Build Type: Google Builder

This page explains the SLSA V1.0 Build Type definition for the Google Builder.

External parameters

The following table displays the types of external parameters that may be used in a Workflow PipelineRun and Workflow TaskRun definition. Unless otherwise noted, all parameters are required.

Field	Type	Details
runSpec	object	The complete PipelineRun spec.
buildConfigSource	object	The complete buildConfigSource spec.

PipelineRun spec

Field	Type	Details
pipelineRef/taskRef	object	Where pipelineSpec/taskSpec was read from. This field is only populated if the pipelineSpec was referenced from a remote source. Default: `null`
pipelineSpec/taskSpec	object	In-lined Pipeline/Task Spec, not fetched from a remote source using pipelineRef/taskRef. [Optional].
params	[object]	Map of parameter names and values supplied to Pipeline. Values can be string, array or object type. Default: `null` Note: In case of triggered workflow, this field will also contain some parameters provided by the Cloud Build triggering system besides params configured by the user in the workflow definition.
workspaces	[object]	Workspaces holds a set of workspace bindings that must match names with those declared in the pipeline. Default: `null`
timeouts/timeout	object	Time after which the pipeline times out. Timeouts can be defined for Pipeline, Tasks and Finally. They are related by the formula Timeouts.pipeline Timeouts.tasks + Timeouts.finally.

buildConfigSource spec

Field Type Details

Field	Type	Details
ref	object	Can be one of the following: The git reference. For example, the commit sha: `sha1:563f0...` The image digest. For example: `sha256:91fbe...`
repository	string	The git repository URI, or the image repository URI
path	string	The path in the git repository, or the resource name in the image bundle.

ref

object

Can be one of the following:

The git reference. For example, the commit sha: sha1:563f0...
The image digest. For example: sha256:91fbe...

repository

string

The git repository URI, or the image repository URI

path

string

The path in the git repository, or the resource name in the image bundle.

Internal parameters

The internal parameters are provided by the builder for the build process.

Field	Type	Details
tekton-pipelines-feature-flags	object	Tekton configuration feature flags used for the build. These are configured by the builder and are useful for reproducibility.
systemParameters	object	A list of name and value pairs for default system substitutions provided by GCB.

Resolved dependencies

The resolvedDependencies field must contain entries identifying the resolved reference corresponding to externalParameters.configRef. This is the reference to the Pipeline, in case of a PipelineRun specification, or the reference to the Task, in case of a TaskRun specification.

The resolved dependencies may contain additional artifacts that are inputs for the build, using the name field to indicate the type of the artifact:

For remote Pipelines, use name: pipeline.
For remote Tasks, use name: pipelineTask.
For a resolved reference to a Step or a sidecar container image, the name field is optional. In the case of the digest field, even if the image is referenced by tag, the image digest must be included.
For other input artifacts used for the build, like source code, use name: inputs/result. Type hinting is used for the results of the Task.

The following example contains information about all the types of resolved dependencies:

"resolvedDependencies": [
  {
    "name": "pipeline",
    "uri": "git+https://github.com/octocat/hello-world.git",
    "digest": {"sha1": "7fd1a60b01f91b314f59955a4e4d4e80d8edf11d"},
  },
  {
  "name": "pipelineTask",
  "uri": "git+https://github.com/octocat/hello-world.git",
  "digest": {"sha1": "7fd1a60b01f91b314f59955a4e4d4e80d8edf11d"},
  },
  {
  "uri": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
  "digest": {
    "sha256": "28ff94e63e4058afc3f15b4c11c08cf3b54fa91faa646a4bbac90380cd7158df"},
  },
  {
  "name": "inputs/result",
  "uri": "git+https://github.com/octocat/hello-world.git",
  "digest": {"sha1": "7fd1a60b01f91b314f59955a4e4d4e80d8edf11d"},
  }
]

RunDetails

Field	Details
builder	Contains an `id` subfield that identifies the build platform that executed the operation and populated this provenance. This also contains the SLSA level. The expected `id` value is one of the following: `https://cloudbuild.googleapis.com/GoogleBuilder`. This builder ID indicates a SLSA L2 build. `https://cloudbuild.googleapis.com/GoogleIsolatedBuilder`. This builder ID indicates a SLSA L3 build.
metadata	Additional metadata about this particular execution of the build. The `invocationId` displays the URL of the build, such as `https://cloudbuild.googleapis.com/v2/projects/PROJECT_ID/locations/LOCATION/pipelineRuns/BUILD_ID`. The `startedOn` and `finishedOn` fields contain the time stamps for when the build started and completed.
byproducts	A `results` object. Contains the TaskRunResults produced by the PipelineRun. The content is encoded in Base64.