'step' + build.secrets: !ruby/object:Overrides::Terraform::PropertyOverride + name: 'secret' + build.source: !ruby/object:Overrides::Terraform::PropertyOverride + description: | + {{description}} + One of `storageSource` or `repoSource` must be provided. triggerTemplate: !ruby/object:Overrides::Terraform::PropertyOverride description: | {{description}} diff --git a/templates/terraform/examples/cloudbuild_trigger_build.tf.erb b/templates/terraform/examples/cloudbuild_trigger_build.tf.erb new file mode 100644 index 000000000000..c2fa77c5f457 --- /dev/null +++ b/templates/terraform/examples/cloudbuild_trigger_build.tf.erb @@ -0,0 +1,34 @@ +resource "google_cloudbuild_trigger" "<%= ctx[:primary_resource_id] %>" { + trigger_template { + branch_name = "master" + repo_name = "my-repo" + } + + build { + step { + name = "gcr.io/cloud-builders/gsutil" + args = ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"] + timeout = "120s" + } + + source { + storage_source { + bucket = "mybucket" + object = "source_code.tar.gz" + } + } + tags = ["build", "newFeature"] + substitutions = { + _FOO = "bar" + _BAZ = "qux" + } + queue_ttl = "20s" + logs_bucket = "gs://mybucket/logs" + secret { + kms_key_name = "projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name" + secret_env = { + PASSWORD = "ZW5jcnlwdGVkLXBhc3N3b3JkCg==" + } + } + } +} diff --git a/third_party/terraform/tests/resource_cloudbuild_trigger_test.go b/third_party/terraform/tests/resource_cloudbuild_trigger_test.go index e00c347f4a62..218d02030d6f 100644 --- a/third_party/terraform/tests/resource_cloudbuild_trigger_test.go +++ b/third_party/terraform/tests/resource_cloudbuild_trigger_test.go @@ -248,6 +248,7 @@ resource "google_cloudbuild_trigger" "build_trigger" { args = ["test"] timeout = "300s" } + logs_bucket = "gs://mybucket/logs" } } `, name)