-
Notifications
You must be signed in to change notification settings - Fork 242
/
Copy pathcloudbuild.yaml
205 lines (196 loc) · 8.08 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: core.cnrm.cloud.google.com/v1alpha1
kind: ServiceMapping
metadata:
name: cloudbuild.cnrm.cloud.google.com
namespace: cnrm-system
spec:
name: CloudBuild
version: v1beta1
serviceHostName: "cloudbuild.googleapis.com"
resources:
- name: google_cloudbuild_trigger
kind: CloudBuildTrigger
metadataMapping:
name: name
idTemplate: "projects/{{project}}/triggers/{{name}}"
# doesn't import properly
idTemplateCanBeUsedToMatchResourceName: false
resourceAvailableInAssetInventory: false
containers:
- type: project
tfField: project
resourceReferences:
- tfField: trigger_template.repo_name
description: |-
The Cloud Source Repository to build. If omitted, the repo with
name "default" is assumed.
key: repoRef
gvk:
kind: SourceRepoRepository
version: v1beta1
group: sourcerepo.cnrm.cloud.google.com
- tfField: build.logs_bucket
key: logsBucketRef
description: |-
Google Cloud Storage bucket where logs should be written. Logs file
names will be of the format ${logsBucket}/log-${build_id}.txt.
gvk:
group: storage.cnrm.cloud.google.com
version: v1beta1
kind: StorageBucket
targetField: url
- tfField: build.secret.kms_key_name
key: kmsKeyRef
description: |-
KMS crypto key to use to decrypt these envs.
gvk:
group: kms.cnrm.cloud.google.com
version: v1beta1
kind: KMSCryptoKey
targetField: self_link
- tfField: build.source.storage_source.bucket
key: bucketRef
description: |-
Google Cloud Storage bucket containing the source.
gvk:
group: storage.cnrm.cloud.google.com
version: v1beta1
kind: StorageBucket
- tfField: build.source.repo_source.repo_name
key: repoRef
description: |-
The desired Cloud Source Repository. If omitted, "default" is
assumed.
gvk:
group: sourcerepo.cnrm.cloud.google.com
version: v1beta1
kind: SourceRepoRepository
- tfField: pubsub_config.topic
key: topicRef
description: |-
The name of the topic from which this subscription
is receiving messages.
gvk:
group: pubsub.cnrm.cloud.google.com
version: v1beta1
kind: PubSubTopic
valueTemplate: "projects/{{project}}/topics/{{value}}"
- tfField: pubsub_config.service_account_email
key: serviceAccountRef
description: Service account that will make the push request.
gvk:
kind: IAMServiceAccount
version: v1beta1
group: iam.cnrm.cloud.google.com
targetField: email
- tfField: webhook_config.secret
description: The secret required
key: secretRef
gvk:
kind: SecretManagerSecret
version: v1beta1
group: secretmanager.cnrm.cloud.google.com
targetField: name
- tfField: service_account
key: serviceAccountRef
description: |-
The service account used for all user-controlled operations including
triggers.patch, triggers.run, builds.create, and builds.cancel.
If no service account is set, then the standard Cloud Build service account
([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.
When populating via the external field, the following format is supported:
projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}
gvk:
kind: IAMServiceAccount
version: v1beta1
group: iam.cnrm.cloud.google.com
targetField: email
valueTemplate: "projects/{{project}}/serviceAccounts/{{value}}"
- tfField: build.available_secrets.secret_manager.version_name
key: versionRef
gvk:
kind: SecretManagerSecretVersion
version: v1beta1
group: secretmanager.cnrm.cloud.google.com
targetField: name
- tfField: git_file_source.github_enterprise_config
key: githubEnterpriseConfigRef
description: |-
Only `external` field is supported to configure the reference.
The full resource name of the github enterprise config. Format:
projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}.
gvk:
kind: CloudBuildGithubEnterpriseConfig
version: v1beta1
group: cloudbuild.cnrm.cloud.google.com
targetField: name
- tfField: source_to_build.github_enterprise_config
key: githubEnterpriseConfigRef
description: |-
Only `external` field is supported to configure the reference.
The full resource name of the github enterprise config. Format:
projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}.
gvk:
kind: CloudBuildGithubEnterpriseConfig
version: v1beta1
group: cloudbuild.cnrm.cloud.google.com
targetField: name
- tfField: bitbucket_server_trigger_config.bitbucket_server_config_resource
key: bitbucketServerConfigResourceRef
description: |-
Only `external` field is supported to configure the reference.
The full resource name of the bitbucket server config. Format:
projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.
gvk:
kind: CloudBuildBitbucketServerConfig
version: v1beta1
group: cloudbuild.cnrm.cloud.google.com
targetField: name
- tfField: github.enterprise_config_resource_name
key: enterpriseConfigResourceNameRef
description: |-
Only `external` field is supported to configure the reference.
The full resource name of the github enterprise config. Format:
projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}.
gvk:
kind: CloudBuildGithubEnterpriseConfig
version: v1beta1
group: cloudbuild.cnrm.cloud.google.com
targetField: name
- tfField: source_to_build.repository
key: repositoryRef
description: |-
Only `external` field is supported to configure the reference.
The qualified resource name of the Repo API repository.
Either uri or repository can be specified and is required.
gvk:
kind: CloudBuildV2Repository
version: v1beta1
group: cloudbuild.cnrm.cloud.google.com
targetField: name
- tfField: git_file_source.repository
key: repositoryRef
description: |-
Only `external` field is supported to configure the reference.
The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.
If unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.
gvk:
kind: CloudBuildV2Repository
version: v1beta1
group: cloudbuild.cnrm.cloud.google.com
targetField: name
ignoredFields:
- trigger_template.project_id