cloud_build library

Cloud Build CI/CD: trigger, private worker pool, v2 SCM connection + repository.

The v2 SCM connection model (GoogleCloudbuildv2Connection + GoogleCloudbuildv2Repository) is the modern way to wire GitHub / GitLab / Bitbucket sources into a Cloud Build trigger. The v1 github / bitbucket_server_trigger_config inline forms inside GoogleCloudbuildTrigger remain supported for existing setups.

Classes

CloudBuildTriggerApprovalConfig: approval_config block. When approvalRequired is true, every build invocation through this trigger lands in PENDING and waits for a human with the Cloud Build Approver role to release it.
CloudBuildTriggerBitbucketServerTriggerConfig: bitbucket_server_trigger_config block (v1 form). Wires the trigger to a Bitbucket Server installation via the legacy Cloud Build first-party webhook. New triggers SHOULD prefer the v2 CloudBuildTriggerRepositoryEventConfig form (with a BITBUCKET_DATA_CENTER connection) instead.
CloudBuildTriggerBuild: build block. Inline declaration of the build to run (an alternative to filename / gitFileSource). Holds at least one CloudBuildTriggerBuildStep.
CloudBuildTriggerBuildOptions: build.options block. Picks the worker shape, logging mode, substitution policy, and other build-wide knobs. Every field is optional — omitting the entire block uses Cloud Build defaults (n1-standard-1, LOGGING_UNSPECIFIED, MUST_MATCH).
CloudBuildTriggerBuildStep: One build.step[] entry. name is the container image that runs the step (e.g. 'gcr.io/cloud-builders/docker'); the rest mirrors the docker RUN semantics.
CloudBuildTriggerDeveloperConnectEventConfig: developer_connect_event_config block. Wires the trigger to a developerconnect_git_repository_link — the newer Developer Connect alternative to the v2 Repo API. Source providers covered include GitHub, GitHub Enterprise, GitLab, GitLab Enterprise, Bitbucket Data Center, and Bitbucket Cloud.
CloudBuildTriggerGitFileSource: git_file_source block. Fetches the build config (cloudbuild.yaml or similar) from an arbitrary repo and ref. Used by Pub/Sub, Webhook, Manual, and v2 triggers as a replacement for filename (which is limited to the SCM event source's repo).
CloudBuildTriggerGithub: github block (v1 form). Wires the trigger to a GitHub App or GitHub Enterprise installation; events are delivered via the legacy Cloud Build first-party webhook. New triggers SHOULD prefer the v2 CloudBuildTriggerRepositoryEventConfig form instead.
CloudBuildTriggerPubsubConfig: pubsub_config block. Fires a build whenever a message is published to topic. Pair with GoogleCloudbuildTrigger.filter (a CEL expression over the message attributes) to scope which messages actually launch a build, and with sourceToBuild / gitFileSource to declare what source to build.
CloudBuildTriggerPullRequestFilter: pull_request event filter (shared by CloudBuildTriggerGithub, CloudBuildTriggerBitbucketServerTriggerConfig, CloudBuildTriggerRepositoryEventConfig, and CloudBuildTriggerDeveloperConnectEventConfig).
CloudBuildTriggerPushFilter: push event filter (shared by CloudBuildTriggerGithub, CloudBuildTriggerBitbucketServerTriggerConfig, CloudBuildTriggerRepositoryEventConfig, and CloudBuildTriggerDeveloperConnectEventConfig).
CloudBuildTriggerRepositoryEventConfig: repository_event_config block (v2 form). Wires the trigger to a cloudbuildv2_repository (which in turn references a cloudbuildv2_connection). The connection abstracts the SCM provider — GitHub, GitHub Enterprise, GitLab Self-Managed, Bitbucket Data Center, Bitbucket Cloud — behind one uniform Repo API surface.
CloudBuildTriggerSourceToBuild: source_to_build block. Declares the source the build operates on — used by Pub/Sub, Webhook, and Manual triggers (i.e. triggers that do not respond to SCM webhooks and therefore have no inherent ref).
CloudBuildTriggerTriggerTemplate: trigger_template block. Legacy Cloud Source Repositories form — builds fire when the matching ref in a CSR repo changes. Use one of branchName / tagName / commitSha (exactly_one_of).
CloudBuildTriggerWebhookConfig: webhook_config block. Fires a build whenever an HTTP request is sent to the trigger's webhook URL with a matching secret. Pair with GoogleCloudbuildTrigger.filter to scope payloads.
CloudBuildV2ConnectionBitbucketCloudConfig: bitbucket_cloud_config block. Use for cloud-hosted Bitbucket (bitbucket.org).
CloudBuildV2ConnectionBitbucketDataCenterConfig: bitbucket_data_center_config block. Use for self-hosted Bitbucket Data Center (formerly Bitbucket Server). For cloud-hosted Bitbucket pick CloudBuildV2ConnectionBitbucketCloudConfig instead.
CloudBuildV2ConnectionGithubAuthorizerCredential: github_config.authorizer_credential block. OAuth credential of the account that authorized the Cloud Build GitHub App.
CloudBuildV2ConnectionGithubConfig: github_config block. Use for connections to github.com (the public GitHub host). For GitHub Enterprise Server pick CloudBuildV2ConnectionGithubEnterpriseConfig instead.
CloudBuildV2ConnectionGithubEnterpriseConfig: github_enterprise_config block. Use for GitHub Enterprise Server (self-hosted). Distinct from public-github CloudBuildV2ConnectionGithubConfig — Enterprise uses an App-id + private-key authentication model rather than the public-GitHub OAuth flow.
CloudBuildV2ConnectionGitlabConfig: gitlab_config block. Use for gitlab.com or self-hosted GitLab Enterprise.
CloudBuildV2ConnectionServiceDirectoryConfig: service_directory_config block — shared shape across GitHub Enterprise, GitLab, and Bitbucket Data Center configs. Use when the on-premises SCM host sits behind Service Directory rather than on the public internet.
CloudBuildV2ConnectionUserCredential: Shared shape for authorizer_credential / read_authorizer_credential blocks on the GitLab, Bitbucket Data Center, and Bitbucket Cloud configs. All three SCMs use a user access token whose value lives in Secret Manager.
CloudBuildWorkerPoolNetworkConfig: network_config block. Legacy VPC-peering form: the workers are peered to a customer VPC via Service Networking. Mutually exclusive with CloudBuildWorkerPoolPrivateServiceConnect; pick at most one. Immutable after pool creation.
CloudBuildWorkerPoolPrivateServiceConnect: private_service_connect block. Newer alternative to CloudBuildWorkerPoolNetworkConfig: workers connect to a Network Attachment in the customer VPC via PSC. Mutually exclusive with CloudBuildWorkerPoolNetworkConfig; pick at most one. Immutable after pool creation.
CloudBuildWorkerPoolWorkerConfig: worker_config block. Configures the VM shape used for workers in this pool. All fields are optional — omitting the block leaves Cloud Build's defaults (n1-standard-1, standard disk, public egress).
GoogleCloudbuildTrigger: Factory wrapper for google_cloudbuild_trigger (provider hashicorp/google ~> 7.0).
GoogleCloudbuildv2Connection: Factory wrapper for google_cloudbuildv2_connection (provider hashicorp/google ~> 7.0).
GoogleCloudbuildv2Repository: Factory wrapper for google_cloudbuildv2_repository (provider hashicorp/google ~> 7.0).
GoogleCloudbuildWorkerPool: Factory wrapper for google_cloudbuild_worker_pool (provider hashicorp/google ~> 7.0).

Enums

CloudBuildTriggerBuildLogging: build.options.logging. Picks where Cloud Build sends the build logs.
CloudBuildTriggerCommentControl: pull_request.comment_control. Shared by CloudBuildTriggerGithub, CloudBuildTriggerBitbucketServerTriggerConfig, CloudBuildTriggerRepositoryEventConfig, and CloudBuildTriggerDeveloperConnectEventConfig pull-request filters. Decides whether a repository owner / collaborator must comment /gcbrun before a build runs against the PR.
CloudBuildTriggerIncludeBuildLogs: include_build_logs. Controls whether Cloud Build forwards build logs back to the originating GitHub check-run. Only meaningful for triggers attached to a GitHub source.
CloudBuildTriggerLogStreamingOption: build.options.log_streaming_option. streamDefault uses the project-default log streaming behavior; streamOn forces logs to stream live (visible in the Cloud Build console while the build is running); streamOff suppresses live streaming.
CloudBuildTriggerRepoType: repo_type for CloudBuildTriggerGitFileSource and CloudBuildTriggerSourceToBuild. Disambiguates the repo provider when the URI alone cannot (cloudSourceRepositories, github, bitbucketServer); use unknown only when the type really is undetermined.
CloudBuildTriggerRequestedVerifyOption: build.options.requested_verify_option. When set to verified, Cloud Build emits an attestation that the build produced the declared images[] (used by Binary Authorization). notVerified is the default and skips the attestation.
CloudBuildTriggerSourceProvenanceHash: One entry in build.options.source_provenance_hash[]. Picks the hash algorithm Cloud Build records on the source archive uploaded for the build. Multiple algorithms can be requested simultaneously.
CloudBuildTriggerSubstitutionOption: build.options.substitution_option. Controls whether unknown substitution variables fail the build (mustMatch) or are silently dropped (allowLoose). Note that for trigger-driven builds the API always treats this as allowLoose regardless — the field is mostly useful when re-running the same build config standalone via gcloud builds submit.

cloud_build library

Classes

Enums

terradart_google package

cloud_build library