Types overview

string

Optional. If present, indicates to use Breakglass using this justification. If use_default is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass

string

Optional. The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}

boolean

Optional. If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.

string

A system-generated fingerprint for this version of the resource. This may be used to detect modification conflict during updates.

boolean

Indicates that the request should be validated without actually cancelling any resources.

string

The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}

enum

Output only. A reason for the execution condition.

string (Timestamp format)

Last time the condition transitioned from one status to another.

string

Human readable message indicating details about the current status.

enum

Output only. A common (service-level) reason for this condition.

enum

Output only. A reason for the revision condition.

enum

How to interpret failures of this condition, one of Error, Warning, Info

enum

State of the condition.

string

type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready.

string

Arguments to the entrypoint. The docker image's CMD is used if this is not provided.

string

Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided.

string

Names of the containers that must start before this container.

object (GoogleCloudRunV2EnvVar)

List of environment variables to set in the container.

string

Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed.

object (GoogleCloudRunV2Probe)

Periodic probe of container liveness. Container will be restarted if the probe fails.

string

Name of the container specified as a DNS_LABEL (RFC 1123).

object (GoogleCloudRunV2ContainerPort)

List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on.

object (GoogleCloudRunV2ResourceRequirements)

Compute Resource requirements by this container.

object (GoogleCloudRunV2Probe)

Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails.

object (GoogleCloudRunV2VolumeMount)

Volume to mount into the container's filesystem.

string

Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.

string

Optional. Arguments to the entrypoint. Will replace existing args for override.

boolean

Optional. True if the intention is to clear out existing args list.

object (GoogleCloudRunV2EnvVar)

List of environment variables to set in the container. Will be merged with existing env for override.

string

The name of the container specified as a DNS_LABEL.

integer (int32 format)

Port number the container listens on. This must be a valid TCP port number, 0 < container_port < 65536.

string

If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c".

enum

The medium on which the data is stored. Acceptable values today is only MEMORY or none. When none, the default will currently be backed by memory but could change over time. +optional

string

Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir

string

Required. Name of the environment variable. Must not exceed 32768 characters.

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes.

object (GoogleCloudRunV2EnvVarSource)

Source for the environment variable's value.

object (GoogleCloudRunV2SecretKeySelector)

Selects a secret and a specific version from Cloud Secret Manager.

map (key: string, value: string)

Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.

integer (int32 format)

Output only. The number of tasks which reached phase Cancelled.

string (Timestamp format)

Output only. Represents time when the execution was completed. It is not guaranteed to be set in happens-before order across separate operations.

object (GoogleCloudRunV2Condition)

Output only. The Condition of this Execution, containing its readiness status, and detailed error information in case it did not reach the desired state.

string (Timestamp format)

Output only. Represents time when the execution was acknowledged by the execution controller. It is not guaranteed to be set in happens-before order across separate operations.

string (Timestamp format)

Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request.

string

Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.

string (Timestamp format)

Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request.

integer (int32 format)

Output only. The number of tasks which reached phase Failed.

string (int64 format)

Output only. A number that monotonically increases every time the user modifies the desired state.

string

Output only. The name of the parent Job.

map (key: string, value: string)

Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels

enum

The least stable launch stage needed to create this resource, as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. Note that this value might not be what was used as input. For example, if ALPHA was provided as input in the parent resource, but only BETA and GA-level features are were, this field will be BETA.

string

Output only. URI where logs for this execution can be found in Cloud Console.

string

Output only. The unique name of this Execution.

string (int64 format)

Output only. The generation of this Execution. See comments in reconciling for additional information on reconciliation process in Cloud Run.

integer (int32 format)

Output only. Specifies the maximum desired number of tasks the execution should run at any given time. Must be <= task_count. The actual number of tasks running in steady state will be less than this number when ((.spec.task_count - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism.

boolean

Output only. Indicates whether the resource's reconciliation is still in progress. See comments in Job.reconciling for additional information on reconciliation process in Cloud Run.

integer (int32 format)

Output only. The number of tasks which have retried at least once.

integer (int32 format)

Output only. The number of actively running tasks.

boolean

Output only. Reserved for future use.

string (Timestamp format)

Output only. Represents time when the execution started to run. It is not guaranteed to be set in happens-before order across separate operations.

integer (int32 format)

Output only. The number of tasks which reached phase Succeeded.

integer (int32 format)

Output only. Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution.

object (GoogleCloudRunV2TaskTemplate)

Output only. The template used to create tasks for this execution.

string

Output only. Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.

string (Timestamp format)

Output only. The last-modified time.

string (Timestamp format)

Creation timestamp of the execution.

string (Timestamp format)

Creation timestamp of the execution.

string

Name of the execution.

map (key: string, value: string)

Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules.

map (key: string, value: string)

Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 ExecutionTemplate.

integer (int32 format)

Specifies the maximum desired number of tasks the execution should run at given time. Must be <= task_count. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.

integer (int32 format)

Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. Defaults to 1.

object (GoogleCloudRunV2TaskTemplate)

Required. Describes the task(s) that will be created when executing an execution.

string

Required. The export destination url (the Artifact Registry repo).

string

An operation ID used to track the status of image exports tied to the original pod ID in the request.

object (GoogleCloudRunV2ImageExportStatus)

The status of each image export job.

string

The operation id.

enum

Output only. The state of the overall export operation.

string

Cloud Storage Bucket name.

boolean

If true, the volume will be mounted as read only for all mounts.

integer (int32 format)

Optional. Port number of the gRPC service. Number must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

string

Optional. Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md ). If this is not specified, the default behavior is defined by gRPC.

object (GoogleCloudRunV2HTTPHeader)

Optional. Custom headers to set in the request. HTTP allows repeated headers.

string

Optional. Path to access on the HTTP server. Defaults to '/'.

integer (int32 format)

Optional. Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

string

Required. The header field name

string

Optional. The header field value

enum

Output only. Has the image export job finished (regardless of successful or failure).

string

The exported image ID as it will appear in Artifact Registry.

object (UtilStatusProto)

The status of the export task if done.

string

The image tag as it will appear in Artifact Registry.

map (key: string, value: string)

Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected on new resources. All system annotations in v1 now have a corresponding field in v2 Job. This field follows Kubernetes annotations' namespacing, limits, and rules.

object (GoogleCloudRunV2BinaryAuthorization)

Settings for the Binary Authorization feature.

string

Arbitrary identifier for the API client.

string

Arbitrary version identifier for the API client.

object (GoogleCloudRunV2Condition)

Output only. The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on reconciliation process in Cloud Run.

string (Timestamp format)

Output only. The creation time.

string

Output only. Email address of the authenticated creator.

string (Timestamp format)

Output only. The deletion time.

string

Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.

integer (int32 format)

Output only. Number of executions created for this job.

string (Timestamp format)

Output only. For a deleted resource, the time after which it will be permamently deleted.

string (int64 format)

Output only. A number that monotonically increases every time the user modifies the desired state.

map (key: string, value: string)

Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 Job.

string

Output only. Email address of the last authenticated modifier.

object (GoogleCloudRunV2ExecutionReference)

Output only. Name of the last created execution.

enum

The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output.

string

The fully qualified name of this Job. Format: projects/{project}/locations/{location}/jobs/{job}

string (int64 format)

Output only. The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.

boolean

Output only. Returns true if the Job is currently being acted upon by the system to bring it into the desired state. When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observed_generation and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminal_condition.state. If reconciliation succeeded, the following fields will match: observed_generation and generation, latest_succeeded_execution and latest_created_execution. If reconciliation failed, observed_generation and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminal_condition and conditions.

string

A unique string used as a suffix for creating a new execution. The Job will become ready when the execution is successfully completed. The sum of job name and token length must be fewer than 63 characters.

boolean

Output only. Reserved for future use.

string

A unique string used as a suffix creating a new execution. The Job will become ready when the execution is successfully started. The sum of job name and token length must be fewer than 63 characters.

object (GoogleCloudRunV2ExecutionTemplate)

Required. The template used to create executions for this Job.

object (GoogleCloudRunV2Condition)

Output only. The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state.

string

Output only. Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.

string (Timestamp format)

Output only. The last-modified time.

object (GoogleCloudRunV2Execution)

The resulting list of Executions.

string

A token indicating there are more items than page_size. Use it in the next ListExecutions request to continue.

object (GoogleCloudRunV2Job)

The resulting list of Jobs.

string

A token indicating there are more items than page_size. Use it in the next ListJobs request to continue.

string

A token indicating there are more items than page_size. Use it in the next ListRevisions request to continue.

object (GoogleCloudRunV2Revision)

The resulting list of Revisions.

string

A token indicating there are more items than page_size. Use it in the next ListServices request to continue.

object (GoogleCloudRunV2Service)

The resulting list of Services.

string

A token indicating there are more items than page_size. Use it in the next ListTasks request to continue.

object (GoogleCloudRunV2Task)

The resulting list of Tasks.

string

JSON encoded Google-generated Customer Metadata for a given resource/project.

string

Path that is exported by the NFS server.

boolean

If true, the volume will be mounted as read only for all mounts.

string

Hostname or IP address of the NFS server

string

Optional. The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be looked up from the subnetwork.

string

Optional. The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used.

string

Optional. Network tags applied to this Cloud Run resource.

string

Required. GPU accelerator type to attach to an instance.

object (GoogleCloudRunV2ContainerOverride)

Per container override specification.

integer (int32 format)

Optional. The desired number of tasks the execution should run. Will replace existing task_count value.

string (Duration format)

Duration in seconds the task may be active before the system will actively try to mark it failed and kill associated containers. Will replace existing timeout_seconds value.

integer (int32 format)

Optional. Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

object (GoogleCloudRunV2GRPCAction)

Optional. GRPC specifies an action involving a gRPC port. Exactly one of httpGet, tcpSocket, or grpc must be specified.

object (GoogleCloudRunV2HTTPGetAction)

Optional. HTTPGet specifies the http request to perform. Exactly one of httpGet, tcpSocket, or grpc must be specified.

integer (int32 format)

Optional. Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240.

integer (int32 format)

Optional. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds.

object (GoogleCloudRunV2TCPSocketAction)

Optional. TCPSocket specifies an action involving a TCP port. Exactly one of httpGet, tcpSocket, or grpc must be specified.

integer (int32 format)

Optional. Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds.

boolean

Determines whether CPU is only allocated during requests (true by default). However, if ResourceRequirements is set, the caller must explicitly set this field to true to preserve the default behavior.

map (key: string, value: string)

Only memory and cpu keys in the map are supported. Notes: * The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. For more information, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits

boolean

Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.

map (key: string, value: string)

Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object (GoogleCloudRunV2Condition)

Output only. The Condition of this Revision, containing its readiness status, and detailed error information in case it did not reach a serving state.

object (GoogleCloudRunV2Container)

Holds the single container that defines the unit of execution for this Revision.

string (Timestamp format)

Output only. The creation time.

string (Timestamp format)

Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request.

string

A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek

enum

The action to take if the encryption key is revoked.

string (Duration format)

If encryption_key_revocation_action is SHUTDOWN, the duration before shutting down all instances. The minimum increment is 1 hour.

string

Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.

enum

The execution environment being used to host this Revision.

string (Timestamp format)

Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request.

string (int64 format)

Output only. A number that monotonically increases every time the user modifies the desired state.

map (key: string, value: string)

Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.

enum

The least stable launch stage needed to create this resource, as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. Note that this value might not be what was used as input. For example, if ALPHA was provided as input in the parent resource, but only BETA and GA-level features are were, this field will be BETA.

string

Output only. The Google Console URI to obtain logs for the Revision.

integer (int32 format)

Sets the maximum number of requests that each serving instance can receive.

string

Output only. The unique name of this Revision.

object (GoogleCloudRunV2NodeSelector)

The node selector for the revision.

string (int64 format)

Output only. The generation of this Revision currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.

boolean

Output only. Indicates whether the resource's reconciliation is still in progress. See comments in Service.reconciling for additional information on reconciliation process in Cloud Run.

boolean

Output only. Reserved for future use.

object (GoogleCloudRunV2RevisionScaling)

Scaling settings for this revision.

object (GoogleCloudRunV2RevisionScalingStatus)

Output only. The current effective scaling settings for the revision.

string

Output only. The name of the parent service.

string

Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has.

boolean

Enable session affinity.

string (Duration format)

Max allowed time for an instance to respond to a request.

string

Output only. Server assigned unique identifier for the Revision. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.

string (Timestamp format)

Output only. The last-modified time.

object (GoogleCloudRunV2Volume)

A list of Volumes to make available to containers.

object (GoogleCloudRunV2VpcAccess)

VPC Access configuration for this Revision. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

integer (int32 format)

Optional. Maximum number of serving instances that this resource should have.

integer (int32 format)

Optional. Minimum number of serving instances that this resource should have.

integer (int32 format)

The current number of min instances provisioned for this revision.

map (key: string, value: string)

Optional. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules.

object (GoogleCloudRunV2Container)

Holds the single container that defines the unit of execution for this Revision.

string

A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek

enum

Optional. The sandbox environment to host this Revision.

boolean

Optional. Disables health checking containers during deployment.

map (key: string, value: string)

Optional. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 RevisionTemplate.

integer (int32 format)

Optional. Sets the maximum number of requests that each serving instance can receive.

object (GoogleCloudRunV2NodeSelector)

Optional. The node selector for the revision template.

string

Optional. The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.

object (GoogleCloudRunV2RevisionScaling)

Optional. Scaling settings for this Revision.

string

Optional. Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.

boolean

Optional. Enable session affinity.

string (Duration format)

Optional. Max allowed time for an instance to respond to a request.

object (GoogleCloudRunV2Volume)

Optional. A list of Volumes to make available to containers.

object (GoogleCloudRunV2VpcAccess)

Optional. VPC Access configuration to use for this Revision. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

string

A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.

object (GoogleCloudRunV2Overrides)

Overrides specification for a given execution of a job. If provided, overrides will be applied to update the execution or task spec.

boolean

Indicates that the request should be validated without actually deleting any resources.

string

Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project.

string

The Cloud Secret Manager secret version. Can be 'latest' for the latest version, an integer for a specific version, or a version alias.

integer (int32 format)

Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. This might be in conflict with other options that affect the file mode, like fsGroup, and as a result, other mode bits could be set.

object (GoogleCloudRunV2VersionToPath)

If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.

string

Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.

map (key: string, value: string)

Optional. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected in new resources. All system annotations in v1 now have a corresponding field in v2 Service. This field follows Kubernetes annotations' namespacing, limits, and rules.

object (GoogleCloudRunV2BinaryAuthorization)

Optional. Settings for the Binary Authorization feature.

string

Arbitrary identifier for the API client.

string

Arbitrary version identifier for the API client.

object (GoogleCloudRunV2Condition)

Output only. The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.

string (Timestamp format)

Output only. The creation time.

string

Output only. Email address of the authenticated creator.

string

One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.

boolean

Optional. Disables public resolution of the default URI of this service.

string (Timestamp format)

Output only. The deletion time.

string

User-provided description of the Service. This field currently has a 512-character limit.

string

Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.

string (Timestamp format)

Output only. For a deleted resource, the time after which it will be permamently deleted.

string (int64 format)

Output only. A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.

enum

Optional. Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active.

map (key: string, value: string)

Optional. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 Service.

string

Output only. Email address of the last authenticated modifier.

string

Output only. Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.

string

Output only. Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.

enum

Optional. The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output.

string

The fully qualified name of this Service. In CreateServiceRequest, this field is ignored, and instead composed from CreateServiceRequest.parent and CreateServiceRequest.service_id. Format: projects/{project}/locations/{location}/services/{service_id}

string (int64 format)

Output only. The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.

boolean

Output only. Returns true if the Service is currently being acted upon by the system to bring it into the desired state. When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observed_generation, latest_ready_revison, traffic_statuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminal_condition.state. If reconciliation succeeded, the following fields will match: traffic and traffic_statuses, observed_generation and generation, latest_ready_revision and latest_created_revision. If reconciliation failed, traffic_statuses, observed_generation, and latest_ready_revision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminal_condition and conditions.

boolean

Output only. Reserved for future use.

object (GoogleCloudRunV2ServiceScaling)

Optional. Specifies service-level scaling settings

object (GoogleCloudRunV2RevisionTemplate)

Required. The template used to create revisions for this Service.

object (GoogleCloudRunV2Condition)

Output only. The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.

object (GoogleCloudRunV2TrafficTarget)

Optional. Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.

object (GoogleCloudRunV2TrafficTargetStatus)

Output only. Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.

string

Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.

string (Timestamp format)

Output only. The last-modified time.

string

Output only. The main URI in which this Service is serving traffic.

integer (int32 format)

Optional. total min instances for the service. This number of instances is divided among all revisions with specified traffic based on the percent of traffic they are receiving. (BETA)

integer (int32 format)

Optional. Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

map (key: string, value: string)

Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.

string (Timestamp format)

Output only. Represents time when the Task was completed. It is not guaranteed to be set in happens-before order across separate operations.

object (GoogleCloudRunV2Condition)

Output only. The Condition of this Task, containing its readiness status, and detailed error information in case it did not reach the desired state.

object (GoogleCloudRunV2Container)

Holds the single container that defines the unit of execution for this task.

string (Timestamp format)

Output only. Represents time when the task was created by the system. It is not guaranteed to be set in happens-before order across separate operations.

string (Timestamp format)

Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request.

string

Output only. A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek

string

Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.

string

Output only. The name of the parent Execution.

enum

The execution environment being used to host this Task.

string (Timestamp format)

Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request.

string (int64 format)

Output only. A number that monotonically increases every time the user modifies the desired state.

integer (int32 format)

Output only. Index of the Task, unique per execution, and beginning at 0.

string

Output only. The name of the parent Job.

map (key: string, value: string)

Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels

object (GoogleCloudRunV2TaskAttemptResult)

Output only. Result of the last attempt of this Task.

string

Output only. URI where logs for this execution can be found in Cloud Console.

integer (int32 format)

Number of retries allowed per Task, before marking this Task failed.

string

Output only. The unique name of this Task.

string (int64 format)

Output only. The generation of this Task. See comments in Job.reconciling for additional information on reconciliation process in Cloud Run.

boolean

Output only. Indicates whether the resource's reconciliation is still in progress. See comments in Job.reconciling for additional information on reconciliation process in Cloud Run.

integer (int32 format)

Output only. The number of times this Task was retried. Tasks are retried when they fail up to the maxRetries limit.

boolean

Output only. Reserved for future use.

string (Timestamp format)

Output only. Represents time when the task was scheduled to run by the system. It is not guaranteed to be set in happens-before order across separate operations.

string

Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.

string (Timestamp format)

Output only. Represents time when the task started to run. It is not guaranteed to be set in happens-before order across separate operations.

string (Duration format)

Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.

string

Output only. Server assigned unique identifier for the Task. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.

string (Timestamp format)

Output only. The last-modified time.

object (GoogleCloudRunV2Volume)

A list of Volumes to make available to containers.

object (GoogleCloudRunV2VpcAccess)

Output only. VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

integer (int32 format)

Output only. The exit code of this attempt. This may be unset if the container was unable to exit cleanly with a code due to some other failure. See status field for possible failure details.

object (GoogleRpcStatus)

Output only. The status of this attempt. If the status code is OK, then the attempt succeeded.

object (GoogleCloudRunV2Container)

Holds the single container that defines the unit of execution for this task.

string

A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek

enum

Optional. The execution environment being used to host this Task.

integer (int32 format)

Number of retries allowed per Task, before marking this Task failed. Defaults to 3.

string

Optional. Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.

string (Duration format)

Optional. Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. Defaults to 600 seconds.

object (GoogleCloudRunV2Volume)

Optional. A list of Volumes to make available to containers.

object (GoogleCloudRunV2VpcAccess)

Optional. VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

integer (int32 format)

Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.

string

Revision to which to send this portion of traffic, if traffic allocation is by revision.

string

Indicates a string to be part of the URI to exclusively reference this target.

enum

The allocation type for this traffic target.

integer (int32 format)

Specifies percent of the traffic to this Revision.

string

Revision to which this traffic is sent.

string

Indicates the string used in the URI to exclusively reference this target.

enum

The allocation type for this traffic target.

string

Displays the target URI.

integer (int32 format)

Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

string

Required. The relative path of the secret in the container.

string

The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version.

object (GoogleCloudRunV2CloudSqlInstance)

For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.

object (GoogleCloudRunV2EmptyDirVolumeSource)

Ephemeral storage used as a shared volume.

object (GoogleCloudRunV2GCSVolumeSource)

Persistent storage backed by a Google Cloud Storage bucket.

string

Required. Volume's name.

object (GoogleCloudRunV2NFSVolumeSource)

For NFS Voumes, contains the path to the nfs Volume

object (GoogleCloudRunV2SecretVolumeSource)

Secret represents a secret that should populate this volume.

string

Required. Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run

string

Required. This must match the Name of a Volume.

string

VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. For more information on sending traffic to a VPC network via a connector, visit https://cloud.google.com/run/docs/configuring/vpc-connectors.

enum

Optional. Traffic VPC egress settings. If not provided, it defaults to PRIVATE_RANGES_ONLY.

object (GoogleCloudRunV2NetworkInterface)

Optional. Direct VPC egress settings. Currently only single network interface is supported.

boolean

Whether or not approval is needed. If this is set on a build, it will become pending when created, and will need to be explicitly approved to start.

string (Timestamp format)

Output only. The time when the approval decision was made.

string

Output only. Email of the user that called the ApproveBuild API to approve or reject a build at the time that the API was called.

string

Optional. An optional comment for this manual approval result.

enum

Required. The decision of this manual approval.

string

Optional. An optional URL tied to this manual approval result. This field is essentially the same as comment, except that it will be rendered by the UI differently. An example use case is a link to an external job that approved this Build.

string

Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". (see Bucket Name Requirements). Files in the workspace matching any path pattern will be uploaded to Cloud Storage with this location as a prefix.

string

Path globs used to match files in the build's workspace.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Output only. Stores timing information for pushing all artifact objects.

string

A list of images to be pushed upon the successful completion of all build steps. The images will be pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build is marked FAILURE.

object (GoogleDevtoolsCloudbuildV1MavenArtifact)

A list of Maven artifacts to be uploaded to Artifact Registry upon successful completion of all build steps. Artifacts in the workspace matching specified paths globs will be uploaded to the specified Artifact Registry repository using the builder service account's credentials. If any artifacts fail to be pushed, the build is marked FAILURE.

object (GoogleDevtoolsCloudbuildV1NpmPackage)

A list of npm packages to be uploaded to Artifact Registry upon successful completion of all build steps. Npm packages in the specified paths will be uploaded to the specified Artifact Registry repository using the builder service account's credentials. If any packages fail to be pushed, the build is marked FAILURE.

object (GoogleDevtoolsCloudbuildV1ArtifactObjects)

A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. Files in the workspace matching specified paths globs will be uploaded to the specified Cloud Storage location using the builder service account's credentials. The location and generation of the uploaded objects will be stored in the Build resource's results field. If any objects fail to be pushed, the build is marked FAILURE.

object (GoogleDevtoolsCloudbuildV1PythonPackage)

A list of Python packages to be uploaded to Artifact Registry upon successful completion of all build steps. The build service account credentials will be used to perform the upload. If any objects fail to be pushed, the build is marked FAILURE.

object (GoogleDevtoolsCloudbuildV1BuildApproval)

Output only. Describes this build's approval configuration, status, and result.

object (GoogleDevtoolsCloudbuildV1Artifacts)

Artifacts produced by the build that should be uploaded upon successful completion of all build steps.

object (GoogleDevtoolsCloudbuildV1Secrets)

Secrets and secret environment variables.

string

Output only. The ID of the BuildTrigger that triggered this build, if it was triggered automatically.

string (Timestamp format)

Output only. Time at which the request to create the build was received.

object (GoogleDevtoolsCloudbuildV1FailureInfo)

Output only. Contains information about the build when status=FAILURE.

string (Timestamp format)

Output only. Time at which execution of the build was finished. The difference between finish_time and start_time is the duration of the build's execution.

object (GoogleDevtoolsCloudbuildV1GitConfig)

Optional. Configuration for git operations.

string

Output only. Unique identifier of the build.

string

A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build status is marked FAILURE.

string

Output only. URL to logs for this build in Google Cloud Console.

string

Cloud Storage bucket where logs should be written (see Bucket Name Requirements). Logs file names will be of the format ${logs_bucket}/log-${build_id}.txt.

string

Output only. The 'Build' name with format: projects/{project}/locations/{location}/builds/{build}, where {build} is a unique identifier generated by the service.

object (GoogleDevtoolsCloudbuildV1BuildOptions)

Special options for this build.

string

Output only. ID of the project.

string (Duration format)

TTL in queue for this build. If provided and the build is enqueued longer than this value, the build will expire and the build status will be EXPIRED. The TTL starts ticking from create_time.

object (GoogleDevtoolsCloudbuildV1Results)

Output only. Results of the build.

object (GoogleDevtoolsCloudbuildV1Secret)

Secrets to decrypt using Cloud Key Management Service. Note: Secret Manager is the recommended technique for managing sensitive data with Cloud Build. Use available_secrets to configure builds to access secrets from Secret Manager. For instructions, see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets

string

IAM service account whose credentials will be used at build runtime. Must be of the format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. ACCOUNT can be email address or uniqueId of the service account.

object (GoogleDevtoolsCloudbuildV1Source)

Optional. The location of the source files to build.

object (GoogleDevtoolsCloudbuildV1SourceProvenance)

Output only. A permanent fixed identifier for source.

string (Timestamp format)

Output only. Time at which execution of the build was started.

enum

Output only. Status of the build.

string

Output only. Customer-readable message about the current status.

object (GoogleDevtoolsCloudbuildV1BuildStep)

Required. The operations to be performed on the workspace.

map (key: string, value: string)

Substitutions data for Build resource.

string

Tags for annotation of a Build. These are not docker tags.

string (Duration format)

Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. timeout starts ticking from startTime. Default time is 60 minutes.

map (key: string, value: object (GoogleDevtoolsCloudbuildV1TimeSpan))

Output only. Stores timing information for phases of the build. Valid keys are: * BUILD: time to execute all build steps. * PUSH: time to push all artifacts including docker images and non docker artifacts. * FETCHSOURCE: time to fetch source. * SETUPBUILD: time to set up build. If the build does not specify source or images, these keys will not be included.

object (GoogleDevtoolsCloudbuildV1Warning)

Output only. Non-fatal problems encountered during the execution of the build.

object (GoogleDevtoolsCloudbuildV1ApprovalConfig)

Output only. Configuration for manual approval of this build.

object (GoogleDevtoolsCloudbuildV1ApprovalResult)

Output only. Result of manual approval for this Build.

enum

Output only. The state of this build's approval.

object (GoogleDevtoolsCloudbuildV1Build)

The build that the operation is tracking.

boolean

Option to include built-in and custom substitutions as env variables for all build steps.

enum

Optional. Option to specify how default logs buckets are setup.

string (int64 format)

Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; some of the space will be used by the operating system and build utilities. Also note that this is the minimum disk size that will be allocated for the build -- the build may run with a larger disk than requested. At present, the maximum disk size is 4000GB; builds that request more than the maximum are rejected with an error.

boolean

Option to specify whether or not to apply bash style string operations to the substitutions. NOTE: this is always enabled for triggered builds and cannot be overridden in the build configuration file.

string

A list of global environment variable definitions that will exist for all build steps in this build. If a variable is defined in both globally and in a build step, the variable will use the build step value. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE".

enum

Option to define build log streaming behavior to Cloud Storage.

enum

Option to specify the logging mode, which determines if and where build logs are stored.

enum

Compute Engine machine type on which to run the build.

object (GoogleDevtoolsCloudbuildV1PoolOption)

Optional. Specification for execution on a WorkerPool. See running builds in a private pool for more information.

enum

Requested verifiability options.

string

A list of global environment variables, which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's Secret. These variables will be available to all build steps in this build.

string

Requested hash for SourceProvenance.

enum

Option to specify behavior when there is an error in the substitution checks. NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden in the build configuration file.

object (GoogleDevtoolsCloudbuildV1Volume)

Global list of volumes to mount for ALL build steps Each volume is created as an empty volume prior to starting the build process. Upon completion of the build, volumes and their contents are discarded. Global volume names and paths cannot conflict with the volumes defined a build step. Using a global volume in a build with only one step is not valid as it is indicative of a build request with an incorrect configuration.

string

This field deprecated; please use pool.name instead.

integer (int32 format)

Allow this build step to fail without failing the entire build if and only if the exit code is one of the specified codes. If allow_failure is also specified, this field will take precedence.

boolean

Allow this build step to fail without failing the entire build. If false, the entire build will fail if this step fails. Otherwise, the build will succeed, but this step will still have a failure status. Error information will be reported in the failure_detail field.

string

A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the args are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments.

boolean

Option to include built-in and custom substitutions as env variables for this build step. This option will override the global option in BuildOption.

string

Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a volume for that path is specified. If the build specifies a RepoSource with dir and a step with a dir, which specifies an absolute path, the RepoSource dir is ignored for the step's execution.

string

Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used.

string

A list of environment variable definitions to be used when running a step. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE".

integer (int32 format)

Output only. Return code from running the step.

string

Unique identifier for this build step, used in wait_for to reference this build step as a dependency.

string

Required. The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps (https://github.com/GoogleCloudPlatform/cloud-builders). The Docker daemon will also have cached many of the layers for some popular images, like "ubuntu", "debian", but they will be refreshed at the time you attempt to use them. If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Output only. Stores timing information for pulling this build step's builder image only.

string

A shell script to be executed in the step. When script is provided, the user cannot specify the entrypoint or args.

string

A list of environment variables which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's Secret.

enum

Output only. Status of the build step. At this time, build step status is only updated on build completion; step status is not updated in real-time as the build progresses.

string (Duration format)

Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Output only. Stores timing information for executing this build step.

object (GoogleDevtoolsCloudbuildV1Volume)

List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration.

string

The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in wait_for have completed successfully. If wait_for is empty, this build step will start when all previous build steps in the Build.Steps list have completed successfully.

string

Docker Registry 2.0 digest.

string

Name used to push the container image to Google Container Registry, as presented to docker push.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Output only. Stores timing information for pushing the specified image.

string

Optional. Directory, relative to the source root, in which to run the build.

string

Required. Name of the Google Cloud Build repository, formatted as projects/*/locations/*/connections/*/repositories/*.

string

Required. The revision to fetch from the Git repository such as a branch, a tag, a commit SHA, or any Git ref.

string

Required. Directory, relative to the source root, in which to run the build.

string

Required. The Developer Connect Git repository link, formatted as projects/*/locations/*/connections/*/gitRepositoryLink/*.

string

Required. The revision to fetch from the Git repository such as a branch, a tag, a commit SHA, or any Git ref.

string

Explains the failure issue in more detail using hard-coded text.

enum

The name of the failure.

object (GoogleDevtoolsCloudbuildV1Hash)

Collection of file hashes.

string

Cloud Storage bucket. See https://cloud.google.com/storage/docs/naming#requirements

string (int64 format)

Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

string

Cloud Storage object. See https://cloud.google.com/storage/docs/naming#objectnames

object (GoogleDevtoolsCloudbuildV1HttpConfig)

Configuration for HTTP related git operations.

string

Optional. Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's dir is specified and is an absolute path, this value is ignored for that step's execution.

string

Optional. The revision to fetch from the Git repository such as a branch, a tag, a commit SHA, or any Git ref. Cloud Build uses git fetch to fetch the revision from the Git repository; therefore make sure that the string you provide for revision is parsable by the command. For information on string values accepted by git fetch, see https://git-scm.com/docs/gitrevisions#_specifying_revisions. For information on git fetch, see https://git-scm.com/docs/git-fetch.

string

Required. Location of the Git repo to build. This will be used as a git remote, see https://git-scm.com/docs/git-remote.

enum

The type of hash that was performed.

string (bytes format)

The hash value.

string

SecretVersion resource of the HTTP proxy URL. The proxy URL should be in format protocol://@]proxyhost[:port].

object (GoogleDevtoolsCloudbuildV1GCSLocation)

Optional. Cloud Storage object storing the certificate to use with the HTTP proxy.

map (key: string, value: string (bytes format))

Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.

string

Resource name of Cloud KMS crypto key to decrypt the encrypted value. In format: projects//locations//keyRings//cryptoKeys/

string

Maven artifactId value used when uploading the artifact to Artifact Registry.

string

Maven groupId value used when uploading the artifact to Artifact Registry.

string

Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar.

string

Artifact Registry repository, in the form "https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY" Artifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix.

string

Maven version value used when uploading the artifact to Artifact Registry.

string

Path to the package.json. e.g. workspace/path/to/package

string

Artifact Registry repository, in the form "https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY" Npm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix.

string

The WorkerPool resource to execute the build on. You must have cloudbuild.workerpools.use on the project hosting the WorkerPool. Format projects/{project}/locations/{location}/workerPools/{workerPoolId}

string

Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file.

string

Artifact Registry repository, in the form "https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY" Files in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix.

string

Regex matching branches to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax

string

Explicit commit SHA to build.

string

Optional. Directory, relative to the source root, in which to run the build. This must be a relative path. If a step's dir is specified and is an absolute path, this value is ignored for that step's execution.

boolean

Optional. Only trigger a build if the revision regex does NOT match the revision regex.

string

Optional. ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.

string

Required. Name of the Cloud Source Repository.

map (key: string, value: string)

Optional. Substitutions to use in a triggered build. Should only be used with RunBuildTrigger

string

Regex matching tags to build. The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax

string

Path to the artifact manifest for non-container artifacts uploaded to Cloud Storage. Only populated when artifacts are uploaded to Cloud Storage.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Time to push all non-container artifacts to Cloud Storage.

string

List of build step digests, in the order corresponding to build step indices.

string (bytes format)

List of build step outputs, produced by builder images, in the order corresponding to build step indices. Cloud Builders can produce this output by writing to $BUILDER_OUTPUT/output. Only the first 50KB of data is stored. Note that the $BUILDER_OUTPUT variable is read-only and can't be substituted.

object (GoogleDevtoolsCloudbuildV1BuiltImage)

Container images that were built as a part of the build.

object (GoogleDevtoolsCloudbuildV1UploadedMavenArtifact)

Maven artifacts uploaded to Artifact Registry at the end of the build.

object (GoogleDevtoolsCloudbuildV1UploadedNpmPackage)

Npm packages uploaded to Artifact Registry at the end of the build.

string (int64 format)

Number of non-container artifacts uploaded to Cloud Storage. Only populated when artifacts are uploaded to Cloud Storage.

object (GoogleDevtoolsCloudbuildV1UploadedPythonPackage)

Python artifacts uploaded to Artifact Registry at the end of the build.

string

Cloud KMS key name to use to decrypt these envs.

map (key: string, value: string (bytes format))

Map of environment variable name to its encrypted value. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step. Values can be at most 64 KB in size. There can be at most 100 secret values across all of a build's secrets.

string

Environment variable name to associate with the secret. Secret environment variables must be unique across all of a build's secrets, and must be used by at least one build step.

string

Resource name of the SecretVersion. In format: projects//secrets//versions/*

object (GoogleDevtoolsCloudbuildV1InlineSecret)

Secrets encrypted with KMS key and the associated secret environment variable.

object (GoogleDevtoolsCloudbuildV1SecretManagerSecret)

Secrets in Secret Manager and associated secret environment variable.

object (GoogleDevtoolsCloudbuildV1ConnectedRepository)

Optional. If provided, get the source from this 2nd-gen Google Cloud Build repository resource.

object (GoogleDevtoolsCloudbuildV1DeveloperConnectConfig)

If provided, get the source from this Developer Connect config.

object (GoogleDevtoolsCloudbuildV1GitSource)

If provided, get the source from this Git repository.

object (GoogleDevtoolsCloudbuildV1RepoSource)

If provided, get the source from this location in a Cloud Source Repository.

object (GoogleDevtoolsCloudbuildV1StorageSource)

If provided, get the source from this location in Cloud Storage.

object (GoogleDevtoolsCloudbuildV1StorageSourceManifest)

If provided, get the source from this manifest in Cloud Storage. This feature is in Preview; see description here.

map (key: string, value: object (GoogleDevtoolsCloudbuildV1FileHashes))

Output only. Hash(es) of the build source, which can be used to verify that the original source integrity was maintained in the build. Note that FileHashes will only be populated if BuildOptions has requested a SourceProvenanceHash. The keys to this map are file paths used as build source and the values contain the hash values for those files. If the build source came in a single package such as a gzipped tarfile (.tar.gz), the FileHash will be for the single path to that file.

object (GoogleDevtoolsCloudbuildV1ConnectedRepository)

Output only. A copy of the build's source.connected_repository, if exists, with any revisions resolved.

object (GoogleDevtoolsCloudbuildV1GitSource)

Output only. A copy of the build's source.git_source, if exists, with any revisions resolved.

object (GoogleDevtoolsCloudbuildV1RepoSource)

A copy of the build's source.repo_source, if exists, with any revisions resolved.

object (GoogleDevtoolsCloudbuildV1StorageSource)

A copy of the build's source.storage_source, if exists, with any generations resolved.

object (GoogleDevtoolsCloudbuildV1StorageSourceManifest)

A copy of the build's source.storage_source_manifest, if exists, with any revisions resolved. This feature is in Preview.

string

Cloud Storage bucket containing the source (see Bucket Name Requirements).

string (int64 format)

Optional. Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

string

Required. Cloud Storage object containing the source. This object must be a zipped (.zip) or gzipped archive file (.tar.gz) containing source to build.

enum

Optional. Option to specify the tool to fetch the source file for the build.

string

Required. Cloud Storage bucket containing the source manifest (see Bucket Name Requirements).

string (int64 format)

Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

string

Required. Cloud Storage object containing the source manifest. This object must be a JSON file.

string (Timestamp format)

End of time span.

string (Timestamp format)

Start of time span.

object (GoogleDevtoolsCloudbuildV1FileHashes)

Hash types and values of the Maven Artifact.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Output only. Stores timing information for pushing the specified artifact.

string

URI of the uploaded artifact.

object (GoogleDevtoolsCloudbuildV1FileHashes)

Hash types and values of the npm package.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Output only. Stores timing information for pushing the specified artifact.

string

URI of the uploaded npm package.

object (GoogleDevtoolsCloudbuildV1FileHashes)

Hash types and values of the Python Artifact.

object (GoogleDevtoolsCloudbuildV1TimeSpan)

Output only. Stores timing information for pushing the specified artifact.

string

URI of the uploaded artifact.

string

Name of the volume to mount. Volume names must be unique per build step and must be valid names for Docker volumes. Each named volume must be used by at least two build steps.

string

Path at which to mount the volume. Paths must be absolute and cannot conflict with other volume paths on the same build step or with certain reserved volume paths.

enum

The priority for this warning.

string

Explanation of the warning generated.

object (GoogleIamV1AuditLogConfig)

The configuration for logging of each type of permission.

string

Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

string

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

enum

The log type that this config enables.

object (GoogleTypeExpr)

The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.

string

Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workforce identity pool. * principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}: All workforce identities in a group. * principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All workforce identities with a specific attribute value. * principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*: All identities in a workforce identity pool. * principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workload identity pool. * principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}: A workload identity pool group. * principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All identities in a workload identity pool with a certain attribute. * principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*: All identities in a workload identity pool. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding. * deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: Deleted single identity in a workforce identity pool. For example, deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value.

string

Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner. For an overview of the IAM roles and permissions, see the IAM documentation. For a list of the available pre-defined roles, see here.

object (GoogleIamV1AuditConfig)

Specifies cloud audit logging configuration for this policy.

object (GoogleIamV1Binding)

Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal. The bindings in a Policy can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the bindings grant 50 different roles to user:alice@example.com, and not to any other principal, then you can add another 1,450 principals to the bindings in the Policy.

string (bytes format)

etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.

integer (int32 format)

Specifies the format of the policy. Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.

object (GoogleIamV1Policy)

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them.

string (FieldMask format)

OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag"

string

The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.

string

A subset of TestPermissionsRequest.permissions that the caller is allowed.

string

The standard List next-page token.

object (GoogleLongrunningOperation)

A list of operations that matches the specified filter in the request.

boolean

If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.

object (GoogleRpcStatus)

The error result of the operation in case of failure or cancellation.

map (key: string, value: any)

Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.

string

The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the name should be a resource name ending with operations/{unique_id}.

map (key: string, value: any)

The normal, successful response of the operation. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is standard Get/Create/Update, the response should be the resource. For other methods, the response should have the type XxxResponse, where Xxx is the original method name. For example, if the original method name is TakeSnapshot(), the inferred response type is TakeSnapshotResponse.

string (Duration format)

The maximum duration to wait before timing out. If left blank, the wait will be at most the time permitted by the underlying HTTP/RPC protocol. If RPC context deadline is also specified, the shorter one will be used.

integer (int32 format)

The status code, which should be an enum value of google.rpc.Code.

object

A list of messages that carry the error details. There is a common set of message types for APIs to use.

string

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.

string

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

string

Textual representation of an expression in Common Expression Language syntax.

string

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

string

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

integer (int32 format)

The canonical error code (see codes.proto) that most closely corresponds to this status. This may be missing, and in the common case of the generic space, it definitely will be.

integer (int32 format)

Numeric code drawn from the space specified below. Often, this is the canonical error space, and code is drawn from google3/util/task/codes.proto

string

Detail message

object (Proto2BridgeMessageSet)

message_set associates an arbitrary proto message with the status.

string

The following are usually only present when code != 0 Space to which this status belongs