REST Resource: projects.builds

Resource: Build

A build resource in the Cloud Build API.

At a high level, a Build describes where to find source code, how to build it (for example, the builder image to run on the source), and where to store the built artifacts.

Fields can include the following variables, which will be expanded when the build is created:

  • $PROJECT_ID: the project ID of the build.
  • $PROJECT_NUMBER: the project number of the build.
  • $LOCATION: the location/region of the build.
  • $BUILD_ID: the autogenerated ID of the build.
  • $REPO_NAME: the source repository name specified by RepoSource.
  • $BRANCH_NAME: the branch name specified by RepoSource.
  • $TAG_NAME: the tag name specified by RepoSource.
  • $REVISION_ID or $COMMIT_SHA: the commit SHA specified by RepoSource or resolved from the specified branch or tag.
  • $SHORT_SHA: first 7 characters of $REVISION_ID or $COMMIT_SHA.
JSON representation
{
  "name": string,
  "id": string,
  "projectId": string,
  "status": enum (Status),
  "statusDetail": string,
  "source": {
    object (Source)
  },
  "steps": [
    {
      object (BuildStep)
    }
  ],
  "results": {
    object (Results)
  },
  "createTime": string,
  "startTime": string,
  "finishTime": string,
  "timeout": string,
  "images": [
    string
  ],
  "queueTtl": string,
  "artifacts": {
    object (Artifacts)
  },
  "logsBucket": string,
  "sourceProvenance": {
    object (SourceProvenance)
  },
  "buildTriggerId": string,
  "options": {
    object (BuildOptions)
  },
  "logUrl": string,
  "substitutions": {
    string: string,
    ...
  },
  "tags": [
    string
  ],
  "secrets": [
    {
      object (Secret)
    }
  ],
  "timing": {
    string: {
      object (TimeSpan)
    },
    ...
  },
  "approval": {
    object (BuildApproval)
  },
  "serviceAccount": string,
  "availableSecrets": {
    object (Secrets)
  },
  "warnings": [
    {
      object (Warning)
    }
  ],
  "gitConfig": {
    object (GitConfig)
  },
  "failureInfo": {
    object (FailureInfo)
  }
}
Fields
name

string

Output only. The 'Build' name with format: projects/{project}/locations/{location}/builds/{build}, where {build} is a unique identifier generated by the service.

id

string

Output only. Unique identifier of the build.

projectId

string

Output only. ID of the project.

status

enum (Status)

Output only. Status of the build.

statusDetail

string

Output only. Customer-readable message about the current status.

source

object (Source)

Optional. The location of the source files to build.

steps[]

object (BuildStep)

Required. The operations to be performed on the workspace.

results

object (Results)

Output only. Results of the build.

createTime

string (Timestamp format)

Output only. Time at which the request to create the build was received.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

startTime

string (Timestamp format)

Output only. Time at which execution of the build was started.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

finishTime

string (Timestamp format)

Output only. Time at which execution of the build was finished.

The difference between finishTime and startTime is the duration of the build's execution.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

timeout

string (Duration format)

Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.

timeout starts ticking from startTime.

Default time is 60 minutes.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

images[]

string

A list of images to be pushed upon the successful completion of all build steps.

The images are pushed using the builder service account's credentials.

The digests of the pushed images will be stored in the Build resource's results field.

If any of the images fail to be pushed, the build status is marked FAILURE.

queueTtl

string (Duration format)

TTL in queue for this build. If provided and the build is enqueued longer than this value, the build will expire and the build status will be EXPIRED.

The TTL starts ticking from createTime.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

artifacts

object (Artifacts)

Artifacts produced by the build that should be uploaded upon successful completion of all build steps.

logsBucket

string

Cloud Storage bucket where logs should be written (see Bucket Name Requirements). Logs file names will be of the format ${logsBucket}/log-${build_id}.txt.

sourceProvenance

object (SourceProvenance)

Output only. A permanent fixed identifier for source.

buildTriggerId

string

Output only. The ID of the BuildTrigger that triggered this build, if it was triggered automatically.

options

object (BuildOptions)

Special options for this build.

logUrl

string

Output only. URL to logs for this build in Google Cloud Console.

substitutions

map (key: string, value: string)

Substitutions data for Build resource.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

tags[]

string

Tags for annotation of a Build. These are not docker tags.

secrets[]

object (Secret)

Secrets to decrypt using Cloud Key Management Service. Note: Secret Manager is the recommended technique for managing sensitive data with Cloud Build. Use availableSecrets to configure builds to access secrets from Secret Manager. For instructions, see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets

timing

map (key: string, value: object (TimeSpan))

Output only. Stores timing information for phases of the build. Valid keys are:

  • BUILD: time to execute all build steps.
  • PUSH: time to push all artifacts including docker images and non docker artifacts.
  • FETCHSOURCE: time to fetch source.
  • SETUPBUILD: time to set up build.

If the build does not specify source or images, these keys will not be included.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

approval

object (BuildApproval)

Output only. Describes this build's approval configuration, status, and result.

serviceAccount

string

IAM service account whose credentials will be used at build runtime. Must be of the format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. ACCOUNT can be email address or uniqueId of the service account.

availableSecrets

object (Secrets)

Secrets and secret environment variables.

warnings[]

object (Warning)

Output only. Non-fatal problems encountered during the execution of the build.

gitConfig

object (GitConfig)

Optional. Configuration for git operations.

failureInfo

object (FailureInfo)

Output only. Contains information about the build when status=FAILURE.

Status

Possible status of a build or build step.

Enums
STATUS_UNKNOWN Status of the build is unknown.
PENDING Build has been created and is pending execution and queuing. It has not been queued.
QUEUED Build or step is queued; work has not yet begun.
WORKING Build or step is being executed.
SUCCESS Build or step finished successfully.
FAILURE Build or step failed to complete successfully.
INTERNAL_ERROR Build or step failed due to an internal cause.
TIMEOUT Build or step took longer than was allowed.
CANCELLED Build or step was canceled by a user.
EXPIRED Build was enqueued for longer than the value of queueTtl.

Source

Location of the source in a supported storage service.

JSON representation
{

  // Union field source can be only one of the following:
  "storageSource": {
    object (StorageSource)
  },
  "repoSource": {
    object (RepoSource)
  },
  "gitSource": {
    object (GitSource)
  },
  "storageSourceManifest": {
    object (StorageSourceManifest)
  },
  "connectedRepository": {
    object (ConnectedRepository)
  },
  "developerConnectConfig": {
    object (DeveloperConnectConfig)
  }
  // End of list of possible types for union field source.
}
Fields
Union field source. Location of source. source can be only one of the following:
storageSource

object (StorageSource)

If provided, get the source from this location in Cloud Storage.

repoSource

object (RepoSource)

If provided, get the source from this location in a Cloud Source Repository.

gitSource

object (GitSource)

If provided, get the source from this Git repository.

storageSourceManifest

object (StorageSourceManifest)

If provided, get the source from this manifest in Cloud Storage. This feature is in Preview; see description here.

connectedRepository

object (ConnectedRepository)

Optional. If provided, get the source from this 2nd-gen Google Cloud Build repository resource.

developerConnectConfig

object (DeveloperConnectConfig)

If provided, get the source from this Developer Connect config.

StorageSource

Location of the source in an archive file in Cloud Storage.

JSON representation
{
  "bucket": string,
  "object": string,
  "generation": string,
  "sourceFetcher": enum (SourceFetcher)
}
Fields
bucket

string

Cloud Storage bucket containing the source (see Bucket Name Requirements).

object

string

Required. Cloud Storage object containing the source.

This object must be a zipped (.zip) or gzipped archive file (.tar.gz) containing source to build.

generation

string (int64 format)

Optional. Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

sourceFetcher

enum (SourceFetcher)

Optional. Option to specify the tool to fetch the source file for the build.

SourceFetcher

Specifies the tool to fetch the source file for the build.

Enums
SOURCE_FETCHER_UNSPECIFIED Unspecified defaults to GSUTIL.
GSUTIL Use the "gsutil" tool to download the source file.
GCS_FETCHER Use the Cloud Storage Fetcher tool to download the source file.

GitSource

Location of the source in any accessible Git repository.

JSON representation
{
  "url": string,
  "dir": string,
  "revision": string
}
Fields
url

string

Required. Location of the Git repo to build.

This will be used as a git remote, see https://git-scm.com/docs/git-remote.

dir

string

Optional. Directory, relative to the source root, in which to run the build.

This must be a relative path. If a step's dir is specified and is an absolute path, this value is ignored for that step's execution.

revision

string

Optional. The revision to fetch from the Git repository such as a branch, a tag, a commit SHA, or any Git ref.

Cloud Build uses git fetch to fetch the revision from the Git repository; therefore make sure that the string you provide for revision is parsable by the command. For information on string values accepted by git fetch, see https://git-scm.com/docs/gitrevisions#_specifying_revisions. For information on git fetch, see https://git-scm.com/docs/git-fetch.

StorageSourceManifest

Location of the source manifest in Cloud Storage. This feature is in Preview; see description here.

JSON representation
{
  "bucket": string,
  "object": string,
  "generation": string
}
Fields
bucket

string

Required. Cloud Storage bucket containing the source manifest (see Bucket Name Requirements).

object

string

Required. Cloud Storage object containing the source manifest.

This object must be a JSON file.

generation

string (int64 format)

Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

ConnectedRepository

Location of the source in a 2nd-gen Google Cloud Build repository resource.

JSON representation
{
  "repository": string,
  "dir": string,
  "revision": string
}
Fields
repository

string

Required. Name of the Google Cloud Build repository, formatted as projects/*/locations/*/connections/*/repositories/*.

dir

string

Optional. Directory, relative to the source root, in which to run the build.

revision

string

Required. The revision to fetch from the Git repository such as a branch, a tag, a commit SHA, or any Git ref.

DeveloperConnectConfig

This config defines the location of a source through Developer Connect.

JSON representation
{
  "gitRepositoryLink": string,
  "dir": string,
  "revision": string
}
Fields
dir

string

Required. Directory, relative to the source root, in which to run the build.

revision

string

Required. The revision to fetch from the Git repository such as a branch, a tag, a commit SHA, or any Git ref.

BuildStep

A step in the build pipeline.

JSON representation
{
  "name": string,
  "env": [
    string
  ],
  "args": [
    string
  ],
  "dir": string,
  "id": string,
  "waitFor": [
    string
  ],
  "entrypoint": string,
  "secretEnv": [
    string
  ],
  "volumes": [
    {
      object (Volume)
    }
  ],
  "timing": {
    object (TimeSpan)
  },
  "pullTiming": {
    object (TimeSpan)
  },
  "timeout": string,
  "status": enum (Status),
  "allowFailure": boolean,
  "exitCode": integer,
  "allowExitCodes": [
    integer
  ],
  "script": string,
  "automapSubstitutions": boolean
}
Fields
name

string

Required. The name of the container image that will run this particular build step.

If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary.

The Docker daemon's cache will already have the latest versions of all of the officially supported build steps (https://github.com/GoogleCloudPlatform/cloud-builders). The Docker daemon will also have cached many of the layers for some popular images, like "ubuntu", "debian", but they will be refreshed at the time you attempt to use them.

If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step.

env[]

string

A list of environment variable definitions to be used when running a step.

The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE".

args[]

string

A list of arguments that will be presented to the step when it is started.

If the image used to run the step's container has an entrypoint, the args are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments.

dir

string

Working directory to use when running this step's container.

If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a volume for that path is specified.

If the build specifies a RepoSource with dir and a step with a dir, which specifies an absolute path, the RepoSource dir is ignored for the step's execution.

id

string

Unique identifier for this build step, used in waitFor to reference this build step as a dependency.

waitFor[]

string

The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in waitFor have completed successfully. If waitFor is empty, this build step will start when all previous build steps in the Build.Steps list have completed successfully.

entrypoint

string

Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used.

secretEnv[]

string

A list of environment variables which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's Secret.

volumes[]

object (Volume)

List of volumes to mount into the build step.

Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded.

Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration.

timing

object (TimeSpan)

Output only. Stores timing information for executing this build step.

pullTiming

object (TimeSpan)

Output only. Stores timing information for pulling this build step's builder image only.

timeout

string (Duration format)

Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

status

enum (Status)

Output only. Status of the build step. At this time, build step status is only updated on build completion; step status is not updated in real-time as the build progresses.

allowFailure

boolean

Allow this build step to fail without failing the entire build.

If false, the entire build will fail if this step fails. Otherwise, the build will succeed, but this step will still have a failure status. Error information will be reported in the failure_detail field.

exitCode

integer

Output only. Return code from running the step.

allowExitCodes[]

integer

Allow this build step to fail without failing the entire build if and only if the exit code is one of the specified codes. If allowFailure is also specified, this field will take precedence.

script

string

A shell script to be executed in the step.

When script is provided, the user cannot specify the entrypoint or args.

automapSubstitutions

boolean

Option to include built-in and custom substitutions as env variables for this build step. This option will override the global option in BuildOption.

Volume

Volume describes a Docker container volume which is mounted into build steps in order to persist files across build step execution.

JSON representation
{
  "name": string,
  "path": string
}
Fields
name

string

Name of the volume to mount.

Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.

path

string

Path at which to mount the volume.

Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.

TimeSpan

Start and end times for a build execution phase.

JSON representation
{
  "startTime": string,
  "endTime": string
}
Fields
startTime

string (Timestamp format)

Start of time span.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

endTime

string (Timestamp format)

End of time span.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

Results

Artifacts created by the build pipeline.

JSON representation
{
  "images": [
    {
      object (BuiltImage)
    }
  ],
  "buildStepImages": [
    string
  ],
  "artifactManifest": string,
  "numArtifacts": string,
  "buildStepOutputs": [
    string
  ],
  "artifactTiming": {
    object (TimeSpan)
  },
  "pythonPackages": [
    {
      object (UploadedPythonPackage)
    }
  ],
  "mavenArtifacts": [
    {
      object (UploadedMavenArtifact)
    }
  ],
  "npmPackages": [
    {
      object (UploadedNpmPackage)
    }
  ]
}
Fields
images[]

object (BuiltImage)

Container images that were built as a part of the build.

buildStepImages[]

string

List of build step digests, in the order corresponding to build step indices.

artifactManifest

string

Path to the artifact manifest for non-container artifacts uploaded to Cloud Storage. Only populated when artifacts are uploaded to Cloud Storage.

numArtifacts

string (int64 format)

Number of non-container artifacts uploaded to Cloud Storage. Only populated when artifacts are uploaded to Cloud Storage.

buildStepOutputs[]

string (bytes format)

List of build step outputs, produced by builder images, in the order corresponding to build step indices.

Cloud Builders can produce this output by writing to $BUILDER_OUTPUT/output. Only the first 50KB of data is stored. Note that the $BUILDER_OUTPUT variable is read-only and can't be substituted.

A base64-encoded string.

artifactTiming

object (TimeSpan)

Time to push all non-container artifacts to Cloud Storage.

pythonPackages[]

object (UploadedPythonPackage)

Python artifacts uploaded to Artifact Registry at the end of the build.

mavenArtifacts[]

object (UploadedMavenArtifact)

Maven artifacts uploaded to Artifact Registry at the end of the build.

npmPackages[]

object (UploadedNpmPackage)

Npm packages uploaded to Artifact Registry at the end of the build.

BuiltImage

An image built by the pipeline.

JSON representation
{
  "name": string,
  "digest": string,
  "pushTiming": {
    object (TimeSpan)
  }
}
Fields
name

string

Name used to push the container image to Google Container Registry, as presented to docker push.

digest

string

Docker Registry 2.0 digest.

pushTiming

object (TimeSpan)

Output only. Stores timing information for pushing the specified image.

UploadedPythonPackage

Artifact uploaded using the PythonPackage directive.

JSON representation
{
  "uri": string,
  "fileHashes": {
    object (FileHashes)
  },
  "pushTiming": {
    object (TimeSpan)
  }
}
Fields
uri

string

URI of the uploaded artifact.

fileHashes

object (FileHashes)

Hash types and values of the Python Artifact.

pushTiming

object (TimeSpan)

Output only. Stores timing information for pushing the specified artifact.

FileHashes

Container message for hashes of byte content of files, used in SourceProvenance messages to verify integrity of source input to the build.

JSON representation
{
  "fileHash": [
    {
      object (Hash)
    }
  ]
}
Fields
fileHash[]

object (Hash)

Collection of file hashes.

Hash

Container message for hash values.

JSON representation
{
  "type": enum (HashType),
  "value": string
}
Fields
type

enum (HashType)

The type of hash that was performed.

value

string (bytes format)

The hash value.

A base64-encoded string.

HashType

Specifies the hash algorithm, if any.

Enums
NONE No hash requested.
SHA256 Use a sha256 hash.
MD5 Use a md5 hash.
SHA512 Use a sha512 hash.

UploadedMavenArtifact

A Maven artifact uploaded using the MavenArtifact directive.

JSON representation
{
  "uri": string,
  "fileHashes": {
    object (FileHashes)
  },
  "pushTiming": {
    object (TimeSpan)
  }
}
Fields
uri

string

URI of the uploaded artifact.

fileHashes

object (FileHashes)

Hash types and values of the Maven Artifact.

pushTiming

object (TimeSpan)

Output only. Stores timing information for pushing the specified artifact.

UploadedNpmPackage

An npm package uploaded to Artifact Registry using the NpmPackage directive.

JSON representation
{
  "uri": string,
  "fileHashes": {
    object (FileHashes)
  },
  "pushTiming": {
    object (TimeSpan)
  }
}
Fields
uri

string

URI of the uploaded npm package.

fileHashes

object (FileHashes)

Hash types and values of the npm package.

pushTiming

object (TimeSpan)

Output only. Stores timing information for pushing the specified artifact.

Artifacts

Artifacts produced by a build that should be uploaded upon successful completion of all build steps.

JSON representation
{
  "images": [
    string
  ],
  "objects": {
    object (ArtifactObjects)
  },
  "mavenArtifacts": [
    {
      object (MavenArtifact)
    }
  ],
  "pythonPackages": [
    {
      object (PythonPackage)
    }
  ],
  "npmPackages": [
    {
      object (NpmPackage)
    }
  ]
}
Fields
images[]

string

A list of images to be pushed upon the successful completion of all build steps.

The images will be pushed using the builder service account's credentials.

The digests of the pushed images will be stored in the Build resource's results field.

If any of the images fail to be pushed, the build is marked FAILURE.

objects

object (ArtifactObjects)

A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.

Files in the workspace matching specified paths globs will be uploaded to the specified Cloud Storage location using the builder service account's credentials.

The location and generation of the uploaded objects will be stored in the Build resource's results field.

If any objects fail to be pushed, the build is marked FAILURE.

mavenArtifacts[]

object (MavenArtifact)

A list of Maven artifacts to be uploaded to Artifact Registry upon successful completion of all build steps.

Artifacts in the workspace matching specified paths globs will be uploaded to the specified Artifact Registry repository using the builder service account's credentials.

If any artifacts fail to be pushed, the build is marked FAILURE.

pythonPackages[]

object (PythonPackage)

A list of Python packages to be uploaded to Artifact Registry upon successful completion of all build steps.

The build service account credentials will be used to perform the upload.

If any objects fail to be pushed, the build is marked FAILURE.

npmPackages[]

object (NpmPackage)

A list of npm packages to be uploaded to Artifact Registry upon successful completion of all build steps.

Npm packages in the specified paths will be uploaded to the specified Artifact Registry repository using the builder service account's credentials.

If any packages fail to be pushed, the build is marked FAILURE.

ArtifactObjects

Files in the workspace to upload to Cloud Storage upon successful completion of all build steps.

JSON representation
{
  "location": string,
  "paths": [
    string
  ],
  "timing": {
    object (TimeSpan)
  }
}
Fields
location

string

Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". (see Bucket Name Requirements).

Files in the workspace matching any path pattern will be uploaded to Cloud Storage with this location as a prefix.

paths[]

string

Path globs used to match files in the build's workspace.

timing

object (TimeSpan)

Output only. Stores timing information for pushing all artifact objects.

MavenArtifact

A Maven artifact to upload to Artifact Registry upon successful completion of all build steps.

JSON representation
{
  "repository": string,
  "path": string,
  "artifactId": string,
  "groupId": string,
  "version": string
}
Fields
repository

string

Artifact Registry repository, in the form "https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY"

Artifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix.

path

string

Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar.

artifactId

string

Maven artifactId value used when uploading the artifact to Artifact Registry.

groupId

string

Maven groupId value used when uploading the artifact to Artifact Registry.

version

string

Maven version value used when uploading the artifact to Artifact Registry.

PythonPackage

Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository.

JSON representation
{
  "repository": string,
  "paths": [
    string
  ]
}
Fields
repository

string

Artifact Registry repository, in the form "https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY"

Files in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix.

paths[]

string

Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file.

NpmPackage

Npm package to upload to Artifact Registry upon successful completion of all build steps.

JSON representation
{
  "repository": string,
  "packagePath": string
}
Fields
repository

string

Artifact Registry repository, in the form "https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY"

Npm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix.

packagePath

string

Path to the package.json. e.g. workspace/path/to/package

SourceProvenance

Provenance of the source. Ways to find the original source, or verify that some source was used for this build.

JSON representation
{
  "resolvedStorageSource": {
    object (StorageSource)
  },
  "resolvedRepoSource": {
    object (RepoSource)
  },
  "resolvedStorageSourceManifest": {
    object (StorageSourceManifest)
  },
  "resolvedConnectedRepository": {
    object (ConnectedRepository)
  },
  "resolvedGitSource": {
    object (GitSource)
  },
  "fileHashes": {
    string: {
      object (FileHashes)
    },
    ...
  }
}
Fields
resolvedStorageSource

object (StorageSource)

A copy of the build's source.storage_source, if exists, with any generations resolved.

resolvedRepoSource

object (RepoSource)

A copy of the build's source.repo_source, if exists, with any revisions resolved.

resolvedStorageSourceManifest

object (StorageSourceManifest)

A copy of the build's source.storage_source_manifest, if exists, with any revisions resolved. This feature is in Preview.

resolvedConnectedRepository

object (ConnectedRepository)

Output only. A copy of the build's source.connected_repository, if exists, with any revisions resolved.

resolvedGitSource

object (GitSource)

Output only. A copy of the build's source.git_source, if exists, with any revisions resolved.

fileHashes

map (key: string, value: object (FileHashes))

Output only. Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. Note that FileHashes will only be populated if BuildOptions has requested a SourceProvenanceHash.

The keys to this map are file paths used as build source and the values contain the hash values for those files.

If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

BuildOptions

Optional arguments to enable specific features of builds.

JSON representation
{
  "sourceProvenanceHash": [
    enum (HashType)
  ],
  "requestedVerifyOption": enum (VerifyOption),
  "machineType": enum (MachineType),
  "diskSizeGb": string,
  "substitutionOption": enum (SubstitutionOption),
  "dynamicSubstitutions": boolean,
  "automapSubstitutions": boolean,
  "logStreamingOption": enum (LogStreamingOption),
  "workerPool": string,
  "pool": {
    object (PoolOption)
  },
  "logging": enum (LoggingMode),
  "env": [
    string
  ],
  "secretEnv": [
    string
  ],
  "volumes": [
    {
      object (Volume)
    }
  ],
  "defaultLogsBucketBehavior": enum (DefaultLogsBucketBehavior)
}
Fields
sourceProvenanceHash[]

enum (HashType)

Requested hash for SourceProvenance.

requestedVerifyOption

enum (VerifyOption)

Requested verifiability options.

machineType

enum (MachineType)

Compute Engine machine type on which to run the build.

diskSizeGb

string (int64 format)

Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; some of the space will be used by the operating system and build utilities. Also note that this is the minimum disk size that will be allocated for the build -- the build may run with a larger disk than requested. At present, the maximum disk size is 4000GB; builds that request more than the maximum are rejected with an error.

substitutionOption

enum (SubstitutionOption)

Option to specify behavior when there is an error in the substitution checks.

NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden in the build configuration file.

dynamicSubstitutions

boolean

Option to specify whether or not to apply bash style string operations to the substitutions.

NOTE: this is always enabled for triggered builds and cannot be overridden in the build configuration file.

automapSubstitutions

boolean

Option to include built-in and custom substitutions as env variables for all build steps.

logStreamingOption

enum (LogStreamingOption)

Option to define build log streaming behavior to Cloud Storage.

workerPool
(deprecated)

string

This field deprecated; please use pool.name instead.

pool

object (PoolOption)

Optional. Specification for execution on a WorkerPool.

See running builds in a private pool for more information.

logging

enum (LoggingMode)

Option to specify the logging mode, which determines if and where build logs are stored.

env[]

string

A list of global environment variable definitions that will exist for all build steps in this build. If a variable is defined in both globally and in a build step, the variable will use the build step value.

The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE".

secretEnv[]

string

A list of global environment variables, which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's Secret. These variables will be available to all build steps in this build.

volumes[]

object (Volume)

Global list of volumes to mount for ALL build steps

Each volume is created as an empty volume prior to starting the build process. Upon completion of the build, volumes and their contents are discarded. Global volume names and paths cannot conflict with the volumes defined a build step.

Using a global volume in a build with only one step is not valid as it is indicative of a build request with an incorrect configuration.

defaultLogsBucketBehavior

enum (DefaultLogsBucketBehavior)

Optional. Option to specify how default logs buckets are setup.

VerifyOption

Specifies the manner in which the build should be verified, if at all.

If a verified build is requested, and any part of the process to generate and upload provenance fails, the build will also fail.

If the build does not request verification then that process may occur, but is not guaranteed to. If it does occur and fails, the build will not fail.

For more information, see Viewing Build Provenance.

Enums
NOT_VERIFIED Not a verifiable build (the default).
VERIFIED Build must be verified.

MachineType

Supported Compute Engine machine types. For more information, see Machine types.

Enums
UNSPECIFIED Standard machine type.
N1_HIGHCPU_8

Highcpu machine with 8 CPUs.

N1_HIGHCPU_32

Highcpu machine with 32 CPUs.

E2_HIGHCPU_8 Highcpu e2 machine with 8 CPUs.
E2_HIGHCPU_32 Highcpu e2 machine with 32 CPUs.
E2_MEDIUM E2 machine with 1 CPU.

SubstitutionOption

Specifies the behavior when there is an error in the substitution checks.

Enums
MUST_MATCH Fails the build if error in substitutions checks, like missing a substitution in the template or in the map.
ALLOW_LOOSE Do not fail the build if error in substitutions checks.

LogStreamingOption

Specifies the behavior when writing build logs to Cloud Storage.

Enums
STREAM_DEFAULT Service may automatically determine build log streaming behavior.
STREAM_ON Build logs should be streamed to Cloud Storage.
STREAM_OFF Build logs should not be streamed to Cloud Storage; they will be written when the build is completed.

PoolOption

Details about how a build should be executed on a WorkerPool.

See running builds in a private pool for more information.

JSON representation
{
  "name": string
}
Fields
name

string

The WorkerPool resource to execute the build on. You must have cloudbuild.workerpools.use on the project hosting the WorkerPool.

Format projects/{project}/locations/{location}/workerPools/{workerPoolId}

LoggingMode

Specifies the logging mode.

Enums
LOGGING_UNSPECIFIED The service determines the logging mode. The default is LEGACY. Do not rely on the default logging behavior as it may change in the future.
LEGACY Build logs are stored in Cloud Logging and Cloud Storage.
GCS_ONLY Build logs are stored in Cloud Storage.
STACKDRIVER_ONLY

This option is the same as CLOUD_LOGGING_ONLY.

CLOUD_LOGGING_ONLY Build logs are stored in Cloud Logging. Selecting this option will not allow logs streaming.
NONE Turn off all logging. No build logs will be captured.

DefaultLogsBucketBehavior

Default Cloud Storage log bucket behavior options.

Enums
DEFAULT_LOGS_BUCKET_BEHAVIOR_UNSPECIFIED Unspecified.
REGIONAL_USER_OWNED_BUCKET Bucket is located in user-owned project in the same region as the build. The builder service account must have access to create and write to Cloud Storage buckets in the build project.

Secret

Pairs a set of secret environment variables containing encrypted values with the Cloud KMS key to use to decrypt the value. Note: Use kmsKeyName with availableSecrets instead of using kmsKeyName with secret. For instructions see: https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-credentials.

JSON representation
{
  "kmsKeyName": string,
  "secretEnv": {
    string: string,
    ...
  }
}
Fields
kmsKeyName

string

Cloud KMS key name to use to decrypt these envs.

secretEnv

map (key: string, value: string (bytes format))

Map of environment variable name to its encrypted value.

Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

BuildApproval

BuildApproval describes a build's approval configuration, state, and result.

JSON representation
{
  "state": enum (State),
  "config": {
    object (ApprovalConfig)
  },
  "result": {
    object (ApprovalResult)
  }
}
Fields
state

enum (State)

Output only. The state of this build's approval.

config

object (ApprovalConfig)

Output only. Configuration for manual approval of this build.

result

object (ApprovalResult)

Output only. Result of manual approval for this Build.

State

Specifies the current state of a build's approval.

Enums
STATE_UNSPECIFIED Default enum type. This should not be used.
PENDING Build approval is pending.
APPROVED Build approval has been approved.
REJECTED Build approval has been rejected.
CANCELLED Build was cancelled while it was still pending approval.

ApprovalResult

ApprovalResult describes the decision and associated metadata of a manual approval of a build.

JSON representation
{
  "approverAccount": string,
  "approvalTime": string,
  "decision": enum (Decision),
  "comment": string,
  "url": string
}
Fields
approverAccount

string

Output only. Email of the user that called the builds.approve API to approve or reject a build at the time that the API was called.

approvalTime

string (Timestamp format)

Output only. The time when the approval decision was made.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

decision

enum (Decision)

Required. The decision of this manual approval.

comment

string

Optional. An optional comment for this manual approval result.

url

string

Optional. An optional URL tied to this manual approval result. This field is essentially the same as comment, except that it will be rendered by the UI differently. An example use case is a link to an external job that approved this Build.

Decision

Specifies whether or not this manual approval result is to approve or reject a build.

Enums
DECISION_UNSPECIFIED Default enum type. This should not be used.
APPROVED Build is approved.
REJECTED Build is rejected.

Secrets

Secrets and secret environment variables.

JSON representation
{
  "secretManager": [
    {
      object (SecretManagerSecret)
    }
  ],
  "inline": [
    {
      object (InlineSecret)
    }
  ]
}
Fields
secretManager[]

object (SecretManagerSecret)

Secrets in Secret Manager and associated secret environment variable.

inline[]

object (InlineSecret)

Secrets encrypted with KMS key and the associated secret environment variable.

SecretManagerSecret

Pairs a secret environment variable with a SecretVersion in Secret Manager.

JSON representation
{
  "versionName": string,
  "env": string
}
Fields
versionName

string

Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*

env

string

Environment variable name to associate with the secret. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step.

InlineSecret

Pairs a set of secret environment variables mapped to encrypted values with the Cloud KMS key to use to decrypt the value.

JSON representation
{
  "kmsKeyName": string,
  "envMap": {
    string: string,
    ...
  }
}
Fields
kmsKeyName

string

Resource name of Cloud KMS crypto key to decrypt the encrypted value. In format: projects/*/locations/*/keyRings/*/cryptoKeys/*

envMap

map (key: string, value: string (bytes format))

Map of environment variable name to its encrypted value.

Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Warning

A non-fatal problem encountered during the execution of the build.

JSON representation
{
  "text": string,
  "priority": enum (Priority)
}
Fields
text

string

Explanation of the warning generated.

priority

enum (Priority)

The priority for this warning.

Priority

The relative importance of this warning.

Enums
PRIORITY_UNSPECIFIED Should not be used.
INFO e.g. deprecation warnings and alternative feature highlights.
WARNING e.g. automated detection of possible issues with the build.
ALERT e.g. alerts that a feature used in the build is pending removal

GitConfig

GitConfig is a configuration for git operations.

JSON representation
{
  "http": {
    object (HttpConfig)
  }
}
Fields
http

object (HttpConfig)

Configuration for HTTP related git operations.

HttpConfig

HttpConfig is a configuration for HTTP related git operations.

JSON representation
{
  "proxySecretVersionName": string
}
Fields
proxySecretVersionName

string

SecretVersion resource of the HTTP proxy URL. The Service Account used in the build (either the default Service Account or user-specified Service Account) should have secretmanager.versions.access permissions on this secret. The proxy URL should be in format [protocol://][user[:password]@]proxyhost[:port].

FailureInfo

A fatal problem encountered during the execution of the build.

JSON representation
{
  "type": enum (FailureType),
  "detail": string
}
Fields
type

enum (FailureType)

The name of the failure.

detail

string

Explains the failure issue in more detail using hard-coded text.

FailureType

The name of a fatal problem encountered during the execution of the build.

Enums
FAILURE_TYPE_UNSPECIFIED Type unspecified
PUSH_FAILED Unable to push the image to the repository.
PUSH_IMAGE_NOT_FOUND Final image not found.
PUSH_NOT_AUTHORIZED Unauthorized push of the final image.
LOGGING_FAILURE Backend logging failures. Should retry.
USER_BUILD_STEP A build step has failed.
FETCH_SOURCE_FAILED The source fetching has failed.

Methods

approve

Approves or rejects a pending build.

cancel

Cancels a build in progress.

create

Starts a build with the specified configuration.

get

Returns information about a previously requested build.

list

Lists previously requested builds.

retry

Creates a new build based on the specified build.