1- // Copyright 2020 Google LLC
1+ // Copyright 2021 Google LLC
22//
33// Licensed under the Apache License, Version 2.0 (the "License");
44// you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@ package google.devtools.cloudbuild.v1;
1919import "google/api/annotations.proto" ;
2020import "google/api/client.proto" ;
2121import "google/api/field_behavior.proto" ;
22+ import "google/api/httpbody.proto" ;
2223import "google/api/resource.proto" ;
2324import "google/longrunning/operations.proto" ;
2425import "google/protobuf/duration.proto" ;
@@ -40,6 +41,18 @@ option (google.api.resource_definition) = {
4041 type : "iam.googleapis.com/ServiceAccount"
4142 pattern : "projects/{project}/serviceAccounts/{service_account}"
4243};
44+ option (google.api.resource_definition ) = {
45+ type : "secretmanager.googleapis.com/Secret"
46+ pattern : "projects/{project}/secrets/{secret}"
47+ };
48+ option (google.api.resource_definition ) = {
49+ type : "secretmanager.googleapis.com/SecretVersion"
50+ pattern : "projects/{project}/secrets/{secret}/versions/{version}"
51+ };
52+ option (google.api.resource_definition ) = {
53+ type : "cloudkms.googleapis.com/CryptoKey"
54+ pattern : "projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}"
55+ };
4356
4457// Creates and manages builds on Google Cloud Platform.
4558//
@@ -65,7 +78,7 @@ service CloudBuild {
6578 body : "build"
6679 additional_bindings {
6780 post : "/v1/{parent=projects/*/locations/*}/builds"
68- body : "* "
81+ body : "build "
6982 }
7083 };
7184 option (google.api.method_signature ) = "project_id,build" ;
@@ -223,6 +236,16 @@ service CloudBuild {
223236 };
224237 }
225238
239+ // ReceiveTriggerWebhook [Experimental] is called when the API receives a
240+ // webhook request targeted at a specific trigger.
241+ rpc ReceiveTriggerWebhook (ReceiveTriggerWebhookRequest )
242+ returns (ReceiveTriggerWebhookResponse ) {
243+ option (google.api.http ) = {
244+ post : "/v1/projects/{project_id}/triggers/{trigger}:webhook"
245+ body : "body"
246+ };
247+ }
248+
226249 // Creates a `WorkerPool` to run the builds, and returns the new worker pool.
227250 //
228251 // This API is experimental.
@@ -274,8 +297,8 @@ message RunBuildTriggerRequest {
274297 // Required. ID of the trigger.
275298 string trigger_id = 2 [(google.api.field_behavior ) = REQUIRED ];
276299
277- // Required. Source to build against this trigger.
278- RepoSource source = 3 [ (google.api .field_behavior ) = REQUIRED ] ;
300+ // Source to build against this trigger.
301+ RepoSource source = 3 ;
279302}
280303
281304// Location of the source in an archive file in Google Cloud Storage.
@@ -302,7 +325,7 @@ message RepoSource {
302325 // project ID requesting the build is assumed.
303326 string project_id = 1 ;
304327
305- // Required. Name of the Cloud Source Repository.
328+ // Name of the Cloud Source Repository.
306329 string repo_name = 2 ;
307330
308331 // A revision within the Cloud Source Repository must be specified in
@@ -525,6 +548,7 @@ message ArtifactResult {
525548// build is created:
526549//
527550// - $PROJECT_ID: the project ID of the build.
551+ // - $PROJECT_NUMBER: the project number of the build.
528552// - $BUILD_ID: the autogenerated ID of the build.
529553// - $REPO_NAME: the source repository name specified by RepoSource.
530554// - $BRANCH_NAME: the branch name specified by RepoSource.
@@ -669,6 +693,10 @@ message Build {
669693 repeated string tags = 31 ;
670694
671695 // Secrets to decrypt using Cloud Key Management Service.
696+ // Note: Secret Manager is the recommended technique
697+ // for managing sensitive data with Cloud Build. Use `available_secrets` to
698+ // configure builds to access secrets from Secret Manager. For instructions,
699+ // see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets
672700 repeated Secret secrets = 32 ;
673701
674702 // Output only. Stores timing information for phases of the build. Valid keys
@@ -686,10 +714,13 @@ message Build {
686714 // Must be of the format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
687715 // ACCOUNT can be email address or uniqueId of the service account.
688716 //
689- // This field is in alpha and is not publicly available .
717+ // This field is in beta .
690718 string service_account = 42 [(google.api.resource_reference ) = {
691719 type : "iam.googleapis.com/ServiceAccount"
692720 }];
721+
722+ // Secrets and secret environment variables.
723+ Secrets available_secrets = 47 ;
693724}
694725
695726// Artifacts produced by a build that should be uploaded upon
@@ -806,8 +837,53 @@ message Hash {
806837 bytes value = 2 ;
807838}
808839
840+ // Secrets and secret environment variables.
841+ message Secrets {
842+ // Secrets in Secret Manager and associated secret environment variable.
843+ repeated SecretManagerSecret secret_manager = 1 ;
844+
845+ // Secrets encrypted with KMS key and the associated secret environment
846+ // variable.
847+ repeated InlineSecret inline = 2 ;
848+ }
849+
850+ // Pairs a set of secret environment variables mapped to encrypted
851+ // values with the Cloud KMS key to use to decrypt the value.
852+ message InlineSecret {
853+ // Resource name of Cloud KMS crypto key to decrypt the encrypted value.
854+ // In format: projects/*/locations/*/keyRings/*/cryptoKeys/*
855+ string kms_key_name = 1 [(google.api.resource_reference ) = {
856+ type : "cloudkms.googleapis.com/CryptoKey"
857+ }];
858+
859+ // Map of environment variable name to its encrypted value.
860+ //
861+ // Secret environment variables must be unique across all of a build's
862+ // secrets, and must be used by at least one build step. Values can be at most
863+ // 64 KB in size. There can be at most 100 secret values across all of a
864+ // build's secrets.
865+ map <string , bytes > env_map = 2 ;
866+ }
867+
868+ // Pairs a secret environment variable with a SecretVersion in Secret Manager.
869+ message SecretManagerSecret {
870+ // Resource name of the SecretVersion. In format:
871+ // projects/*/secrets/*/versions/*
872+ string version_name = 1 [(google.api.resource_reference ) = {
873+ type : "secretmanager.googleapis.com/SecretVersion"
874+ }];
875+
876+ // Environment variable name to associate with the secret.
877+ // Secret environment variables must be unique across all of a build's
878+ // secrets, and must be used by at least one build step.
879+ string env = 2 ;
880+ }
881+
809882// Pairs a set of secret environment variables containing encrypted
810883// values with the Cloud KMS key to use to decrypt the value.
884+ // Note: Use `kmsKeyName` with `available_secrets` instead of using
885+ // `kmsKeyName` with `secret`. For instructions see:
886+ // https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-credentials.
811887message Secret {
812888 // Cloud KMS key name to use to decrypt these envs.
813889 string kms_key_name = 1 ;
@@ -865,7 +941,15 @@ message ListBuildsRequest {
865941 // Number of results to return in the list.
866942 int32 page_size = 2 ;
867943
868- // Token to provide to skip to a particular spot in the list.
944+ // The page token for the next page of Builds.
945+ //
946+ // If unspecified, the first page of results is returned.
947+ //
948+ // If the token is rejected for any reason, INVALID_ARGUMENT will be thrown.
949+ // In this case, the token should be discarded, and pagination should be
950+ // restarted from the first page of results.
951+ //
952+ // See https://google.aip.dev/158 for more.
869953 string page_token = 3 ;
870954
871955 // The raw filter text to constrain the results.
@@ -878,12 +962,13 @@ message ListBuildsResponse {
878962 repeated Build builds = 1 ;
879963
880964 // Token to receive the next page of results.
965+ // This will be absent if the end of the response list has been reached.
881966 string next_page_token = 2 ;
882967}
883968
884969// Request to cancel an ongoing build.
885970message CancelBuildRequest {
886- // The name of the `Build` to retrieve .
971+ // The name of the `Build` to cancel .
887972 // Format: `projects/{project}/locations/{location}/builds/{build}`
888973 string name = 4 [(google.api.resource_reference ) = {
889974 type : "cloudbuild.googleapis.com/Build"
@@ -941,8 +1026,8 @@ message BuildTrigger {
9411026 // Contents of the build template.
9421027 Build build = 4 ;
9431028
944- // Path, from the source root, to a file whose contents is used for the
945- // template .
1029+ // Path, from the source root, to the build configuration file
1030+ // (i.e. cloudbuild.yaml) .
9461031 string filename = 8 ;
9471032 }
9481033
@@ -1018,6 +1103,10 @@ message PullRequestFilter {
10181103 // Enforce that repository owners or collaborators must comment on Pull
10191104 // Requests before builds are triggered.
10201105 COMMENTS_ENABLED = 1 ;
1106+
1107+ // Enforce that repository owners or collaborators must comment on external
1108+ // contributors' Pull Requests before builds are triggered.
1109+ COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY = 2 ;
10211110 }
10221111
10231112 // Target refs to match.
@@ -1144,6 +1233,12 @@ message BuildOptions {
11441233
11451234 // Highcpu machine with 32 CPUs.
11461235 N1_HIGHCPU_32 = 2 ;
1236+
1237+ // Highcpu e2 machine with 8 CPUs.
1238+ E2_HIGHCPU_8 = 5 ;
1239+
1240+ // Highcpu e2 machine with 32 CPUs.
1241+ E2_HIGHCPU_32 = 6 ;
11471242 }
11481243
11491244 // Specifies the behavior when there is an error in the substitution checks.
@@ -1190,7 +1285,6 @@ message BuildOptions {
11901285 CLOUD_LOGGING_ONLY = 5 ;
11911286
11921287 // Turn off all logging. No build logs will be captured.
1193- // Next ID: 6
11941288 NONE = 4 ;
11951289 }
11961290
@@ -1265,6 +1359,26 @@ message BuildOptions {
12651359 repeated Volume volumes = 14 ;
12661360}
12671361
1362+ // ReceiveTriggerWebhookRequest [Experimental] is the request object accepted by
1363+ // the ReceiveTriggerWebhook method.
1364+ message ReceiveTriggerWebhookRequest {
1365+ // HTTP request body.
1366+ google.api.HttpBody body = 1 ;
1367+
1368+ // Project in which the specified trigger lives
1369+ string project_id = 2 ;
1370+
1371+ // Name of the trigger to run the payload against
1372+ string trigger = 3 ;
1373+
1374+ // Secret token used for authorization if an OAuth token isn't provided.
1375+ string secret = 4 ;
1376+ }
1377+
1378+ // ReceiveTriggerWebhookResponse [Experimental] is the response object for the
1379+ // ReceiveTriggerWebhook method.
1380+ message ReceiveTriggerWebhookResponse {}
1381+
12681382// Configuration for a WorkerPool to run the builds.
12691383//
12701384// Workers are machines that Cloud Build uses to run your builds. By default,
0 commit comments